document title risk management policy… · board assurance framework/ corporate risk register and...
TRANSCRIPT
1 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
Document Title Risk Management Policy
Reference Number CNTW(O)33
Lead Officer Lisa Quinn-Director of Commissioning and Quality
Assurance
Author(s) (name and designation)
Lindsay Hamberg Risk Management Lead
Ratified by Business Delivery Group
Date ratified Sep 2017
Implementation Date Sep 2017
Date of full implementation
Sep 2017
Review Date Sep 2020
Version number V05.5
Review and Amendment Log
Version Type of change
Date Description of change
V05.3 Update Nov 2018 Removal of Appendix 5
V05.4 Update Jun 19 Change of Author
V05.5 Review Oct 19 Governance changes
This policy supersedes:
Document Number Title
CNTW(O)33 V05.4 Risk Management Policy
2 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
Risk Management Policy
Section Contents Page No.
1 Introduction 1
2 Purpose 1
3 Definition of Terms 1
4 Scope 2
5 Duties, Accountabilities and Responsibility 2
6 Risk Management System 4
7 Risk Appetite 8
8 Assurance 10
9 Clinical Risk 11
10 Risk Registers and Board Assurance Framework 12
11 Risk Monitoring, Reviewing and Auditing. 12
12 Risk Management Training and Support. 12
13 Consultation and Communication with Stakeholders 12
14 Implementation 13
15 Equality & Diversity 13
16 Fair Blame 13
17 Fraud and Corruption 14
18 Monitoring 14
19 Associated documents 14
20 References 14
Standard Appendices – attached to policy
A Equality Analysis Screening Toolkit 15
B Training Checklist and Training Needs Analysis 17
C Audit Monitoring Tool 19
D Policy Notification Record Sheet - click here
Appendices – attached to policy
Appendix No:
Description
1 Definition of Risk terms
2 Risk impact descriptors
3 Risk Escalation process
4 Risk Register Template
3 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
Introduction
Cumbria Northumberland, Tyne & Wear NHS Foundation Trust acknowledges that the services it provides and the way it provides these services, carries with it unavoidable and inherent risk. The identification and recognition of these risks together with the proactive management, mitigation and (where possible) elimination of these risks is essential for the efficient and effective delivery of safe and high quality services.
Risk Management is an integral part of the trust’s quality, governance and performance management processes. All staff have a role in considering risk and helping to ensure it does not prevent the delivery of safe and high quality services.
The Board with the support of its committees have a key role in ensuring a robust risk management system is effectively maintained and to lead on a culture whereby risk management is embedded across the Trust through its strategy and plans, setting out its appetite and priorities in respect of the mitigation of risk when delivering a safe high quality service.
In accepting that risk occurs the Trust Board has adopted the following risk management statement;
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust recognises
that its long term sustainability depends upon the delivery of its strategic ambitions and its relationships with its service users, carers, staff, public and partners. As such, Cumbria Northumberland, Tyne and Wear NHS Foundation Trust will not accept risks that materially provide a negative impact on quality.
However CNTW has a greater appetite to take considered risks in terms of their impact on organisational issues. CNTW has a greatest appetite to pursue Commercial gain, partnerships, clinical innovation, Financial/Value for Money and reputational risk in terms of its willingness to take opportunities where positive gains can be anticipated, within the constraints of the regulatory environment.
1. Purpose
The Risk Management Policy has been written to comply with health and safety regulations. The management of health and safety regulations 1999 place an obligation on employers to identify and then control risks before incidents occur, through a suitable and sufficient assessment of the risk. They require employers and self-employed people to assess the risks to staff/patients and any others who may be affected by their work or business.
2. Definitions
Risk Management terminology used throughout this document, can be found in Appendix 1.
4 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
3. Scope
This policy is a Trust-wide document and it applies equally to all members of staff, either permanent or temporary and to those working within, or for, the trust under contracted services.
4. Duties, Accountabilities and Responsibility.
All staff in the trust have responsibilities relating to risk management. The key risk management responsibilities are documented below.
Role Responsibility
Chief Executive Officer (CEO) The chief executive as ‘accountable officer’ has overall accountability and responsibility for risk management within the trust, ensuring the implementation of an effective risk management system
Executive Director of Commissioning and Quality Assurance
The Executive Director of Commissioning and Quality Assurance has a responsibility to ensure that the Trust has a robust Risk Management Strategy and policy in place, integrated with the Trust’s Strategic business plan and the Trust’s governance structure. This includes ensuring that there is a robust and effective Board Assurance Framework, Strategy and Policy
Risk Management Lead The Risk Management Lead supports the Executive Director of Commissioning and Quality Assurance in the day to day management of the Trust’s Corporate Risk Register and Board Assurance Framework The Risk Management Lead supports the review, development and embedding of the Risk Management Strategy and policy across the Trust to ensure that there is an effective Risk management System in place
Executive Directors and Locality Group Director
These staff are responsible for the implementation of this policy at corporate and service level including the establishment and continual management of risk registers and project risks registers. They are responsible for managing risk within their Localities and Corporate Directorates
5 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
Role Responsibility
All Staff Management of risk is a fundamental duty of all staff. All staff must ensure that identified risks and incidents are reported in order to ensure appropriate actions are taken. These requirements also extend to agency staff
Partner Organisations and Contractors Specific risks identified in the Trust will be shared with any other relevant organisation working in partnership with the Trust
Board Of Directors The board of directors are accountable and responsible for ensuring that the Trust has an effective process for identifying and managing risk of all types. The Board of Directors receive and consider reports from its Sub-Committees as necessary
Sub Committees of the Board Each sub-committee of the board has a role for risks pertaining to their area of focus: • Review the management of the Board assurance framework/ corporate risk register and the groups top risks to ensure that the board of directors receive assurance that effective controls are in place to manage corporate risks. • Report to the board of directors on any significant risk management and assurance issues
Audit Committee The Audit Committee is a sub-committee of the board and Oversees the risk management system, obtaining assurances that there is an effective systems operating across the Trust.
Corporate Decisions Team The Corporate Decisions Team ensure effective implementation of the risk management system and report to board sub committees on any significant matter relating to risk management
CDT Risk Management Sub Group The CDT Risk Management Sub Group is a Sub-committee of the Corporate Decisions Team. Risk Management Sub Group lead on the development of and ensure compliance with the organisation’s risk assessment and management systems and processes and report to CDT.
6 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
6 Risk Management System
6.1. Definition The Institute of Risk Management define Risk Management as: “The process which aims to help organisations understand, evaluate and take action on all their risks with a view to increasing the probability of success and reducing the likelihood of failure”
Figure 1 below shows, risk management involves the identification, analysis, evaluation and treatment of risks or more specifically recognises which events may lead to harm and therefore minimising the likelihood (how often) and consequences (how bad) of these risks occurring.
Figure 1 – Risk Management Process.
* establish the context can also be described as establish the facts.
6.2 Identifying Risks
Risks facing the organisation will be identified from a number of sources, for example:
Risk arise out of the delivery of day to day work related tasks or activities
The review of strategic or operational ambitions
As a result of an incident or the outcome of investigations
Following a complaint, claim or patient feedback
As a result of a health and safety inspection/assessment, external review or audit report
National requirements and guidance
*
7 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
The identification, assessment, and control of risk is delegated to directors, managers, departments, wards and teams within CNTW, together with the management and data entry onto a paper or electronic risk management system.
6.3. Analysing/Assessing Risks
The purpose of assessing and scoring a risk is to estimate the level of exposure to a particular risk, which will then help to inform where responses to reduce or better manage a risk can be taken. When assessing a risk you will need to:
Identify who is affected and what is the potential impact should the risk occur (i.e., the consequences (how bad) a risk occurring could be)
Estimate the likelihood (how often) of a risk occurring once plans to control or mitigate the impact of a risk have been put in place
Consider whether this is a standalone risk or whether this could combine with other potential risks
Assess and score the exposure to that risk. Guidance on evaluating and scoring can be found in section 6.4 of this policy
Escalate to your direct line manager or designated risk champion for discussion/inclusion on a trust-wide risk register
6.4. Evaluating/Scoring Risk Risks are scored using a risk scoring matrix. The Trust has adopted a 5x5 matrix with the risk scores taking account of the Impact and likelihood of a risk occurring. The scoring of risk is a 3-step process Step 1 – Evaluating the impact or of a risk occurring if no plans exist to control, mitigate or reduce the impact of a risk occurring. The impact (consequence) score has five descriptors
Score
Impact descriptor Impact Description
1
Insignificant Please see appendix 2 for risk impact descriptions.
2
Minor
3
Moderate
4
Major
5
Catastrophic
8 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
Step 2 – Evaluating the likelihood (how often) a risk may occur once plans and controls to mitigate (reduce/remove) a risk have been put in place. The table below gives the descriptions of the likelihood or a risk occurring
Score
Likelihood descriptor
Likelihood Description
1
Rare May only occur in exceptional circumstances. 0-9% chance of occurrence.
2
Unlikely Not expected, but could occur infrequently. 10-29% chance of occurrence.
3
Possible May/will occur at some time. 30-59% chance of occurrence.
4
Likely Will probably occur, but not a persistent issue. 60-89% chance of occurrence.
5
Almost Certain Likely to occur on many occasions, a persistent issue. 90-100% chance of occurrence.
Step 3 – To calculate the risk score you must then multiply the impact score with the likelihood score. IMPACT score x LIKELIHOOD score = RISK score
IMPACT
LIKELIHOOD 1. Insignificant 2. Minor 3. Moderate 4. Major 5.Catastrophic
1 – Rare Not expected to occur
1 Very Low
2 Very Low
3 Very Low
4 Very Low
5 Very Low
2 – Unlikely Occurs infrequently
2 Very Low
4 Very Low
6 Low
8 Low
10 Low
3 – Possible Once or twice a year
3 Very Low
6 Low
9 Low
12 Moderate
15 Moderate
4 – Likely Hazard will occur but is not persistent.
4 Very Low
8 Low
12 Moderate
16 Moderate
20 High
5 –Almost Certain Constant threat is custom and practice
5 Very Low
10 Low
15 Moderate
20 High
25 High
9 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
By multiplying the Consequence and Likelihood scores together a total risk score will be created. The score will then determine the level of risk as shown below:
Very Low (1 – 5)
Low (6 - 10) Moderate (12 - 16) High (20 - 25) For example:
An impact score of 5 (catastrophic) is multiplied by the likelihood score of 3 (possible) which gives a risk score of 15. This would then be shown as a moderate or amber risk.
Each risk will be assigned 3 risk scores:
1. Initial Risk Score – the score on identification before any
controls/mitigating actions are proposed.
2. Current/Residual Risk Score – The residual risk, the score with controls/actions in place.
3. Target Risk Score – The risk score after improved actions have been achieved and improved controls are added
6.5 Risk Escalation
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust support staff to manage risk at the lowest and most appropriate level in the organisation. Risks should only be escalated when action is required outside the control of the current owner. The Risk escalation and reporting process can be found in appendix 3
6.6 Controls and Mitigation (Action Planning)
When considering the likelihood of a risk occurring, staff need to develop and consider the actions that can be put in place
a. The avoidance of the risk – by not proceeding with an action which can produce the risk
b. The reduction of the likelihood of a risk occurring or should it occur, the reduction of the potential impact of the risk occurring
c. The Transfer of a risk to another party, either in part or in whole
10 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
d. The retention of risk, after they have been reduced or transferred, there may be some residual risks which are retained (although plans to control and mitigate these risks will still be required)
e. The removal/elimination of risk. These plans to avoid or reduce risk are more commonly referred to as the risk action plan
7. Risk Appetite
Risk appetite is the level of risk the Trust Board deem acceptable or unacceptable based on the specific risk category and circumstances/situation facing the Trust. This allows the Trust to measure, monitor and adjust, as necessary, the actual risk positions against the agreed risk appetite Using the Good Governance Institute risk appetite matrix the Trust Board has adopted a risk appetite statement which is the amount of risk it is willing to accept in seeking to achieve its Strategic Ambitions. As well as the overall risk appetite statement, separate statements are provided for each risk category
Category Risk Appetite Risk Appetite Score Clinical Innovation CNTW has a MODERATE
risk appetite for Clinical Innovation that does not compromise quality of care
12-16
Commercial CNTW has a HIGH risk appetite for Commercial gain whilst ensuring quality and sustainability for our service users
20-25
Compliance/Regulatory CNTW has a LOW risk 6-10
Risk Appetite Statement Cumbria Northumberland, Tyne and Wear NHS Foundation Trust recognises that its long term sustainability depends upon the delivery of its strategic ambitions and its relationships with its service users, carers, staff, public and partners. As such, Cumbria Northumberland, Tyne and Wear NHS Foundation Trust will not accept risks that materially provide a negative impact on quality. However CNTW has a greater appetite to take considered risks in terms of their impact on organisational issues. CNTW has a greatest appetite to pursue Commercial gain, partnerships, clinical innovation, Financial/Value for Money and reputational risk in terms of its willingness to take opportunities where positive gains can be anticipated, within the constraints of the regulatory environment
11 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
Category Risk Appetite Risk Appetite Score appetite for Compliance/Regulatory risk which may compromise the Trust’s compliance with its statutory duties and regulatory requirements
Financial/Value for money
CNTW has a MODERATE risk appetite for financial/VfM which may grow the size of the organisation whilst ensuring we minimising the possibility of financial loss and comply with statutory requirements
12-16
Partnerships CNTW has a HIGH risk appetite for partnerships which may support and benefit the people we serve
20-25
Reputation
CNTW has a MODERATE risk appetite for actions and decisions taken in the interest of ensuring quality and sustainability which may affect the reputation of the organisation
12-16
Quality Effectiveness CNTW has a LOW risk appetite for risk that may compromise the delivery of outcomes for our service users.
6-10
Quality Experience
CNTW has a LOW risk appetite for risks that may affect the experience of our service users
6-10
Quality Safety CNTW has a VERY LOW risk appetite for risks that may compromise safety
1-5
Workforce CNTW has a MODERATE risk appetite for actions and decisions taken in relation to workforce
12-16
Commercial CNTW has a HIGH risk appetite for Commercial gain whilst ensuring quality and sustainability for our service users
20-25
12 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
The below table shows risk appetite tolerance scores for each risk appetite. When a risk exceeds a risk appetite tolerance score this will be used as a framework for a risk to be communicated and reported upwards. A suggested target risk is also added to help inform target risk scoring discussions. The target risk is provided as a guide and not an absolute expectation.
APPETITE NONE VERY LOW
LOW MODERATE HIGH
Risk tolerance Score
N/A 1-5 6-10 12-16 20-25
Target risk score
N/A 0 4 9 15
Risk Appetite and the Clinical Locality Groups/Corporate Area
Risk appetite is linked to the Safeguard Risk Management System. The Safeguard system asks the user to choose a risk appetite category when recording a risk. The categories are linked to the risk appetite tolerance scores and where a risk breaches the Trust Risk Appetite the user will see the risk appetite rag rating change to red
The Risk Management Lead will also have planned weekly audits in place to capture any risk appetite breaches that have not been reported/communicated as a control mechanism. All risks which breach the Trust risk appetite will be reported through the Trust Governance Structures to the Board of Directors. This replaces the current system of all risks 15 and above being reported. Risk appetite does not replace the escalation process defined within the risk management policy (see section 6.5). Risks continue to be managed at the lowest and most appropriate level in the organisation and only escalated when action is required outside the control of the current risk owner.
8. Assurance.
A key element of the Trust’s risk management system is providing assurance that we manage risks effectively by ensuring the effectiveness of controls and actions being put in place to mitigate the impact of any risks.
8.1. Assurance Definition
Assurance Definition
Provides Evidence
To: Staff/Management/Directors/Organisation
That: What we are currently doing is making impact on risks.
8.2. Examples of Sources of Assurance.
13 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
Below are some examples of sources of Assurance. Most types of assurance will be evidenced (for example meeting minutes, checklists, written reports) whilst some may be more informal (such as evidence of discussions).
9. Clinical Risk
9.1. Clinical Risk Assessment
Clinical risk assessment is a dynamic ongoing process in the provisions and treatment to all service users. It is a multi-disciplinary responsibility and the outcome of risk assessment should be formally documented using minimum approved tool and recording by each organisation. The Trust’s approved tools to record the outcome of clinical risk assessments for adults are listed in the Trust policies CNTW(C) 20 Care Coordination and Care Programme Approach, and CNTW(C) 48 Care Coordination and Care Programme Approach for Children and Young People. The Clinical Risk Strategy can be found at http://nww1.CNTW.nhs.uk/services/?id=7029&p=5548
9.2 Clinical Environment Risk Assessment
The Clinical Environmental Risk Assessment (CERA) process is to identify the significant risk areas, concentrating predominantly on 24 hour in patient settings, with a view to create a trust-wide action plan for remedial work over a 5 year period. The intention being to identify risks that can be eliminated within these clinical settings. Risks that cannot be eliminated are transferred to a Trust risk register and managed with the necessary controls in place.
The CERA process is coordinated by the Safety Team, overseen by the Safer Care Group. Please refer to CNTW(O)20 – Health and Safety Policy - HS-PGN-13
10 Risk Registers
10.1 All Trust Risk Registers
A risk register is a log of risks of all kinds that threaten the delivery of ambitions and the delivery of services. It should be a live document which is populated through the risk assessment and evaluation process. Risk
14 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
Registers operate at all levels in the trust – at local ward, department and service level, major projects and programmes, directorate, Group and Corporate level. Safeguard Risk Management System is the main system used to record risks although paper registers are currently still used in some areas. A risk register template can be found in Appendix 4.
10.2. Corporate Risk Register and Board Assurance Framework
The Corporate Risk Register and Board Assurance Framework are key documents used to record and report the Trust’s key Strategic Ambitions, risks, controls and assurances to the board. The Corporate Risk Register and Board Assurance Framework ensures that the Trust have assurance that risks to the delivery of its Strategic Ambitions are successfully managed. The Corporate Risk Register and Board Assurance Framework takes into account the recommendations from Audit, Executive Leads and board sub-committees as to what should be included, amended or removed. The Framework is updated and approved by the Board of Directors. The Corporate Risk Register and Board Assurance Framework once approved is a public document and can be accessed on CNTW Website via the Board Papers.
11. Monitoring, Reviewing and Auditing
The CDT Risk Management Group continually review and monitor all aspects of the Trust’s risk management system, and play a key role in the standardisation and moderation of risks that are added to the trust-wide risk registers. In accordance with Public Sector Internal Audit Standards, the Head of Internal Audit (HoIA) provides an annual opinion, based upon and limited to the work performed on the overall adequacy and effectiveness of the organisation’s risk management, control and governance processes.
12. Risk Management Training and Support. Risk management training, guidance and advice is provided through the Risk Management Lead. Risk management training is made available for existing staff and new members of staff.
13. Consultation and Communication with Stakeholders
This is an existing policy which has had major changes that relate to operational and/or clinical practice therefore requires a full consultation process. Systems of communication that contribute to minimising risk are in place and include a Trust intranet for staff, customer satisfaction surveys with service users and carers, and regular Council of Governors Meetings. The Risk Management Strategy is available to all stakeholders through the Trust’s website and the Trust reports regularly to NHSI on compliance with the terms of its provider licence. Communication with staff is particularly important and risk management issues can be communicated through line management team briefing, the Chief Executive’s bulletin and the communication of alerts to relevant staff groups via email.
15 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
North Locality Care Group
Central Locality Care Group
South Locality Care Group
North Cumbria Locality Care Group
Corporate Decision Team
Business Delivery Group
Safer Care Group
Communications, Finance, IM&T
Commissioning and Quality Assurance
Workforce and Organisational Development
NTW Solutions
Local Negotiating Committee
Medical Directorate
Staff Side
Internal Audit
14. Implementation
Taking into consideration the major implications associated with this Policy review it is considered that a target date of August 2017 is achievable for communications about changes in this Policy, with any specific training being implemented on an ongoing basis. This will be monitored by the Audit Committee through the review process. If at any stage there is an indication that the target date cannot be met, then the author will implement an action plan.
15. Equality and Diversity
In conjunction with the Trust’s Equality and Diversity Officer this policy has undergone an Equality and Diversity Impact Assessment which has taken into account all human rights in relation to disability, ethnicity, age and gender. The Trust undertakes to improve the working experience of staff and to ensure everyone is treated in a fair and consistent manner.
16. Fair Blame
The Trust is committed to developing an open learning culture. It has endorsed the view that, wherever possible, disciplinary action will not be taken against members of staff who report near misses and adverse incidents, although there may be clearly defined occasions where disciplinary action will be taken.
17. Fraud and Corruption
In accordance with the Trust’s policy CNTW(O)23 – Fraud, Bribery and Corruption policy and Response Plan, all suspected cases of fraud and corruption should be reported immediately to the Trust’s Local Counter Fraud Specialist or to the Executive Director of Finance.
16 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
18. Monitoring
Monitoring of compliance with this policy will be undertaken on a day to day basis by the Risk Management Lead, discussing any issues with the relevant Directorate/Group and, if necessary, reporting to the Executive Director of Commissioning and Quality Assurance.
19. Associated documents
Risk Management Strategy;
CNTW(C)20 Care Coordination/Care Programme Approach (CPA)
CNTW(C)48 Care Coordination/Care Programme Approach for
Children and Young People.
CNTW(O)01 Development and Management of Procedural
Documents.
All other Trust Policies are also in place to help reduce risks and can be accessed through the following link to the Trust internet site: CNTW - Policies Website.
20. References
Management of Health & Safety Regulations 1999
NHS Litigation Authority Risk Management Standards for Mental Health
and Learning Disability Trusts.
ISO3100 Risk Management Standard.
Baker,Tilly, Board Assurance Framework Toolkit.
NHS Provider Risk Management Guidance 2016.
17 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
Appendix A
Equality Analysis Screening Toolkit
Names of Individuals involved in Review
Date of Initial Screening
Review Date Service Area / Locality
Lisa Quinn Natalie Yeowart Christopher Rowlands
June 2017 June 2020 Trust-Wide
Policy to be analysed Is this policy new or existing?
Risk Management Policy V05 Existing
What are the intended outcomes of this work? Include outline of objectives and function aims
To ensure staff have the knowledge and tools to ensure effective risk management processes/systems throughout the Trust.
Who will be affected? e.g. staff, service users, carers, wider public etc
Staff
Protected Characteristics under the Equality Act 2010. The following characteristics have protection under the Act and therefore require further analysis of the potential impact that the policy may have upon them
Disability N/A
Sex N/A
Race N/A
Age N/A
Gender reassignment
(including transgender)
N/A
Sexual orientation. N/A
Religion or belief N/A
Marriage and Civil Partnership
N/A
Pregnancy and maternity
N/A
Carers N/A
Other identified groups N/A
18 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
How have you engaged stakeholders in gathering evidence or testing the evidence available?
Through standard policy process procedure
How have you engaged stakeholders in testing the policy or programme proposals?
Through standard policy process procedure
For each engagement activity, please state who was involved, how and when they were engaged, and the key outputs:
Appropriate policy review – author/team
Summary of Analysis Considering the evidence and engagement activity you listed above, please summarise the impact of your work. Consider whether the evidence shows potential for differential impact, if so state whether adverse or positive and for which groups. How you will mitigate any negative impacts. How you will include certain protected groups in services or expand their participation in public life.
Positive Monitor for impact during policy review.
Now consider and detail below how the proposals impact on elimination of discrimination, harassment and victimisation, advance the equality of opportunity and promote good relations between groups. Where there is evidence, address each protected characteristic
Eliminate discrimination, harassment and victimisation
Advance equality of opportunity
Promote good relations between groups
What is the overall impact?
Positive
Addressing the impact on equalities
From the outcome of this Screening, have negative impacts been identified for any protected characteristics as defined by the Equality Act 2010? If yes, has a Full Impact Assessment been recommended? If not, why not? Manager’s signature: Lisa Quinn/Natalie Yeowart Date: June 2017
19 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
Appendix B
Communication and Training Check list for policies
Key Questions for the accountable committees designing, reviewing or agreeing a new Trust policy
Is this a new policy with new training requirements or a change to an existing policy?
Existing policy with new training requirements.
If it is a change to an existing policy are there changes to the existing model of training delivery? If yes specify below.
N/A
Are the awareness/training needs required to deliver the changes by law, national or local standards or best practice?
Awareness/training needs required to deliver changes to local standards.
Please specify which staff groups need to undertake this awareness/training. Please be specific. It may well be the case that certain groups will require different levels e.g. staff group A requires awareness and staff group B requires training.
Band 7 and above will require specific training on Safeguard Web risk reporting and risk management awareness training.
All staff below band 7 will require Risk Management awareness training.
Is there a staff group that should be prioritised for this training / awareness?
Band 7 and above.
Please outline how the training will be delivered. Include who will deliver it and by what method.
Local Induction Training Awareness sessions Staff handbook summary for easy reference E-Learning
Please identify a link person who will liaise with the training department to arrange details Administration needs etc.
Natalie Yeowart
20 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
Appendix B – continued
Training Needs Analysis
Staff/Professional Group Type of training
Duration of Training
Frequency of Training
Band 7 and above Web risk reporting
E-learning
30mins Once
Band 7 and above Risk Management E-learning
30 mins Once
All staff Risk Awareness Session
1 hour Induction/3 Yearly
Should any advice be required, please contact: - 0191 2456777 (Option 1)
21 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19
Appendix C Monitoring Tool Statement The Trust is working towards effective clinical governance and governance systems. To demonstrate effective care delivery and compliance, policy authors are required to include how monitoring of this policy is linked to auditable standards/key performance indicators will be undertaken using this framework.
Risk Management Policy - Monitoring Framework
Auditable Standard/Key Performance Indicators
Frequency/Method/Person Responsible
Where results and any Associate Action plan will be reported to implemented and monitored; (this will usually be via the relevant Governance Group).
1. Identified staff groups attend training as outlined in appendix B in accordance with policy requirements.
Monthly via Dashboard managed by individual staff groups/areas and monitored by Risk Management Lead.
CDT Risk Management Sub Group.
2. Risk Management Standards set in policy.
Quarterly quality/compliance checks by Risk Management Lead.
CDT Risk Management Sub Group.
The Author(s) of each policy is required to complete this monitoring template and ensure that these results are taken to the appropriate Quality and Performance Governance Group in line with the frequency set out.
CNTW (O)33
Appendix 1 Definition of Risk Management Terms
Term Definition
Action A response to control or mitigate risk.
Action plan A collection of actions that are specific, measurable, achievable, realistic and targeted.
Assessment A review of evidence leading to the formulation of an opinion.
Assurance Confidence based on sufficient evidence that internal controls are in place, operating effectively and objectives are achieved.
Board Assurance Framework/ Corporate Risk Register (BAF/CRR)
A document setting out the organisations strategic objectives, the risks to achieving them, the controls in place to manage them and the assurance that is available.
Control Action taken to reduce the likelihood and or impact of a risk.
Escalation Referring an issue to the next appropriate management level for resolution, action or attention.
Gaps in control Actions to be put in place to manage risk and achieve objectives.
Frequency A measure of the rate of occurrence of an event.
Impact The result of a threat or opportunity.
Internal audit The team responsible for evaluating and forming an opinion of the robustness of the system of internal control.
Initial risk The score on identification before any controls are added
Likelihood A qualitative measure/description of probability or frequency. Any negative impact, financial or otherwise.
Mitigation Actions taken to reduce the risk or the negative impact of the risk.
Current risk score (residual risk)
The score with controls/actions in place.
Risk appetite An informed decision taken by the Trust Board on the level of risk deemed acceptable.
Risk matrix A grid that cross references impact against likelihood to assist in assessing a risk.
Risk owner The person/group responsible for the management and control of all aspects of individual risks.
Risk rating The total risk score work out by multiplying the impact and likelihood scores on the risk matrix.
Risk register The tool for recording identified risks and monitoring action plans against them.
Risk tolerance The boundaries of risk taking outside that the organisation is not prepared to go beyond
CNTW(O)33
1 Cumbria Northumberland Tyne and Wear NHS Foundation Trust Appendix 2- Risk Impact Scoring Table CNTW(O)33- Risk Management Policy V05.5 Oct 19
Category Clinical Innovation
Commercial Compliance/ Regulatory
Financial/VfM
Partnerships Reputation Quality Effectiveness
Quality Experience
Quality Safety
Workforce
Impact of Risk
1. Acceptable Risk Insignificant
No effect on innovation Extremely likely to create value
No effect on commercial gain or sustainable growth
One off non-compliance with standards. * Insignificant breach of confidentiality/information/IT breach
<£50,000 No effect on partnerships Extremely likely to support and benefit those we serve
Insignificant impact. Within unit, team, dept only
Minimal/low effect on service delivery > 1 Hour
Service User Extremely likely to recommend No effect on Service User Experience
Any Immaterial incident resulting in no harm. (Near Miss)
Staff extremely likely to recommend No effect on staff health and wellbeing
2. Minor
Minor effect on innovation Likely to create value
Minor effect on commercial gain Unlikely to effect sustainable growth
Minor failure to meet standards within the quarter. * Minor breach of confidentiality/information/IT breach
£50,000 - £500,000
Minor effect on partnerships Likely to support and benefit those we serve
Minor impact Local Media coverage
Temporary effect on service delivery >1 Day
Service User Likely to recommend Minor effect on Service User experience
Any unexpected/ unintended incident that could cause minimal harm.
Staff likely to recommend Minor effect on staff health and wellbeing
3. Moderate
Moderate effect on innovation Unlikely to create value
Moderate effect on commercial gain Likely to effect sustainable growth
Non-compliance with standards for 2 consecutive quarters. * Potentially serious breach of confidentiality/ information/IT breach
£500,000 - £1m
Moderate effect on partnerships Likely to have a negative effect on those we support and serve
Moderate impact Regional concern Local Media coverage
Significant effect on service delivery/Late delivery of objectives > 3 Days
Service User neither likely nor unlikely to recommend Negative effect on Service user experience
Any unexpected/ unintended incident that could result in significant but not permanent harm.
Staff neither likely nor unlikely to recommend Negative effect on staff health and wellbeing
4. Major
Significant effect on innovation Highly unlikely to create value
Significant effect on commercial gain Extremely likely to effect sustainable growth
Significant non-compliance with standards for 3 consecutive quarters. * Serious breach of confidentiality/information/IT breach.
£1m - £5m Significant effect on partnerships Extremely likely to have a negative effect on those we support and serve.
Significant impact NHS/NHSE concern National media coverage
Significant effect on service delivery/ uncertain delivery of key objectives >1 week
Service User Unlikely to recommend Significant effect on Service User experience
Any unexpected/ Unintended incident that could result in permanent harm.
Staff unlikely to recommend Significant effect on staff health and wellbeing
5.Catastrophic
Severe effect on innovation Extremely unlikely to create value
Severe effect on commercial gain. Severe effect on sustainable growth
Severe non-compliance with standards leading to enforcement action by regulators. * Catastrophic breach of confidentiality/information/IT Breach.
>£5m
Severe effect on partnerships Extremely likely to have a negative effect on those we support and serve.
Severe impact on reputation Sustained NHS/NHSE Concern National media coverage
Severe effect on service delivery/ non- delivery of key objectives. Permanent loss of service
Patient highly unlikely to recommend Severe effect on Service User experience.
Any unexpected/ Unintended incident that could result in Serious harm/death.
Staff highly unlikely to recommend Severe effect on staff health and wellbeing
Appendix 2 – Risk Impact Scoring Table
2 Cumbria Northumberland, Tyne and Wear NHS Foundation Trust Appendix – Clinical Environmental Risk Assessment – V05.5 Oct 19 CNTW(0)33 – Risk Management Policy
Appendix 3 Risk Escalation Process
3 Cumbria Northumberland, Tyne and Wear NHS Foundation Trust Appendix – Clinical Environmental Risk Assessment – V05.5 Oct 19 CNTW(0)33 – Risk Management Policy
Appendix 4
Risk Register Template
Name of Locality/Ward/Dept/Corporate Directorate
Risk: Risk Rating:
Impact Likelihood Score Rating
Risk on Identification
0 0 0 Very Low
Residual Risk (with current controls in place):
0 0 0 Very Low Target Risk (after improved controls):
0 0 0 Very Low
Risk Appetite:
Financial/VFM Below
Controls & Mitigation (what are we currently doing about the risk)
Assurances/ Evidence (how do we know we are making an impact)
Gaps in Controls/Gaps in Assurance (actions to take to achieve target risk)
Ref: Lead:
Last Updated/Reviewed:
Comments: