Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Correct on the day of printing. Please check on the Trust’s internet site for the most up to date version
Document Control Report
Title Risk Management Strategy
Author Authors’ job title Dr Juliet Cross Head of Corporate Governance Annette Crew Risk Manager Directorate Sub-directorate Department Team / Specialty Finance and Corporate Risk and Health Risk Performance Governance and Safety Date Version Status Comment / Changes / Approval Issued 1.0 April 2007 Final Strategy approved at Risk Management Committee, Audit and Assurance Committee and Trust Board. 1.1 Feb. 2008 Revision Updated to reflect organisational and risk management process changes. Presented to Audit & Assurance Committee to note on 12.02.08. 1.2 March Revision Presented to Risk Management Committee to 2008 approve on 21.02.08. Approved with no amendments. Presented to Trust Board to approve on 04.03.08. Approved subject to minor amendments (Item 053/08). 2.0 April Final Amendments made including revised Equality 2008 Impact Assessment Screening form and updated Terms of Reference for Risk Management Committee and Audit & Assurance Committee. 2.1 Mar 09 Revision Annual review undertaken. Information updated. To be presented to Risk Management Committee to note on 16.04.09. Strategy approved subject to amendments. 2.2 April 2009 Revision Amendments made. To be presented to Audit & Assurance Committee to note on 09.06.09 Amendments agreed. Further meeting agreed to discuss additional details. 2.3 Nov. Revision Amendments made following feedback from Non 2009 Executive and feedback from CNST Assessment for Maternity Services undertaken in Oct.2009. Comments also updated, e.g. outcomes of section assessment (section 7). Approved at the Risk Management Committee on 19.11.09. 2.3 Dec 2009 Revision Approved at Audit and Assurance Committee on 08.12.09 with addition of Clinical Governance Committee specialist advisory groups in 6.3. 2.4 Jan 2010 Revision Presented to Trust Board on 12.01.10 and approved. 3.0 Jan 2010 Final Final version placed on Tarkanet.
Corporate Governance Page 1 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Correct on the day of printing. Please check on the Trust’s internet site for the most up to date version
Harmonised strategy as a result of merging of Northern Devon Healthcare NHS Trust and NHS Devon community services. A summary of key issues and differences is on page 3. 3.1 Jan 2012 Revision The monitoring section has been strengthened as a result of revised NHSLA requirements. Reformatted for document map navigation and table of contents update. Amendments made following completion of consultation exercise and feedback from Trust 3.2 Feb 2012 Revision Board Briefing session 21.02.12. For presentation to Trust Board 28.02.12 for approval. TBC 4.0 Final Approved by xxxx on xxxx following consultation. 2012 Main Contact Annette Crew Tel: Direct Dial – 01271 314074 Risk Manager Tel: Internal – 4074 Suite 1 Munro House Email: North Devon District Hospital [email protected] Raleigh Park Barnstaple EX31 4JB Lead Director Director of Finance and Performance Document Class Target Audience Strategy Staff Distribution List Distribution Method Staff Trust’s Intranet Superseded Documents (NDHT) Risk Management Strategy v3.0 Jan (2010) V3 Devon Provider Services Risk Management Strategy (2009) Issue Date Review Date February 2012 February 2013 Local Archive Reference Corporate Affairs Local Path Corporate Affairs/Corporate Governance/Policies and Procedures/ Corporate Affairs Team/ Risk Management/ Strategy 2011-12 Filename Risk Management Strategy - v3.2 21.02.12 Categories for Trust’s Intranet site Tags for Trust’s Intranet site Corporate Governance Risk
Main contact for queries/ suggestions/ comments? Tel: Direct Dial – 01271 314074 Annette Crew Tel: Internal – 4074 Risk Manager Fax: - North Devon District Hospital Email: Raleigh Park [email protected] Barnstaple, EX31 4JB
Corporate Governance Page 2 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Summary of key differences and main changes in this harmonised strategy compared to the Northern and Eastern strategy
Staff are expected to review the complete strategy’s contents.
Section Key Differences / Changes Ref. 6.1 All staff are required to identify risk and manage risk as outlined in this strategy.
6.3 Refinement of the Integrated Risk Management Committee Structure across the Trust. The key committees comprise: Risk Management Committee Quality Assurance Committee Audit and Assurance Committee Trust Board
Corporate Governance Page 3 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Contents
Links to Trust strategic objectives and goals...... 6
Executive Summary ...... 7
Introduction...... 8
1 The Assurance framework...... 8
2 Risk Appetite ...... 10
3 Communication of the strategy...... 10
4 Accountability arrangements ...... 10 4.1 Roles and Responsibilities...... 10 4.1.1 Chief Executive...... 10 4.1.2 Non-Executive Directors...... 10 4.1.3 Executive Directors...... 11 4.1.4 Role of the Director of Finance and Performance (SIRO) ...... 11 4.1.5 Role of the Director of Nursing – Clinical Governance Lead ...... 11 4.1.6 All Managers...... 12 4.1.7 Specialist Advisers...... 12 4.1.8 All Staff and Employees...... 13 4.1.9 Contractors and Agency Staff...... 13 6.1 Lines of Accountability...... 13 6.2 Integrated Risk Management Committee Structure...... 14 6.3 Key Risk Management Committees ...... 16
7 Performance Monitoring Arrangements...... 17
8 Risk management process...... 19 8.1 Risks Identification...... 19 8.2 Risk Assessment ...... 19 8.3 Risk Registers...... 21
9 Significant Risks ...... 22
10 Risk management training and support...... 22 10.1 Training...... 22 10.2 Support ...... 23 10.3 Validation of Risk Assessments...... 23
11 Looking forward...... 23
12 Monitoring compliance with and the effectiveness of the strategy ...... 23
Corporate Governance Page 4 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
12.1 Corporate Risk Register ...... 23 12.2 Principal Risk and Assurance Register and Action plan...... 24 12.3 Risk Management Committee ...... 24 12.4 Audit and Assurance Committee ...... 24 12.5 Quality Assurance Committee ...... 25
13 Equality impact assessment...... 25
14 References ...... 25
15 Supporting policies and documentation...... 25
Appendix A: Trust Strategic Objectives...... 26
Appendix B: Equality Impact Assessment Screening...... 27
Appendix C: Integrated Risk Management Committee structure flowchart...... 30
Appendix D: Integrated Risk Management Committee structure ...... 31
Appendix E: Integrated Risk Management Committee structure membership...... 32
Appendix F: Compliance monitoring for NHSLA ...... 33
Corporate Governance Page 5 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Links to Trust strategic objectives and goals
Strategic Workstream description Objective/Goal Delivered Enabler Not applicable
Patient pathways: we will deliver clinically effective care grounded in safe Effective care systems and processes
Clinical quality: we will provide locally sustainable services that are supported through resilient clinical partnerships with other individual Sustainable services organisations and robust clinical networks that reach across the health system
Integrated care: We will maximise the opportunities of an integrated Integrated care health and social care delivery systems to provide the right care at the right time in the right place for the individual patient
Exceptional People: We will find, recruit and retain exceptional staff who are fully workforce engaged with the purpose and success of the Trust
Innovative People: We will be able to innovate reliably as part of our business improvement model
Modern Infrastructure: We will maintain and develop clean, modern and environments welcoming environments at each Trust location
Financial health Finance: We will secure and protect sustainable financial health
Finance: We will be able to respond successfully to all external Governance and imperatives and pressures while continuing to transform the Trust and compliance respond to the changing health and social care environment
Organisational strength: We will establish and sustain broad awareness Marketing of our position as a high performing provider of care and as an estimable peer in the health system
Organisational strength: We will create and sustain the right business Structure and structure and the partnerships necessary to make the business robust partnerships and resilient.
Corporate Governance Page 6 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Executive Summary
Northern Devon Healthcare NHS Trust is fully committed to the principles of risk management.
The objectives of the Trust with regards to risk management are to:
Define clear lines of accountability throughout the organisation. Implement a systematic approach to the identification, assessment and prioritisation of risks. Provide an effective system for controlling, reducing or eliminating risks. Provide a robust reporting and monitoring system for identified risks. Ensure the organisation is aware of all identified risks and allocate the necessary resources in a prioritised way in order to manage its risks and to ensure it can meet its strategic objectives. Ensure the Board is informed of significant risks to the Trust’s strategic objectives, and is consulted on the plans for controlling them. Ensure all staff in all directorates and departments are aware of their risk management responsibilities and that they understand the use and the process of risk identification, assessment, reporting and management. Provide risk management training to staff identified as having a key role in risk management. Create a risk-aware culture throughout the organisation. Remove the risk of injury, damage or loss to patients, visitors and staff or of harm to the organisation where possible. Where this is not possible, to ensure the risk is reduced as much as is reasonably practicable. This Risk Management Strategy sets out the Trust’s overall organisational approach to risk management as determined by the Trust Board. It outlines the framework for management arrangements for the identification, assessment, treatment, escalation and monitoring of risks as an integral part of its delivery of high quality services.
The strategy promotes the philosophy of integrated governance and requires all risk management to be systematic, robust and evident. Risk management processes are applied to business planning at all levels and risk management issues should be communicated to key stakeholders where necessary.
The Trust Risk Management Policy will support the implementation of this strategy.
Corporate Governance Page 7 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Introduction
This document provides a strategy for the continuing development of risk management throughout the Trust.
The Risk Management Strategy provides a co-ordinated, systematic and focussed framework for the management of all identified risks, both clinical and non-clinical. Implementation of the Strategy will be monitored by the Audit and Assurance Committee, with significant commitment and support from all Trust staff and the Trust Board.
Northern Devon Healthcare NHS Trust defines risk management as “the identification, analysis and control of all threats to the achievement of the organisation’s corporate objectives and operational activities”.
Each directorate and department is expected to identify, assess and control its own risks. The identified risks will be matched to the organisation’s strategic objectives (Appendix A) as the Strategy forms part of the over-arching Assurance Framework. This informs the Trust Board of the high-level corporate risks and provides assurance that the risks are being controlled effectively.
The Trust defines risk as “something that might or might not happen that may cause harm to the individual or to the organisation”. Risks may therefore be associated with people, e.g. patients and staff, or issues such as financial loss, service interruption or premises.
By developing a risk-aware culture, the Trust can ensure that risk management is embedded throughout the organisation. All staff, both clinical and non-clinical, must accept that risk management is an integral part of their responsibilities and staff are encouraged to identify, control and report all risks. Improved risk management will result in better quality care for patients and a safer environment for service users, visitors and staff.
This implementation of this strategy is supported by the Northern Devon Healthcare NHS Trust incorporating community services in Exeter, East and Mid Devon Risk Management Policy.
1 The Assurance framework
The Trust Board recognises that risk management is an integral part of sound management practice and to be most effective has to be part of the organisation’s culture.
The Assurance Framework aims to provide the Trust with a comprehensive method for the effective management of the principal risks to achieving the organisation’s strategic objectives.
The strategic objectives were initially based on the Healthcare Commission Standards, described in the Standards for Better Health document, published July 2004. The Board reviewed and amended the strategic objectives in January 2012. They have been developed to ensure there is a shared understanding and common purpose throughout the organisation about the Trust’s strategic direction and what needs to be delivered.
The Trust’s strategic objectives are:
Corporate Governance Page 8 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Highest Quality – We will be recognised for delivering care of the highest quality, measured in terms of clinical effectiveness, patient safety and the patient experience; Sustainable – We will ensure access to a sustainable range of services that are delivered locally through established partnerships, and clinical networks with other organisations where necessary; Integrated model – We will maximise the benefits derived from an integrated model of health and social care that provides the right care at the right time in the right place at the right level for the individual; Flexible workforce – We will recruit and develop a flexible and multi skilled workforce fully engaged in turning our vision into a reality; Efficiently and effectively – We will efficiently and effectively run our services; generating surpluses to reinvest in services to benefit our local community and underpinning all we do with systems and processes which deliver safe, high quality services; Local provider of choice – We will be the local provider of choice; working in partnership with the public and commissioners to promote independence and well being and meet the needs of our community.
In order to discharge its control assurance and related governance duties, the Board must undertake the following tasks:
Identify the principal risks that may threaten the achievement of the strategic objectives; Establish the risk appetite of the organisation; Identify and evaluate the design of key controls intended to manage these principal risks Set out the arrangements for obtaining assurance on the effectiveness of key controls across all areas of principal risk Evaluate the assurance across all areas of principal risk Identify positive assurances and areas where there are gaps in controls and/or assurances Put in place plans to take corrective action where gaps have been identified in relation to principal risks Maintain dynamic risk management arrangements including a well founded risk register
Northern Devon Healthcare NHS Trust incorporating community services in Exeter, East and Mid Devon will manage risk through its Assurance Framework by:
Encouraging a risk-aware culture throughout the organisation. Developing a “fair blame” approach to the reporting of incidents. Staff are accountable for their actions, but it is recognised that mistakes can be made for a variety of reasons. The Trust seeks to be an open and learning organisation, to ensure systems and processes are put in place to reduce or eliminate risks. Reporting and monitoring high-level risks that threaten the organisation’s ability to achieve its corporate objectives by the Audit and Assurance Committee and the Quality Assurance Committee. Monitoring the effectiveness of the Assurance Framework by the Trust Board.
Corporate Governance Page 9 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
2 Risk Appetite
Risk appetite is the amount of risk that an organisation is prepared to accept, tolerate, or be exposed to at any point in time in pursuit of its strategic objectives. It can be influenced by personal experience, political factors and external events.
The risk appetite sets out risks that are acceptable to bear and those that cannot be tolerated in agreed circumstances. It is a series of boundaries established by the board, which guides staff on the limits of risk that they can take at strategic, corporate or operational levels.
It is possible that the pursuit of one strategic objective may affect the achievement of another and this will impact upon the associated risk appetite. Similarly, the relative importance of one strategic objective against another may be influenced by external factors, such as changes in national policy or expectations of stakeholders.
It will be the responsibility of the Trust Board to establish what the organisation’s risk appetite is in relation to achieving its strategic objectives and to identify strategic risks that, if realised, could fundamentally affect the way in which the organisation exists or conducts its business.
The Trust Board will review the risk appetite at least once a year and also during periods of increased uncertainty or adverse changes in the business environment.
3 Communication of the strategy
Northern Devon Healthcare NHS Trust incorporating community services in Exeter, East and Mid Devon takes a holistic approach to managing risk across the organisation. This includes clinical, financial, organisational and environmental risk. In order to be effective, the Strategy is communicated throughout the Trust by:
Making all staff aware of this Strategy and ensuring they have access to a copy. Discussing the roles and responsibilities detailed within the Strategy at the Trust’s Induction Day for new staff. Ensuring all Directors, Non-Executive Directors and Senior Managers have a clear understanding of the requirements of the Strategy. Ensuring all Line Managers, Department Heads and Team Leaders have a sound working knowledge of the Strategy.
4 Accountability arrangements
4.1 Roles and Responsibilities
4.1.1 Chief Executive
The Chief Executive has overall accountability for all governance and risk management arrangements within the Trust
4.1.2 Non-Executive Directors
As members of the Trust Board, Non-Executive Directors have overall responsibility for reviewing the effectiveness of the organisation’s internal
Corporate Governance Page 10 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
control systems – clinical, financial and organisational. Responsibilities include:
Identifying strategic risks;
Ensuring significant risks are being managed effectively by testing the level of assurance provided, where appropriate;
Monitoring the risks that may affect the achievement of the organisation’s strategic objectives;
Having a working knowledge of the Risk Management Strategy and Policy.
4.1.3 Executive Directors
Executive Directors are accountable to the Chief Executive in their role of risk management. They are responsible for:
Identifying strategic risks;
Leading risk management within their respective Directorates;
Ensuring significant risks are managed effectively;
Fostering a positive risk-aware culture throughout the organisation;
Having a working knowledge of the Risk Management Strategy and Policy.
4.1.4 Role of the Director of Finance and Performance (SIRO)
In addition to the responsibilities identified above for Executive Directors, the Director of Finance and Performance is responsible for:
Being the lead director for risk management; Identifying strategic risks; Being the lead director for incident management; Being the lead director for Health and Safety; Being the lead for NHS Protect (formerly the Counter Fraud and Security Management Service); Being the Senior Information Risk Owner (SIRO); Fostering a culture of protecting and using data; Provides a focal point for managing information risks and incidents; Is concerned with the management of all information assets.
4.1.5 Role of the Director of Nursing – Clinical Governance Lead
Corporate Governance Page 11 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
In addition to the responsibilities identified above for Executive Directors, the Director of Nursing – Clinical Governance Lead is responsible for;
Ensuring that the management of clinical risks within the Trust is effective. 4.1.6 All Managers
All managers have responsibility for the management of risk in their areas. This is one of the key operational and day-to-day responsibilities delegated to them. Therefore, the reporting line of risk management can be traced directly from operational staff to the Chief Executive. The managers’ responsibilities include:
Supporting staff to complete a Risk Assessment Form; Ensuring all identified risks are included on the Corporate Risk Register; Implementing and monitoring the agreed control measures to manage risks within their designated area(s); Reporting significant risks where local control measures are considered to be potentially inadequate to the Risk Management Committee; Addressing the implementation of the Risk Management Policy within their designated area(s); Ensuring all their staff are made aware of the content and implications of the policy; Ensuring contractors and agency staff are informed of the Trust’s risk management arrangements and of risks that may affect them in the areas they are working. 4.1.7 Specialist Advisers
Specialist Advisers are responsible for providing specialist advice and support for completing risk assessments. They have a professional responsibility to advise the organisation on statutory and national guidance. They include:
Back Care Adviser Compliance Manager Fire and Security Adviser Head of Information Governance Head of Quality and Safety Health and Safety Manager Infection Prevention and Control Manager Investigations Lead Local Security Management Specialist Occupational Health Manager Risk Manager Specialist Midwife Risk Co-ordinator
Corporate Governance Page 12 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
4.1.8 All Staff and Employees
All staff are responsible for:
Complying with the Risk Management Strategy and Policy; Maintaining a general risk awareness at all times and reporting all risks as soon as possible; Reporting incidents, accidents and near misses using the Trust’s agreed incident reporting processes; Notifying managers of identified risks and undertaking risk assessments in accordance with agreed procedures; Being aware of risk assessments which have been carried out for their place of work; Complying with any control measures introduced to reduce and control identified risks; Following all Trust policies, procedures and protocols; Complying with all legislation relevant to their role, in particular Health and Safety legislation; Being aware of emergency procedures, e.g. resuscitation or evacuation, as appropriate for their role; Participating in risk management training and education, as well as training around safe working practices; Seeking support from specialist advisors when appropriate.
4.1.9 Contractors and Agency Staff
It is essential that Contractors and Agency Staff are advised of their responsibilities to work safely within the Trust. They should acknowledge that management of risk is an individual as well as a collective responsibility.
Contractors and Agency Staff should be informed of the reporting mechanisms in their area of work for reporting risks. Contractors and agency staff should be informed of any risks that may affect them in the areas that they are working.
6.1 Lines of Accountability
Overall accountability for risk management lies with the Chief Executive. This responsibility has been delegated to the Director of Finance and Performance, who is the nominated lead Director for Risk Management, Health and Safety, Counter Fraud and Security Management Service and is the designated Senior Information Risk Owner (SIRO).
The Director of Finance and Performance will ensure:
All risks, i.e. financial, organisational and clinical, are managed appropriately.
Corporate Governance Page 13 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
The effective co-ordination of governance and risk management throughout the organisation. That support is provided to directors, heads of departments, managers, clinicians and all staff in managing risk.
This role is supported by the Head of Corporate Governance, who has lead responsibility for the development and maintenance of the Corporate Risk Register and acts as a contact point for risk management issues, both within the Trust and with external bodies.
The Risk Manager has responsibility for the day-to-day management of risk assessments and the development of the Corporate Risk Register.
The Health & Safety Manager has responsibility for providing competent Health and Safety advice and support throughout the organisation. Other specialist advice and support, e.g. fire and security and lifting and handling, is also available.
The Director of Nursing also has responsibility for ensuring the management of clinical risks within the Trust is effective. This role is supported by the Medical Director.
6.2 Integrated Risk Management Committee Structure
An integrated committee structure has been established for reporting and monitoring risks, both clinical and non-clinical. This has been based on good practice as set out in various national documents, including the Integrated Governance Handbook, the Intelligent Board, Governing the NHS and the Foundation Trust Code of Governance.
The key committees comprise:
Risk Management Committee Quality Assurance Committee Audit and Assurance Committee Trust Board The roles of these committees have been developed to ensure that there are clear reporting lines, appropriate shared membership and a distinction between the committees providing an operational overview (Risk Management Committee) and an assurance and challenge overview (Quality Assurance Committee and Audit and Assurance Committee). The Trust Board has the overarching responsibility for risk management. (Appendices C, D and E.)
This committee structure ensures that all the threads of quality, performance and governance are aligned and integrated (Appendix D).
Risk Management Committee
The purpose of this Committee is to manage and monitor all aspects of clinical and non-clinical risk within the Trust. The Committee is accountable to the Director of Finance and Performance and is jointly chaired with the Director of
Corporate Governance Page 14 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Nursing. The Terms of Reference are reviewed annually, together with the membership.
Membership of the Committee includes representatives from the different directorates and two Non-Executive Directors as joint members. The meetings are held monthly.
The minutes of the meetings are presented to the Audit and Assurance Committee and to the Quality Assurance Committee to note the actions agreed by the Risk Management Committee as appropriate.
Quality Assurance Committee
The Quality Assurance Committee is a sub-committee of the Trust Board. The purpose of the Committee is to provide leadership and assurance that the Northern Devon Healthcare NHS Trust’s clinical governance systems and processes are in place and are effective in providing safe high quality care.
It has a role to challenge, receive and provide assurance on the effectiveness of the Trust’s risk management processes, as well as to monitor the management of identified risks. The Committee is a sub-committee of the Board and is therefore accountable to it. The Terms of Reference are reviewed annually, together with the membership.
Membership comprises of core members, including Non Executive Directors, the Director of Nursing and Medical Director and specialist advisers including senior managers, professional leads and governance managers.. Meetings are held bi- monthly.
There are a number of nominated sub groups that submit minutes, Terms of Reference and annual Committee Compliance reports and, where appropriate, annual report to the Quality Assurance Committee for assurance and monitoring of business, including:
Clinical Audit & Effectiveness Group; Drugs and Therapeutics Group; Learning from Patient and Staff Experience Group; Medical Devices Committee; Research & Development Group; Safer Care Delivery Committee; Strategic Workforce Development Committee; Safeguarding Adults Board; Joint Safeguarding Children's Board; Northern and Eastern Infection Prevention and Control Committees. .
The following groups and committees submit Terms of Reference, annual Committee Compliance reports and, where appropriate, annual report to the Quality Assurance Committee for assurance:
Corporate Governance Page 15 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Central Alert System Group Hospital Transfusion Committee; Organ Donation Committee Patient Documentation Group; Resuscitation Steering Group. The following committees send minutes and annual compliance Committee reports to the Quality Assurance Committee for assurance:
Risk Management Committee. The following committees submit annual reports to the Quality Assurance Committee to receive assurance of the delivery of the business: Joint Safeguarding Adults Board Joint Safeguarding Children Board
Minutes of the Quality Assurance Committee meetings are presented to the Trust Board to note.
Audit and Assurance Committee
The Audit and Assurance Committee is a sub-committee of the Board. The Committee’s role is to review the establishment and maintenance of an effective system of internal control and risk management. The Audit and Assurance Committee is a sub-committee of the Trust Board and is therefore accountable to the Board. The Terms of Reference are reviewed annually, together with the membership.
Three Non-Executive Directors form the membership of the Committee. Senior management for the Trust and representatives for Internal Audit and the Audit Commission attend. Meetings are held bi-monthly.
Minutes of the meetings are presented to the Trust Board to note.
Trust Board
The Trust Board has corporate responsibility for ensuring the organisation’s risk management systems and processes are effective and the Assurance Framework meets the Trust’s needs.
Membership of the Trust Board comprises five voting-Executive Directors and six Non-Executive Directors. Meetings are held at least seven times a year and are open to the public.
6.3 Key Risk Management Committees
In addition to the Integrated Risk Management Committee structure a number of other key committees and groups play a significant role in identifying strategic level risks and in ensuring appropriate action is taken to mitigate these risks.
Executive Directors Group
Corporate Governance Page 16 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
The purpose of the Executive Directors Group is to review and manage the business, service and risk issues across the Trust. The Group has a specific role in reviewing the Principal Risk Action Plan on a routine basis. The Group is accountable to the Chief Executive.
Membership comprises all the Executive Directors, voting and non-voting. Meetings are held weekly.
Notes of the meetings are circulated to the Executive Directors and the Non- Executive Directors for information.
Finance Committee
The purpose of the Finance Committee is to maintain robust financial management by monitoring financial performance and making recommendations to the Executive Team or to the Trust Board as appropriate.
The Committee is a sub-committee of the Trust Board.
Membership comprises the Executive Directors (voting) and the Non-Executive Directors. Non-voting Executive Directors attend as appropriate. Meetings are held monthly. Notes of the meetings are presented to the Trust Board to note.
Role of other formal committees or groups
Where risks are identified during the discussion in a committee or group meeting, it is the role of the Chair to ensure that action is minuted and followed- up.
Independent Assurance
Independent assurance of the Trust’s Risk Management agenda is provided through a variety of mechanisms, including:
Audit Commission Care Quality Commission Internal Audit NHS Litigation Authority South West Strategic Health Authority
In addition, independent assurance may also be provided by NHS Devon Primary Care Trust.
7 Performance Monitoring Arrangements
Risk management is an important part of many of the national initiatives introduced to modernise healthcare services. Internally, risk must also be considered in relation to the organisation’s planned service improvements and capital programme. This will be performance monitored through the Trust’s routine performance monitoring processes.
A number of external assessments consider the effectiveness of an organisation’s risk management processes, detailed below:
Corporate Governance Page 17 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
NHS Litigation Authority Risk Management Standard for Acute Trusts
The Trust had already achieved level 1 of the Clinical Negligence Scheme for Trusts in 2004. However, there have been significant changes to all of the NHS Litigation Authority risk management standards and assessment processes. There is a new set of risk management standards for each type of trust incorporating organisational, clinical, and health & safety risks.
The new standards for acute trusts were introduced by the NHS Litigation Authority in April 2007. The Trust completed the assessment for Level 1 and was assessed as compliant in June 2008. In May 2010, the Trust completed a re-assessment for Level 1 and was assessed as compliant in May 2010.
This work was led by the Trust Compliance Manager and was monitored by the Quality Assurance Committee.
The Level 1 assessment is valid for two years. Therefore in 2012, the Trust will re- apply for Level 1 due to significant changes to the structure of the organisation following the Transforming Community Services project.
NHS Litigation Authority Clinical Negligence Scheme for Trusts - Maternity Standards
The Maternity standards are annually reviewed. The Trust completed the assessment for Level 1 and was assessed as compliant in November 2009. It was reassessed for Level 1 and was assessed as compliant in October 2011.
This work was led by the Clinical Governance Support Unit and was monitored by the Quality Assurance Committee.
Care Quality Commission Regulations
Following the launch of the Care Quality Commission in April 2009, the Commission introduced the Essential Standards of Quality and Safety which required the Trust to register its regulated activity and be compliant with the Health and Social Care Act 2008 (Regulated Activities), Regulations 2010 and the Care Quality Commission (Registration) Regulations 2009.
The Trust registered its services and provided the first tranche of evidence by April 2010. Thereafter, there will be an annual registration process and evidence of compliance will be required throughout the year.
Risk management will play a key part in evidencing that the Trust takes action to mitigate identified risks and learns from outcomes.
The management process for compliance with the Care Quality Commission essential standards is led by the Trust Compliance Manager and monitored through a monthly compliance report to the Board and bi-monthly to the Quality Assurance Committee.
Any inspection visits made by the Care Quality Commission have action plans produced in response to the recommendations made in the report and these are entered on to the Corporate Risk Register and performance managed through the Risk Management Committee.
Corporate Governance Page 18 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
8 Risk management process
The Trust Board, individual directors, departments and teams must understand the extent of its risks in order to manage them effectively. The Trust’s Risk Management Policy clearly sets out the roles and lines of accountability, together with the risk management processes.
8.1 Risks Identification
Risk may be identified in a variety of different ways, including:
Alert notices from external agencies, e.g. National Patient Safety Agency or the Medicines and Healthcare Products Regulatory Agency, and manufactures of equipment or goods Audit reports Claims Committees and working groups Complaints External inspections, e.g. Healthcare Commission Incidents and near-misses Investigations following an incident Partnership arrangements Performance management tools Regulation - specific risks, e.g. Control of Substances Hazardous to Health Significant issues of internal control Workplace risk assessments, e.g. Health and Safety risk assessments Strategic risks Directorates, departments, services and teams are required to identify all risks that are specific to their own activity and circumstances. Where a risk has been identified, it is the responsibility of the appropriate member of staff to ensure that it is reported and that action is taken to control it.
Any member of staff may complete a risk assessment and send it direct to the Corporate Governance team.
8.2 Risk Assessment
Once a risk has been identified, a risk assessment form must be completed in order to have an auditable record of the risk level, the controls that are in place and the proposed treatment.
Risk Evaluation
All identified risks are subjected to a robust scoring method. This is a robust system that ensures the consistent scoring of risks over the whole organisation.
Corporate Governance Page 19 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
The risk score is determined by multiplying the risk consequence score with the risk likelihood score. This provides a quantitative basis upon which to determine the urgency of any actions, as follows:
Risk score 1-3: Low risk where further risk reduction may not be feasible or cost effective. Risk score 4-6: Low risk where risk control is required, so far as is reasonably practicable. The majority of control measures are already in place, or the likelihood of harm or its consequence is small. Actions may be required in the long term. Risk score 8-12: Medium risk where prompt action is required, so far as is reasonably practicable. There is moderate probability of major harm or high probability of minor harm if control measures are not implemented. Action may be required in the medium term. Risk score 15-25: High risk where there is a significant probability that major harm will occur if control measures are not implemented. Urgent action is required and stopping the activity or procedures should be considered.
Risk Control Measures
The Trust recognises that it is not possible to eliminate all risks. It is therefore necessary to put control measures in place to reduce the likelihood of an adverse occurrence or outcome. Control measures include:
Risk avoidance – by utilising alternatives or by discontinuing an activity. Risk reduction – developing policies or procedures and safe systems of work, or by relocating an activity. Risk transference – involving another party to share some or all of the risk, e.g. insurance arrangements or joint ventures. Risk acceptance – by accepting residual risks after action has been taken to reduce the original risk. Contingency plans may be developed to manage these risks should they occur.
In order to facilitate the prioritisation of risks, the Trust has defined acceptable risks as those low-level risks which have been scored between 1 – 6. This definition is to be used as a guide only. Managers are expected to take action on the low-level risks, particularly when these risks can be easily reduced or avoided.
Risk Action Plans
An action plan will be developed to control the identified risk. Each action will have a nominated manager for the risk to take responsibility for ensuring the agreed actions are delivered.
Risk Review
Once the agreed actions have been implemented, the risk will be re-evaluated to assess the residual risk.
Corporate Governance Page 20 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
8.3 Risk Registers
A risk register is a log of risks of all kinds that threaten the organisation’s ability to achieve its declared corporate objectives. It is a dynamic document which is populated through the risk identification and assessment processes described above.
This enables the risks to be quantified and prioritised. It also provides a structure for collating information about risks both in the analysis of trends, as well as for deciding how the risks should be controlled.
Local Risk Registers
In accordance with the Trust’s Risk Management Policy, all identified clinical and non-clinical risks must be recorded on the Corporate Risk Register. Teams, wards, departments, services and directorates must not hold individual local risk registers containing identified risks that have not been recorded on the Corporate Risk Register.
Where a team, ward, department, service or directorate requires a copy of the risks relating to their area of activity, a copy of the local risk register, which is a sub-set of the risks held on the Corporate Risk Register, will be provided by the Risk Manager on request.
Corporate Risk Register
The Corporate Risk Register is the principal management tool that enables the Trust to understand its comprehensive risk profile. It contains all the risks from all the Local Risk Registers. The information is recorded on the DATIX risk management system. The Head of Corporate Governance has overall responsibility for ensuring the Corporate Risk Register is kept up-to-date, with support from the Risk Manager. The Corporate Risk Register is monitored by the Risk Management Committee.
Routine high-score (15+) risks reports will be presented to Quality Assurance Committee, the Audit and Assurance Committee and to the Trust Board.
Routine Accepted risk reports will be presented to the Trust Board for approval.
High-score risks that may harm the achievement of the organisation’s corporate objectives will be logged on the Trust’s Principal Risk and Assurance Register.
Principal Risk and Assurance Register
This Register has been developed to meet all the necessary requirements of the Assurance Framework. It contains the high-score risks that may stop delivery of the Trust’s strategic objectives, the controls that have been put in place, the assurance provided and the gaps in controls and assurance.
The Risk Management Committee has a role in reviewing the high-score risks (with scores of 15+) in order to populate the Principal Risk and Assurance Register. The Principal Risk and Assurance Register is managed by the Head
Corporate Governance Page 21 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
of Corporate Governance and is monitored by the Audit and Assurance Committee.
Routine reports are presented to the Trust Board as part of the Board’s responsibility for monitoring and scrutinising the Assurance Framework.
9 Significant Risks
Significant issues of internal control identified by Executive Directors and senior managers will be presented to the weekly Executives Directors Group meeting. These issues may: Seriously prejudice the achievements of the Trust’s strategic objectives; Have attracted significant public interest or could have a serious adverse effect on the Trust’s reputation; Require additional funding to enable it to be resolved, or require the significant diversion of funding or resources from another aspect of the Trust’s business; Be considered by Audit and Assurance Committee; Be considered significant by Internal Audit; or Be identified through an external inspection.
Agreements on how the significant issue will be controlled will be made at the Executive Director’s Group. An Executive Director will be nominated to ensure a risk assessment is completed for recording on the Corporate Risk Register.
Where a risk has been identified during a meeting, e.g. committee or group, it is the responsibility of the Chair of the meeting to ensure that an action to complete risk assessments is recorded in the minutes to ensure that an action is clearly allocated to a named person. The Chair is also responsible for ensuring that the recorded action is completed. Where a risk has been identified, it is the responsibility of the member of staff to ensure that it is reported and that action is taken to control it.
10 Risk management training and support
10.1 Training
All staff who are required to undertake Risk management training will be identified through the Trust’s training matrix available via BOB under ‘What training do I need?’.
The training matrix will detail:
• Staff groups requiring training • Frequency of training • Mode of deliver i.e. e-learning or taught • Course titles
Booking for all Risk management training will be undertaken through Workforce Development via the Electronic Staff Record. Signed records must be kept of all training undertaken in the Trust. These records will be held centrally and reported Trust wide through ESR records. Individuals are encouraged to keep a copy of this in their portfolio.
Corporate Governance Page 22 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
On updating the Electronic Staff Record, line managers will be notified of all non attendees, further detail on booking and reporting processes are contained within Risk Management (Statutory and Mandatory) Training Policy.
10.2 Support
Members of the Corporate Governance team provide advice and support to others within the organisation in the identification, recording and management or risks.
Additional support may be provided by a specialist adviser.
10.3 Validation of Risk Assessments
In order to ensure a consistent approach to risk identification and assessment organisation-wide, validation of information included on the Corporate Risk Register will be undertaken in a targeted fashion. This will be the responsibility of senior managers and Directors, with support from the Corporate Governance team, in particular the Risk Manager and Risk Adviser.
11 Looking forward
The key areas for further developing the risk management arrangements are:
1. To ensure the risk management arrangements comply with the relevant elements of the NHS Litigation Authority Level 2 Risk Management Standards for Acute Trusts at the next assessment due March 2014;
2. To ensure the risk management arrangements comply with the relevant elements of the NHS Litigation Authority Clinical Negligence Scheme for Trusts – Maternity Clinical Risk Management Standards Level 2 at the next assessment due October 2013;
3. To ensure the risk management arrangements comply with the relevant elements of the Care Quality Commission Regulations;
4. To identify and support Risk Leads for departments/services/teams to further embed risk management throughout the organisation;
5. To further support the Board in its role to define the risk appetite of the Trust and to identify and monitor strategic risks.
12 Monitoring compliance with and the effectiveness of the strategy
Compliance with and the effectiveness of this strategy is monitored as follows:
12.1 Corporate Risk Register
All risks are reviewed and validated by the Risk Team regardless of score and entered on to the Corporate Risk Register. All risks with scores of 10 and under are managed within Divisions and Directorate and a quarterly report of these risks is provided to the risk leads for reviewing and updating.
Corporate Governance Page 23 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
All risks with scores of 12 and above are subject to performance monitoring by the Risk Team.y For risks where the source is a Serious Incident Requiring Investigation or Significant Event Audit, these are entered onto the Corporate Risk Register and performance monitored by the Trust‘s Investigations Lead. For risks where the source is a Care Quality Commission, National Patient Safety Agency Alert (NPSA) and Central Alerting System (CAS) Risks these are entered onto the Corporate Risk Register and performance monitored by the Trust’s Compliance Manager. For risks where the source is a Claim against the Trust these are entered onto the Corporate Risk Register and performance monitored by the Trust’s Legal Claims Manager. Regular monthly reports are produced for the Risk Management Committee and exceptions reported by the Risk Manager. High level risks that have been opened in excess of a year are reviewed by the Risk Manager on an annual basis and a report provided to the Risk Management Committee. A summary report of all risks on the Corporate Risk Register is provided to the internal audit manager on a quarterly basis. A report on open high level (15+) risks is routinely provided to the Audit and Assurance and Clinical Governance Committees. High level risks that have been opened in excess of a year are reviewed by the Risk Manager on an annual basis and a report provided to the Risk Management Committee.
12.2 Principal Risk and Assurance Register and Action plan
The Principal Risk and Assurance Register is monitored by the Audit and Assurance Committee. Routine reports are presented to the Trust Board as part of the Board’s responsibility for monitoring and scrutinising the Assurance Framework.
12.3 Risk Management Committee
Minutes of the Risk Management Committee meetings are routinely provided to the Audit and Assurance and Clinical Governance Committees. Annual compliance reports of the Risk Management Committee are routinely provided to the Audit and Assurance and Clinical Governance Committees.
12.4 Audit and Assurance Committee
Minutes of the Audit and Assurance Committee are routinely provided to the Trust Board An annual report is provided to the Trust Board.
Corporate Governance Page 24 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
12.5 Quality Assurance Committee
Minutes of the Quality Assurance Committee are routinely provided to the Trust Board An annual report is provided to the Trust Board.
13 Equality impact assessment
The Trust aims to design and implement services, policies and measures that meet the diverse needs of our service, population and workforce, ensuring that none are placed at a disadvantage over others. An Equality Impact Assessment Screening has been undertaken and there are no adverse or positive impacts (Appendix B).
14 References
The Intelligent Board (2006) Dr Foster Intelligence The Integrated Governance Handbook (2006) Department of Health Governing the NHS, a guide for NHS Boards (2003) Department of Health The NHS Foundation Trust Code of Governance (2006) Monitor NHS Litigation Authority Risk Management Standards for Acute Trusts NHS Litigation Authority Clinical Negligence Scheme for Trusts – Maternity Clinical Risk Management Standards Care Quality Commission Essential Standards of Quality and Safety Board Briefing: Defining Risk Appetite and Managing Risk by Clinical Commissioning Groups and NHS Trusts, January 2012. Good Governance Institute.
15 Supporting policies and documentation
Risk Management Policy Risk Assessment Form Risk Scoring Matrix Patient Safety Improvement Strategy Health and Safety Policy Lone Workers Policy Incident Management Policy Managing Violence and Aggression policy Maternity Services Risk Management Strategy Maternity Services Operational Policy Serious Untoward Incident Policy
Corporate Governance Page 25 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Appendix A: Trust Strategic Objectives
STRATEGIC OBJECTIVES Aim – Keeping services local.
Vision – Our Trust will deliver safe and effective healthcare to the local population through a partnership with staff, patients, the public and other organisations.
Strategic Objectives -
High Quality Sustainable Integrated
We will be recognised for delivering care We will ensure access to a sustainable We will maximise the benefits derived from of the highest quality, measured in terms range of services that are delivered an integrated model of health and social of clinical effectiveness, patient safety locally through established partnerships, care that provides the right care at the and the patient experience. and clinical networks with other right time in the right place at the right organisations where necessary. level for the individual.
Flexible and multi-skilled Workforce Efficient and effective Local provider of choice
We will recruit and develop a flexible and We will efficiently and effectively run our We will be the local provider of choice; multi-skilled workforce fully engaged in services; generating surpluses to working in partnership with the public and turning our vision into a reality. reinvest in services to benefit our local commissioners to promote independence community and underpinning all we do and well being and meet the needs of our with systems and processes which community. deliver safe, high quality services.
Corporate Governance Page 26 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Appendix B: Equality Impact Assessment Screening
Equality Impact Assessment Screening Form Title Risk Management Strategy Author Dr Juliet Cross, Head of Corporate Governance Directorate Finance and Performance Team/Dept. Corporate Governance Document Class Document Status Version Issue Date Review Date Strategy Final 1 What are the aims of the document? This document sets out Northern Devon Healthcare NHS Trust’s system for the management of risk. It provides a robust framework to ensure a consistent approach across the whole organisation. 2 What are the objectives of the document? The purpose of this document is to ensure that the Trust meets nationally recognised best practice for the management of risk, including the NHS Litigation Authority’s Risk Management Standards for Acute Trusts, NHS Litigation Authority Clinical Negligence Scheme for Trusts - Maternity Standards and the Care Quality Commission Essential Standards of Quality and Safety. The Strategy applies across the whole organisation. 3 How will the document be implemented? The Strategy will be implemented through the routine and ongoing risk management arrangements supported by the Corporate Governance Team. 4 How will the effectiveness of the document be monitored?
The effectiveness of the Strategy will be monitored through the risk management reporting and assurance monitoring structure via:
Risk Management Committee Quality Assurance Committee Audit and Assurance Committee Trust Board 5 Who is the target audience of the document? Trust Staff 6 Is consultation required with stakeholders, e.g. Trust committees and equality groups? Yes 7 Which stakeholders have been consulted with? Corporate Governance team Members of the Audit & Assurance Committee Members of the Quality Assurance Committee Members of the Health & Safety Committee
Corporate Governance Page 27 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Members of the Risk Management Committee Information Governance Team Trust Board 8 Equality Impact Assessment Please complete the following table using a cross, i.e. X. Please refer to the document “A Practical Guide to Equality Impact Assessment”, Appendix 3, on Tarkanet for areas of possible impact. Where you think that the policy could have a positive impact on any of the equality group(s) like promoting equality and equal opportunities or improving relations within equality groups, cross the ‘Positive impact’ box. Where you think that the policy could have a negative impact on any of the equality group(s) i.e. it could disadvantage them, cross the ‘Negative impact’ box. Where you think that the policy has no impact on any of the equality group(s) listed below i.e. it has no effect currently on equality groups, cross the ‘No impact’ box.
Positive Negative Equality Group No Impact Comments Impact Impact Age X Disability X Gender X Gender X reassignment Human Rights X (rights to privacy, dignity, liberty and non degrading treatment) Marriage and X civil partnership Pregnancy, X Individual staff are risk assessed for maternity and their individual needs. breastfeeding Race / X Ethnic Origins Religion X or Belief Sexual X Orientation If you have identified a negative discriminatory impact of this procedural document, ensure you detail the action taken to avoid/reduce this impact in the Comments column. If you have identified a high negative impact, you will need to do a Full Equality Impact Assessment, please refer to the document “A Practical Guide to Equality Impact Assessments”, Appendix 3, on Tarkanet. For advice in respect of answering the above questions, please contact the Equality and Diversity Lead.
Corporate Governance Page 28 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
9 If there is no evidence that the document promotes equality, equal opportunities or improved relations, could it be adapted so that it does? If so, how? No.
Completed by
Name Annette Crew Designation Risk Manager Trust Northern Devon Healthcare NHS Trust incorporating community services in Exeter, East and Mid Devon. Date 30 January 2012
Corporate Governance Page 29 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Appendix C: Integrated Risk Management Committee structure flowchart
Trust Board Audit & Assurance Committee
Reporting Challenge Assurance Assurance Committee y ualit Q
Risk Management Committee
Corporate Governance Page 30 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Appendix D: Integrated Risk Management Committee structure
Trust Board
A S S U R Quality Asssurance Audit & Assurance Finance Committee A Committee Committee N C E Chief Executive
O P E R A Risk Management Executive Directors TI Committee Group O N A L Reporting line
Corporate Governance Page 31 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Appendix E: Integrated Risk Management Committee structure membership
Executive Risk Clinical Audit & Finance Directors Management Governance Assurance Trust Board Committee Group Committee Committee Committee Trust Board Chief Executive Member Chair Member Dir of Finance & Performance Member Member Joint Chair In Attendance Member Dir of Operations Member Member Member Dir of Nursing Member Member Joint Chair Chair Member Medical Director Member Member Member Chair Member Chair Non-Executive ATJ Member Joint Member Joint Member Member Non-Executive PG Member Member Member Non-Executive CS Member Joint Member Joint Member Member Non-Executive JR Chair Chair Member Non-Executive NL Member Member Member
Executive Directors (non-voting) Dir of Facilities Member Member Member Dir of Personnel & Workforce In Attendance Member Member Member
Managers Investigations Lead Member Member Head of Corporate Governance Member Joint Member In Attendance In Attendance Specialist Midwife Risk Co- Member Member ordinator Risk Manager Member Joint Member
Corporate Governance Page 32 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Appendix F: Compliance monitoring for NHSLA
Criterion: 1.1 Risk Management Strategy Criterion lead: Annette Crew, Risk Manager Criterion details The organisation has an As a minimum, the approved documentation must include a description of the: approved risk management a. organisational risk management structure detailing all those committees/sub-committees/groups which have some strategy that is implemented and responsibility for risk monitored. . b. process for board or high level committee review of the organisation-wide risk register c. process for the management of risk locally, which reflects the organisation-wide risk management strategy
d. duties of the key individual(s) for risk management activities
e. authority of all managers with regard to managing risk
f. process for monitoring compliance with all of the above.
Responsible Responsible individual/ group/ committee (plus timescales) for: Minimum Process for individual/ Frequency of requirement to monitoring group/ monitoring Development of action Monitoring of action plan be monitored e.g. audit Review of results committee plan & implementation
Process for the Routine Risk Monthly with Risk Management The Risk Lead will be The amended risk will be management reports on Management the exception Committee will review the requested to review and re presented to the Risk of risk locally, new and Committee of August and risk scores to ensure that amend the risk score Management Committee which reflects accepted risks December the risk is suitably and/or action plans. the following month. the are presented each year graded. to the Risk organisation- Risk Management
Corporate Governance Page 33 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2 Risk Management Strategy Northern Devon Healthcare NHS Trust Incorporating Community Services in Exeter, East and Mid Devon
Responsible Responsible individual/ group/ committee (plus timescales) for: Minimum Process for individual/ Frequency of requirement to monitoring group/ monitoring Development of action Monitoring of action plan be monitored e.g. audit Review of results committee plan & implementation wide risk Management Committee will review management Committee. action plans to ensure strategy they are suitable to Exception mitigate the risk. reports on risks 12+ and risks identified from Serious Incidents Requiring Investigation, Significant Event Audits, National Patient Safety Agency alerts and Care Quality Commission inspection reports are presented to the Risk Management Committee.
Annual Audit South Annual Risk Management Risk Manager Risk Management Internal Audit West Committee Committee inspection.
Corporate Governance Page 34 of 34 Annex 5.6 Board 28.02.12 - Risk Management Strategy Part 2