South Eastern Health & Social Care Trust

Risk Management Strategy 2011 – 2013

Policy Profile

Version: Version 1.0

Date: 30 September 2010

Review date: Annually (January)

Author: Irene Low, Assistant Director: Risk Management & Governance

Lead Director: Eamonn Molloy, Director of Human Resources & Corporate Affairs

Approval Profile

Corporate Control Committee: Via email consultation and 19 January 2011

Governance Assurance Committee:

Via email consultation and 16 March 2011

Trust Board: 30 March 2011

SET RM Strategy – Final (approved March 2011)

Foreword The South Eastern Health & Social Care Trust (the Trust) seeks to deliver high quality care in all aspects of its services to patients/clients, staff, visitors, and the local communities. Risks occur daily in most activities undertaken within the Trust. Failure to manage these risks can result in injury to patients/clients, staff or visitors, claims against the Trust and resources lost from patient care. It is therefore vital to implement a strategy to effectively manage risks, which will result in better quality of care. This is the second Risk Management Strategy developed by the Trust. This document helps us understand what might prevent us from achieving our objectives (the risk) and then working out our response. This means trying to reduce the chance of each risk happening, or reducing the consequences if it does occur. It is not about totally eliminating risk, as that is not always practical especially in a health and social care environment. We must then decide which risks are urgent and more likely to occur, and the importance of their consequences. We live in a constantly changing environment, with circumstances evolving both within and outside the Trust and our strategy will change to reflect that. This version of the strategy reflects current best practice across the National Health Service (NHS) and Health & Social Care (HSC) and the guidances in Departmental circulars and related areas such as risk management, controls assurance and clinical and social care governance. The Trust is fully committed to the effective management of risks in all areas. This strategy provides the tools to make our risk management systems robust and systematic. Please use it to help you understand and appreciate why your job is so important within your department and make the most of the opportunities it gives you for personal development and job fulfilment.

Hugh McCaughey Chief Executive March 2011

i

Executive Summary This is the second Risk Management Strategy of the South Eastern Health & Social Care Trust (the Trust) which is based on current Departmental direction, guidance and best practice. The purpose of this document is to set out the Trust‟s strategic direction for the management of all types of risk for the period 2011 to 2013. The document covers the following key areas:

Context for Corporate Governance and Risk Management;

The System for Risk Management;

Strategy Purpose, Aims, Objectives and Philosophy;

Management Arrangements and Committee Structure;

Performance Management Arrangements for Risk Management;

Related Policies and Procedures;

Arrangements for Education and Training;

Stakeholder Involvement; and

Risk Matrix (based on the AS/NZS standard 4360:2004). The strategy will be implemented by the production of a yearly programme of work developed by the Corporate Control Committee and endorsed by the Governance Assurance Committee. The Trust aims to take all reasonable steps in the management of risk to protect patients/clients, staff and its assets. A primary concern is the provision of safer, risk-reduced environments together with working policies and practices, which take into account assessed risks. The Trust is committed to taking those steps that are feasible to minimize the harmful effects of loss on the organisation – either loss of service quality to patients and clients, loss of a safe environment for patients, clients and staff, financial loss or loss of reputation. Risk Management is everybody‟s responsibility. Its practice must be embedded in the normal management processes and the structures of the organisation. In many respects this has been happening over the past number of years; the difference now required is that it must be more systematic, robust and evident. Embedding the revised processes and responsibilities within the organisation will be supported through a systematic education and training programme. The Corporate Control Committee will review this strategy annually and any recommendations for change will be submitted to the Trust Board for endorsement. A full review of the strategy will be undertaken during the third year of implementation of the strategy.

ii

Contents Page Number

Foreword

i

Executive Summary

ii

1.0 Introduction

1

2.0 Context for Corporate Governance and Risk Management

1

2.1 Background 1 2.2 Statement of Internal Control 1 2.3 Links between Corporate Governance and Risk

Management 1

2.4 Definitions of Common Governance Terminology 2 2.5 Core Controls Assurance Standards: Governance, Risk

Management and Financial Management

3

3.0 Risk Management – Introduction of a Common System for the Management of Risk

4

3.1 Background 4 3.2 Overview of the Risk Management Controls Assurance

Standard 4

3.3 What is Risk Management 5 3.4 Risk Registers 5 3.5 Risk Definition and Classification – Risk Matrix 6 3.6 Definition of Acceptable Risk 6 3.7 Risk Funding

7

4.0 Risk Management Strategy – Purpose, Aims, Objectives and Philosophy

7

4.1 Purpose of the Strategy 7 4.2 Aims and Objectives of the Strategy 8 4.3 Philosophy for Risk Management 9 4.4 Risk Management Strategy: Communication and

Implementation

10

5.0 Management Arrangements and Committee Structure for Risk Management

10

5.1 Roles and Responsibilities 10 5.2 Committee Structure for Risk Management 14 5.3 Risk Management Resources

15

6.0 Performance Review of Risk Management

16

6.1 Reports to Governance Assurance Committee 16 6.2 Performance Management Arrangements: Planning,

Accountability and Assurance 16

6.3 Controls Assurance Self Assessment 16 6.4 Linkages between the Governance, Corporate Control

and the Safety & Quality Committees 17

6.5 Audit – Internal & External 17 6.6 Key Performance Indicators 17 6.7 Linking Risk Management to Service Planning

18

7.0 Related Risk Management Policies and Procedures

18

8.0 Risk Management Education and Training

18

9.0 Stakeholder Involvement

19

10.0 Summary of the Risk Management Policy and Strategy

20

Bibliography

22

Glossary of Terms and Definitions

23

Appendices

25

1 Risk Management Process – AS/NZS standard 4360:2004 26 2 Risk Matrix 27 3 Risk Management Policy Statement 29 4 Governance Organisational Chart (incorporating risk

management) 32

5 Terms of Reference – Corporate Control Committee 34 6 Risk Management Organisational Management Structure 41

1.

1.0 Introduction

The purpose of this document is to set out the Trust‟s strategic direction for the management of all types of risk - clinical, non-clinical and organisational, for the period 2011 to 2013. It provides a framework for the continued development of risk management systems and processes building on already established risk management and governance structures within the Trust.

It takes account of the objectives and direction contained within the Corporate Plan 2009 – 2012, the Trust Delivery Plan, the Corporate Management Plan 2010, the Performance Management Framework and the extant Governance Strategy.

2.0 Context for Corporate Governance and Risk Management 2.1 Background

The need to ensure and demonstrate effective governance arrangements originated in the private sector, due to concern over a series of corporate failures where inadequate governance measures were considered to be a contributory factor. In response to this, the Cadbury Committee was established to examine and advise on some of these issues, in particular the apparently poor quality of financial reporting and the limited ability of auditors to provide the assurances and safeguards, which the users of company reports were entitled to expect. Broader private sector best governance practice was also developed through the Turnbull Committee report on Internal Control (November 1999) and with the July 2003 update to the Stock Exchange‟s Combined Code requirements for listed companies.

2.2 Statement on Internal Control

Since 2003/2004, Chief Executives of bodies sponsored by the Department of Health, Social Services and Public Safety (DHSSPS) have been required in their capacity as Accountable Officers to sign a full Statement on Internal Control. The Department‟s Accounting Officer uses these to inform his Statement on the Department as a whole. Thus all bodies sponsored by the DHSSPS need to provide assurances that they have effective systems of internal control. These systems need to identify risks relating to the achievement of objectives, including the duty of quality, and should be capable of evaluating the nature and extent of those risks and of managing them efficiently, effectively and economically.

The three core controls assurance standards – Risk Management, Governance and Financial Management, together with a number of other standards and processes (particularly in the clinical and social care and organisational areas), will be essential in enabling the organisation‟s objectives to be delivered successfully, including that of the duty of quality.

2.3 Links between Corporate Governance and Risk Management

Corporate governance and risk management have long played a major role in providing stakeholders with evidence that Health and Social Care (HSC) is meeting its needs in a resource efficient manner – as well as being willing and capable of avoiding foreseeable adverse occurrences, or at least of competently managing

2.

them. The corporate governance agenda largely met this expectation with service quality and financial controls at its heart. The corporate governance agenda has evolved to encompass three interrelated concepts:

Clinical and social care governance;

Organisational controls (including Risk Management); and

Financial Controls.

Figure 1 below illustrates the Framework for Corporate Governance. It shows the interrelated concepts of clinical and social care governance, organisational controls and financial controls that together comprise corporate governance in an HSC environment. The diagram also shows the focus of each of these elements and how assurances on their effectiveness are made public. Risk Management is the common theme linking all these processes.

Figure 1 - Framework for Corporate Governance

C&SC

GOVERNANCE

ORGANISATIONAL

CONTROLS

FINANCIAL

CONTROLSFinancial

Assurances

(Annual Accounts)

Organisational

Assurances

(Annual Report)

Financial

Resources

Clinical & Social

Care Assurances

(Clinical Governance

Report/Annual Report)

The

environment

of care

Clinical &

Social Care

Governance

Risk

Management

2.4 Definitions of Common Governance Terminology

Corporate governance is the system by which an organisation is directed and controlled, at its most senior levels, in order to achieve its objectives and meet the necessary standards of accountability, probity and openness. The Audit Commission has defined corporate governance in healthcare as „The systems and processes by which health bodies lead, direct and control their functions, in order to achieve organisational objectives, and by which they relate to their partners and the wider community’.

Financial controls are a cornerstone of corporate governance. Within HSC much emphasis has been placed on the need to identify and control financial risks. The notion of “accountable officers” was introduced sometime ago, along with the related concepts of conduct, accountability and openness in the management of HPSS services. The functions of Internal and External Audit, Standing Financial Instructions and Standing Orders, as well as formal annual reporting and Remuneration and Audit Committees, has proved a sound base for the management of financial risk.

3.

Clinical and social care governance is a key aspect of risk management for the Trust and a major determinant of organisational success through its controlling influence and potential for mitigating clinical and social care risks. It is defined as: “A framework through which HPSS organisations are accountable for continuously improving the quality of their services and safeguarding high standards of care by creating an environment in which excellence in clinical care will flourish” (A First Class Service, DOH 1998).

Integrated Governance is defined as: „Systems, processes and behaviours by which trusts lead, direct and control their functions in order to achieve organisational objectives, safety and quality of service and in which they relate to patients and carers, the wider community and partner organisations‟ (Integrated Governance Handbook, DOH, February 2006). Organisational controls - Controls Assurance is a holistic concept based on best governance practice. It is a process designed to provide evidence that the Trust is doing its reasonable best to manage itself so as to meet its objectives, protect patients, staff the public and other stakeholders against risks of all kinds. It is a fundamental process of governance, which will assist the Trust in identifying its risks, determining unacceptable levels of risk and deciding where best to direct our limited resources to eliminate or reduce those risks. There are 19 Controls Assurance Standards covering significant organisational and financial risk areas. Risk Management is the culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects (AS/NZS standard 4360:2004)

2.5 Core Controls Assurance Standards: Governance, Risk Management and

Financial Management

The Governance Standard is a high-level „overarching‟ core controls assurance standard and is supported by two additional core standards covering Financial Management and Risk Management. Compliance with the core standards is mandatory as they are central to the whole risk management and controls assurance agenda and form the foundations of best governance practice.

The Governance Controls Assurance standard is principally concerned with ensuring that all HSC bodies have the basic building blocks in place for good governance through development and implementation of a comprehensive system of internal control. The Risk Management Control is principally concerned with ensuring that all HSC bodies have the basic building blocks in place for managing risk through development and implementation of a comprehensive risk management system. The Financial Controls Assurance Standard is principally concerned with ensuring that organisations have robust financial management systems in place and an effective system of internal control over the use of its financial resources.

Together the three standards provide the basis for statutory reporting for the Statement of Internal Control as set out by the Department of Finance and Personnel in relevant circulars.

4.

3.0 Risk Management – Introduction of a Common System for the Management of Risk within HPSS organisations

3.1 Background

Circular HSS (PPM) 3/2002, issued on 21 June 2002, announced that the Department had decided to adopt a common risk management model for itself and all of its associated bodies. The Department chose the internationally recognised Standard, AS/NZS 4360:1999 (subsequently issued under cover of Circular HSS (PPM) 6/2002). In June 2005, the Department updated its licence agreement with Standards Australia and a CD copy of the new AS/NZS 4360: 2004 Standard was issued to all HPSS bodies under cover of circular HSS (PPM) 4/2005. Whilst the substance of the Standard remains unchanged, some updating has taken place to reflect lessons learnt from the application of the 2003 version and these have been included in this strategy.

3.2 Overview of the Risk Management Controls Assurance Standard

This standard is principally concerned with ensuring that all HSC bodies have the basic building blocks in place for managing risk through development and implementation of a comprehensive risk management system. This standard, together with the Governance and Financial Management Standards, provides the basis for statutory reporting for the Statement on Internal Control. Risk management should be recognised within an organisation as an integral part of good practice and should be part of the organisation‟s culture. It should be integrated into its philosophy, practices and business plans, and not be viewed or practiced as a separate programme. When this is achieved, risk management becomes the business of everyone in the organisation.

The design of a risk management system will be influenced by and tailored to the existing structure of the HSC body, the services provided and the processes and specific practices followed. A specific risk management approach applicable to all organisations is, therefore, unlikely to be serviceable. However, common principles can be identified and used to form the basis for the Standard. These in large part originate from the Australia/New Zealand Standard on risk management, which defines a set of generic principles for establishing a risk management system in any organisation. The Standard has been licensed for the HSC and the full Standard has been made available to all HSC bodies, which are encouraged to make good use of the information and guidance contained in AS/NZS 4360:2004. The Trust has fully adopted the methodology of this standard as outlined in figure 2 below. Each section is further explained in detail in Appendix 1.

5.

Figure 2 – Risk Management Overview 3.3 What is Risk Management?

Risk Management is recognised as an integral part of good management practice. It is an iterative process consisting of steps, which, when undertaken in sequence, enable continual improvement in decision-making. Good risk management awareness and practice at all levels is a critical success factor for the Trust. Risk is inherent in all that we do. There is no area of the organisation where zero risk exists. For the purpose of this strategy, risk management is defined as:

“The culture, processes and structures that are directed towards the effective management of potential

opportunities and adverse effects” (ASNZS 4360: 2004).

The Risk Management process is defined as “the systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analysing, evaluation, treating monitoring and communicating risks” associated with any activity, function or process in a way that will enable organisations to minimise losses and maximise opportunities.

3.4 Risk Registers

In order to develop and be aware of its risk profile and to identify the key areas for investment in risk reduction/management, the Trust has developed a framework for risk registers. This comprises both Corporate and Directorate risks. The risk registers will enable the Trust to identify the totality of its risk and quantify those that are deemed as acceptable or present significant risks that may affect the objectives of the Trust. A Risk Register is a log of significant risks (clinical, non-clinical, financial etc) that threaten the Trust‟s success in achieving its aims and objectives. It is populated through the various risk assessments undertaken within the organisation, together with external reviews and reports. This enables risk to be quantified and ranked to inform the Trust Board and aid decision-making and resource allocation processes.

Establish the context

Treat risks

Com

munic

ate

and c

onsult

Risk Register

Analyse risks

Identify risks

Assess risks

Evaluate risks

Mo

nitor

and r

evie

w

6.

The Risk Management & Governance Directorate will provide advice and assistance on how to develop both Corporate and Directorate risk registers. Each Directorate is responsible for maintaining and updating its own individual registers on a regular basis. These in turn will inform and populate the overarching Corporate Risk Register.

The Corporate Risk Register will act as a Trust-wide risk profile and will be monitored on behalf of the Trust Board by the Governance Assurance Committee. The Corporate Control Committee will act as a filter for risk issues from Directorate risk registers for entry onto the Corporate Risk Register. The Assistant Director: Risk Management & Governance is the nominated Assistant Director responsible for the co-ordination and management of the Corporate Risk Register.

3.5 Risk Definition and Classification – Risk Matrix

The Australian Standard defines risk as “the chance of something happening that will have an impact on objectives.” Therefore there needs to be a consistent and measurable method of quantifying risk, the results of which can be processed to define the levels of acceptable risk to an organisation. The Trust‟s risk matrix (Appendix 2) is based on Australia/New Zealand standard. This has been modified as appropriate to meet the needs of the Trust. In addition, the Trust has also produced a grading table to help it determine the level of acceptable risk. This is further explained in paragraph 3.6 below.

Use of the matrix enables a list of prioritised risks to be developed with an indication of the action that may be required. It provides a mechanism for the most significant risk issues to be considered by the Corporate Control Committee and/or Governance Assurance Committee.

3.6 Definition of Acceptable Risk

The Trust recognises that it is impossible and not always desirable, to eliminate all risks and that systems of control should not be so rigid that they stifle innovation and imaginative use of limited resources in order to achieve health benefits for our patients and clients. Acceptable risk is defined using the following principles:

Tolerability does not mean acceptability. It refers to a willingness to live with the risk so far as to secure certain benefits and in the confidence that it is being properly controlled. To tolerate risk does not mean to disregard it but rather that we review it and aim to reduce it further;

No person should be exposed to serious risk unless they agree to accept the risk; and

It is reasonable to accept a risk that under normal circumstances would be unacceptable if the risk of all other alternatives, including doing nothing, is even greater.

Risks can be split between those which are acceptable and those, which are not acceptable. If a risk is deemed unacceptable, action should be planned to reduce it to an acceptable level. This should then be entered on the appropriate risk register together with a detailed action plan. The acceptance of a risk should

7.

represent an informed decision to accept the consequences and likelihood of that risk.

An acceptable risk is one, which has been accepted after proper evaluation and is one where appropriate controls have been implemented. All risks (including those for new work activities), whether resulting from accidents, incidents, adverse events, hazard reports or any form of risk assessment must be graded in accordance with the Trust‟s Risk Matrix and entered on the appropriate risk register/s. The level of decisions on acceptability and actions required are based on the quantification of risk and are listed in Table 1 below (extracted from the Risk Matrix).

Table 1 – Decisions on level of acceptability

Level of risk Action related to the adequacy of controls (Level of management decision on acceptability)

Green Low risk Manage by routine procedures

Yellow Moderate risk Management responsibility specified

Orange High risk Senior management attention required

Red Extreme risk Immediate action required

Significant risks are defined as those which could severely impact upon the organisation and threaten organisational and services objectives or could have a large financial impact upon the Trust, impact on patient safety or could generate press interest and adverse publicity for the Trust. The Trust Board will, therefore, be continuously informed of significant risks to the Trust via a range of methods for example, reports on the Board Assurance/Corporate Risk Register, reports from the Governance Assurance Committee and other management reports.

3.7 Risk Funding

Risk Management is an integral part of the Trust‟s business. The Risk Management & Governance Directorate will undertake a work programme consistent with the level of funding available. Likewise, operational Directorates will also develop their own programmes commensurate with available funding.

4.0 Risk Management Strategy 4.1 Purpose of the strategy

The purpose of this strategy is to set out the Trust‟s strategic direction for the management of all types of risk (clinical, non-clinical and organisational) for the period September 2011 – September 2013. It provides a framework for the development of the risk management system throughout the organisation, building on its recently reviewed Governance structures. The Trust‟s commitment to risk management is outlined in its policy statement at Appendix 3.

8.

4.2 Aims and objectives of the strategy

The Trust will take all reasonable steps in the management of risk to protect patients/clients, staff and assets. A primary concern is the provision of safer, risk-reduced environments together with working policies and practices, which take into account assessed risks. The Trust is committed to taking those steps that are feasible to minimize the harmful effects of loss on the organisation – either loss of service quality, loss of a safe environment for patients, clients and staff, financial loss or loss of reputation.

The Trust aims to:-

Have clear management structures, accountability and responsibility levels throughout the organisation leading to the Trust Board;

Ensure that staff have the knowledge, skills and support to implement the policies and procedures associated with this strategy;

Integrate the activities of individuals responsible for different aspects of risk management to ensure no gaps or overlaps in control;

Agree and implement risk management objectives for the organisation via an annual programme of work/action plan (that support and deliver the out workings of this strategy);

Take cognisance of best practice, research and shared learning in respect of risk management activities;

Promote a risk management culture that enables learning from adverse events and the taking of careful decisions on risk which will increase the quality of care/quality of life for the Trust‟s patients/clients;

Introduce appropriate auditing and monitoring processes to ensure that risk management standards are implemented and risk reduced to the lowest reasonably practical levels;

Demonstrate compliance with relevant laws and legislation and compliance with the risk management standards set out in the Controls Assurance and other quality improvement programmes adopted by the Trust;

Ensure all trust employees are aware of risk management and the importance of managing risk;

Work in partnership with statutory and staff side safety representatives to promote a partnership approached to the management of risk.

Risk management should be viewed as an integral part of day-to-day management practices and culture and it will utilise a single risk matrix to the identification, assessment and management of all types of risk. In March each year, the Corporate Control Committee will develop and agree objectives (via its annual action plan) to support the delivery of this strategy for endorsement by the Governance Assurance Committee. The Trust Board will review the strategy on an

9.

annual basis, so that it can assure itself that risk management processes within the organisation remain appropriate and effective. This strategy is a key part of the Trust‟s approach to governance, which underpins the ability of the Trust to deliver its goals, corporate strategies and annual plans.

4.3 Philosophy for Risk Management

Risk Management must be an explicit process in every activity within the Trust, from conceptual business planning to the delivery of operational services. The Trust is required to manage its risks in such a way that people are not harmed and losses are minimised to the lowest acceptable level.

The management of risk is everyone‟s responsibility. Good risk management underpins quality care, through direct clinical care or indirectly from support services. No area of life is without risk. In every activity that occurs in the workplace there is a level of risk, but at work employers are required by law to eliminate the risk where possible. If this is not possible then as far as reasonably practicable the risk should be reduced by the use of control measures. This applies equally to tasks such as mopping the floor or caring for patients. The level of risk varies but the requirements to manage the risks remain the same.

This Risk Management Strategy is based upon the following principles:

A culture where risk management is considered an essential and positive element of the provision of health/social care;

Risk management is both a collective and an individual responsibility;

The identification of risk is considered in all areas of the Trust‟s work from strategic planning to operational delivery;

The success of the Risk Management Programme is dependent upon the defined and demonstrated support and leadership offered by the Trust Board and, in particular, the Chief Executive and the Director with designated responsibility for risk management;

The identification and management of risks requires the active involvement of staff at all levels throughout the Trust. Staff operating within a service are best placed to understand the risks and to manage change; this will be achieved through well structured communication and support systems;

The promotion of an open objective culture where mistakes can be reported in a fear free culture, which supports them and enables them to learn from the experience. For this to occur there must be commitment and open support by management at all levels;

Risk control solutions must be directed at causes rather than symptoms to reduce the number, severity and cost of incidents and claims. Most incidents are not the fault of individuals but the systems that they operate within;

10.

The risk management programme must be sufficiently flexible to allow continuous improvement in order to adapt to the broadening and expanding clinical and operational environment.

4.4 Risk Management Strategy: Communication and Implementation 4.4.1 Communicating the strategy

This strategy will be made widely available, both internally and to external stakeholders, via a range of communication modes including:

The Trust‟s intranet and internet site;

Direct distribution to stakeholders, where appropriate;

A summary leaflet to all staff;

Staff Communication briefings;

Team Briefings;

Cascaded through the Directorate communication structures.

It is the responsibility of individual Managers and Heads of Departments to ensure that the strategy is effectively communicated to their staff.

4.4.2 Implementation of the strategy

The Trust‟s structure for Corporate Control is a top-down bottom-up approach. The strategy is set by the Corporate Control Committee and endorsed by the Governance Assurance Committee and Trust Board. Day to day implementation of the strategy and associated activities is directed by the Assistant Director: Risk Management & Governance and delivered at local Directorate level by managers and staff.

To support the implementation of this strategy, the Corporate Control Committee will produce an annual programme of work/action plan and objectives for endorsement by the Governance Assurance Committee. This will include the key work initiatives required to maintain and develop the risk management system and processes.

5.0 Management Arrangements and Committee Structure for Risk Management 5.1 Roles and Responsibilities

The following section summarises the roles and responsibilities of the Trust Board, Chief Executive, Non-Executive Directors, Directors, managers, clinicians and staff in relation to delivering the Risk Management agenda:

5.1.1 Trust Board: The Trust Board is responsible for reviewing the effectiveness of internal controls – financial, risk management (including organisational) and clinical and social care. They are required to produce statements of assurance that it is doing its “reasonable best” to ensure the Trust meets its objectives and protect patients, staff, the public and other stakeholders against risks of all kinds. To inform the annual Statement of Internal Control (SIC) made by the Chief Executive in the annual accounts, the Board need to be able to demonstrate:

11.

That they have been informed through assurances about all risks not just financial;

That they have arrived at their conclusions on the totality of risk based on all the evidence presented to them.

Whilst it is recognised that all members of staff within the Trust are responsible for the identification and management of risk (appropriate to their own role) responsibility for the effectiveness of organisational systems rest unequivocally with the Board.

The Trust Board is also responsible for ensuring that appropriate risk management and governance structures and arrangements are in place within the organisation and for receiving assurances from the Chief Executive and/or the Director of Human Resources and Corporate Affairs (lead Director for Governance) that these are operating satisfactorily.

5.1.2 Chief Executive: Overall accountability and responsibility for risk management

and governance ultimately rests with the Chief Executive. He is the Executive Director designated accountable for the implementation of risk management and controls assurance. He has delegated responsibility for risk management on a management level to the Director of Human Resources and Corporate Affairs (non-clinical risk management activities) and the Medical Director (clinical risk management activities).

5.1.3 Non-Executive Directors: Two Non-Executive Directors will be members of the Corporate Control Committee. They will be responsible for providing the Chairman and the Trust Board with an assurance of the effectiveness of the Trust‟s risk management arrangements. As members of the committee they will assure themselves and the Trust Board that the committee and its related sub committees are addressing key risk management issues within the organisation and that key issues or concerns and best practice are being brought to the attention of the Trust Board.

5.1.4 Director of Human Resources and Corporate Affairs (Lead Director for

Governance): The Director of Human Resources and Corporate Affairs is the lead Director for Governance. He is managerially responsible for the Assistant Director: Risk Management & Governance. He is primarily responsible for ensuring that a comprehensive organisation-wide system of risk management is introduced at all levels within the organisation. He will work closely with all Directors in relation to this activity but, in particular, the Medical Director in respect of clinical risk management activities. He will be consulted on the strategic direction of all such activities.

5.1.5 Medical Director (Lead Director/Clinician responsible for Clinical Governance

and Clinical Risk Management): The Medical Director is accountable to the Chief Executive for the overall strategic management and delivery of the Trust‟s clinical and social care governance programme. He is responsible for ensuring that effective processes and reporting mechanisms are in place in order to promote safe and effective care. He is also responsible for setting the direction of clinical risk management within the organisation. He will work closely with, and consult, the

12.

Director of Human Resources and Corporate Affairs and the Assistant Director: Risk Management & Governance on this matter.

5.1.6 Other Executive Directors and Directors: Each Director is accountable for the management of risks within their own areas of specific responsibility. They are responsible for ensuring that appropriate systems are embedded to ensure effective risk management arrangements across all services for which they are responsible. These systems should be in line with the strategic and operational arrangements detailed within this strategy and should integrate with existing management and professional arrangements and processes.

5.1.7 Professional Leads: Directors with accountability for professional agendas ie, nursing, social work and medical staff are responsible for ensuring effective risk management and governance arrangements across the Trust in respect of their professional group. These Director level professional leads have a network of professionals who ensure that professional standards of care and practice are maintained across Directorates and Specialities.

5.1.8 Assistant Director: Risk Management & Governance: The Assistant Director: Risk Management & Governance is accountable to and reports to the Director of Human Resources and Corporate Affairs and is the nominated operational Assistant Director for the delivery of the strategic and operational management agenda for risk management, incorporating both clinical and non-clinical risks.

5.1.9 Clinical Risk Director: The Clinical Risk Director is accountable, and reports to,

the Medical Director in respect of all clinical risk management activities. He/she works closely with the Assistant Director: Risk Management & Governance on the day-to-day delivery of this agenda.

5.1.10 Assistant Directors/Clinical Directors: In conjunction with relevant Director, Assistant Directors/Clinical Directors are responsible for ensuring that an effective governance framework and systems, including risk management, are put in place in their area of responsibility. This should reflect the strategic risk management and governance arrangements within the Trust to ensure the delivery of safe and effective care to patients/clients to which they provide a service.

5.1.11 Senior Managers: All levels of management are responsible for understanding,

implementing and embedding the risk management strategy and processes. They have operational responsibility for the management of risk within their specific area. They will:

Apply the Risk Management Strategy and any associated policies and procedures within their respective departments and ensure that day-to-day risk management standards are maintained;

Ensure that all staff that report to them are given sufficient information, instruction, training and adequate supervision with respect to risk management in their relevant sphere of work;

Actively implement any risk management policies and initiatives disseminated by the Corporate Control Committee and its sub committees;

Prepare Directorate Risk Registers and local risk management policies and procedures, as required;

13.

Maintain local strategies that reflect the individual risk profile of their Directorate;

Facilitate attendance of staff at risk management and training and education programmes organised by the Trust and facilitate and or organise departmental specific risk management training, as required.

5.1.12 Ward, Department and Facility Manager: Ward/departmental and facility

managers have responsibility for the specific elements of Risk Management within the ward/department/facility for which they are responsible.

5.1.13 Individual Staff Members: Each member of staff is responsible for providing each

patient/client with the highest possible quality of care/services and for taking all appropriate actions to promote patient and staff safety by minimising risk. There is an onus on each staff member to highlight any issues of concern, which he/she may have in relation to patient/client care and safety. This should be via the existing professional and/or managerial lines of accountability. Where individual staff members continue to have specific concerns which impact on the delivery of safe and effective care, they have a duty to highlight this in accordance with the Trust‟s Whistle Blowing Policy. All members of staff should:-

Demonstrate an awareness of risk and its consequences at all times;

Consider the risks involved in what they do and to minimise those risks, where possible, to an agreed and acceptable level;

Practice in accordance with their professional codes of conduct;

Comply with the Risk Management Strategy and associated policies and procedures for eg, Incident Reporting, Consent etc;

Notify line managers/supervisors of any hazard or risk identified in their particular work areas which cannot be managed and requires attention;

Actively participate in the Trust‟s risk management training and education programmes;

Accept personal responsibility for maintaining a safe working environment; and

Comply with Trust policies and procedures relevant to their area of work.

5.1.14 Chairpersons of Corporate Control Sub Committees: The Chairpersons of sub committees will:

Chair their respective committees;

Prepare and update on an annual basis the terms of reference for their respective committee;

Prepare and submit annual action plans to the Corporate Control Committee for endorsement;

Attend the Corporate Control Committee meeting as and when required;

Ensure that minutes of each sub committee meeting are prepared and circulated as required. Copies of minutes of sub committees meetings should be made available to the Assistant Director: Risk Management & Governance for the attention of the Corporate Control Committee;

Submit quarterly reports to the Corporate Control Committee in line with the agreed reporting schedule.

14.

5.1.15 Contractors and Agency Staff: It is essential that Contractors and agency staff

are advised of their responsibilities to work safely within the Trust and acknowledge that the management of risk is an individual as well as a collective responsibility. They should be informed of the reporting mechanisms in the local area they are working in for reporting any hazards, risks and incidents whether they impact upon the contractor, agency staff, patient, client, staff or visitor. All service level agreements and contracts will include a section on risk management for eg, the need to ensure that staff provided have appropriate risk management training etc.

5.2 Committee Structure for Risk Management

A structure for the co-ordination and development of governance was presented to and ratified by the Trust Board in March 2010. This structure (Appendix 4) identifies an overarching committee, which is responsible for agreeing the strategic direction in relation to governance and for co-ordinating the various building blocks, which comprise the governance agenda. The main strands within the structure are risk management (including controls assurance), safe and effective care, financial governance and operational performance and service improvement processes. These strands are linked to a framework of sub-committees.

5.2.1 Corporate Control Committee and Associated Sub-Committees

A Corporate Control Committee was established with effect from 1 April 2010. The role of the Committee is to be the overarching strategic committee responsible to the Governance Assurance Committee on all matters pertaining to integrated governance issues, ie, Financial and Risk Management (including Organisational Controls). Clinical and Social Care Governance remains within the responsibility of the Safety & Quality Committee. It will support the governance and risk management accountability arrangements within the organisation and ensure that all significant risks are properly considered and communicated to the Governance Assurance Committee and/or the Trust Board, as appropriate. It meets on a quarterly basis. It oversees the work of all specialist risk management committees, the chairpersons of which report direct to the committee.

The committee is a sub-committee of the Governance Assurance Committee and comprises representation from Executive Directors, Directors, and appropriate managerial and professional representation. Two Non-Executive Directors are also members of the committee. The Chief Executive chairs the Committee. A copy of its Terms of Reference is included at Appendix 5. It has a range of sub committees (both clinical and non-clinical) that assist it with the management of risk within the Trust (these are listed in Appendix 4).

5.2.2 Corporate Control Committee Communication Process with Sub Committees

There is a clear communication process, with the various sub-committees reporting to the Corporate Control Committee. The chairperson of each committee is responsible for the management of his/her sub committee. They will be required to develop an annual action plan and to submit a quarterly report to the Corporate Control Committee. This will detail progress achieved to date. A pro forma has

15.

also been developed to allow sub committee chairpersons to escalate any issues of concern, significant risk issues or issues requiring attention to the Corporate Control Committee. Each Chairperson can attend the Corporate Control Committee on request should they require to do so.

Minutes of each sub committee will be copied to the Corporate Control Committee (via the Assistant Director: Risk Management & Governance). There will be a standing agenda item on the Corporate Control Committee agenda addressing the work of sub committees.

5.2.3 Corporate Control Committee Communication process to Governance

Assurance Committee and Trust Board

The chair of the Corporate Control Committee produces a quarterly report on Risk Management for discussion at the Governance Assurance Committee. This includes details about the work of the Committee and also any significant risk issues that the Committee needs to be made aware of (including any issues raised by Corporate Control Committee sub committees). The Governance Assurance Committee subsequently reports to the Trust Board on a quarterly basis.

5.3 Risk Management Resources

The Trust has a dedicated Risk Management & Governance Directorate. The primary function of the department is to provide a central support service to managers and staff in co-ordinating, facilitating and developing appropriate responses to risk. The following staff are available to provide specialist risk management advice.

Director of Human Resources & Corporate Affairs (lead Director for Governance)

Assistant Director: Risk Management & Governance

Clinical Risk Director

Corporate Governance and Risk Manager

Clinical Risk Adviser/s

Litigation Services Manager

Health & Safety Adviser/s

Emergency Planning & Information Governance Manager

Information & Governance Officer

Complaints/Patient Liaison Manager

A copy of the organisational management chart for Risk Management & Governance is included at Appendix 6. In addition to the resources located within the Risk Management & Governance Department there are also a number of specialist risk advisers within the Trust such as Decontamination, Estates, Fire, Infection Control, Manual Handling, Medicines Governance, Occupational Health, Resuscitation and Security. Contact details for these services can be found on the Intranet.

16.

6.0 Performance Review of Risk Management

There are two levels at which to review the performance management of risk. The first is to implement either national or local validated standards for risk management and audit implementation of compliance, for example, Controls Assurance Standards, EFQM, HQS and other quality improvement programmes. The second is to identify key performance indicators, which will trigger a review if the indicators indicate a gap or lack of progress. These standards and the key performance indicators are the tools the Trust will use in the first instance to review risk management performance and are described below.

6.1 Reports to Governance Assurance Committee

The Governance Assurance Committee will receive routine reports which detail the management of risk and resources on a regular basis based on an agreed reporting schedule of reports throughout each year. Examples include regular financial reports, complaints, incident and litigation reports and minutes of committee meetings. Increasingly, these reports will become integrated with progress reports on achievement of objectives etc as the new Trust evolves and reporting mechanisms are streamlined.

The Corporate Control Committee has responsibility for overseeing the implementation of this strategy and taking all actions associated with risk management. This committee will ensure that progress is monitored regularly and that quarterly reports are submitted to the Governance Assurance Committee and/or Trust Board, as appropriate. This will include production of an annual report, which will demonstrate the continuing effectiveness of the risk management system.

6.2 Performance Management Arrangements: Planning, Accountability and Assurance The Trust has introduced an annual operating cycle which incorporates an integrated reporting system for Performance Management issues, including Priorities for Action, Trust Delivery Plan objectives, Corporate and Directorate Plans. This system requires the production of a Corporate Score Card (supported by Directorate Scorecards) and includes objectives for risk management and governance. The Planning and Performance Management Directorate will review implementation of the objectives on a regular basis. The Corporate Management Plan also includes a section on Governance (including Risk Management objectives).

6.3 Controls Assurance Self Assessment

As part of the controls assurance programme, the Trust is required to conduct a yearly baseline self-assessment of compliance with the controls assurance standards. Each standard has an allocated level of compliance – non, minimal, moderate, substantive and full. The risk management standard must achieve substantive compliance (70-99%) on a yearly basis. The Trust‟s internal auditors ratify independent verification of the score.

17.

A Controls Assurance Project Team chaired by the Director of Human Resources & Corporate Affairs has been established and meets on a regular basis to ensure compliance with the progress of work. Action plans have been developed for each standard to ensure all areas of non compliance are addressed. Key performance indicators (KPIs), based on the content of the standards, have been developed. These KPIs will be monitored by the respective sub committees and reported to the Corporate Control Committee on a regular basis.

6.4 Linkages between the Governance, Corporate Control and the Safety &

Quality Committees

The Governance Assurance Committee is accountable to the Trust Board, and provides strategic direction in relation to governance and integrates the three strands, which comprise the Trust‟s integrated governance model. Its two main sub committees – Corporate Control and Safety & Quality lead the strategic and operational agendas in relation to risk management (clinical and non-clinical) and the delivery of safe and effective care.

6.5 Audits – Internal & External

The Trust‟s Internal Auditors are required to conduct an annual review of the Trust‟s internal control systems and report their findings to the Audit Committee/ Governance Assurance Committee and ultimately the Trust Board. A yearly schedule of audits will be established at the outset of each year. The three core controls assurance standards – Governance, Risk Management and Financial must be included. After each audit an action plan will be prepared and presented to the Corporate Control Committee and/or Audit Committee, for approval. The Trust‟s nominated external auditors also undertake external audits as part of the financial audit schedule.

6.6 Key Performance Indicators

The under noted list describes a variety of other methods by which the Trust can also measure its performance on Risk Management. This is not an exhaustive list:

Identification of Key Performance Indicators across all categories of risks;

Quarterly reports to Corporate Control Committee by lead Directors on Controls Assurance standards;

Risk Assessments;

Outcome of reports from audits and inspections to include external assessments such as RQIA, HSE, HQS etc;

Number of claims made, amounts paid in damages;

Number of complaints made;

Number of complaints that proceed to Independent Review and or the Ombudsman;

Number of serious incident reviews, numbers of SAI reports made to the DHSSPS;

Annual Controls Assurance Report;

Controls Assurance KPI report;

Number of staff trained in risk management

Implementation of recommendations from internal and external reports.

18.

Further key performance indicators will require to be developed over time following implementation and review of this strategy.

6.7 Linking Risk Management to Service Planning

In making its plans and setting financial priorities the Trust will take account of risks as set out in its Corporate and Directorate Risk Registers. A bid for funding that demonstrates that a high priority risk on the register will be mitigated if approved will be given preference over a bid that cannot demonstrate such a linkage. The Trust will therefore direct funding to reduce risk as far as it is able to do so.

7.0 Related Risk Management Policies and Procedures

The Trust has a range of extant risk management related policies and procedures in operation within the Trust and these are available to all staff via the intranet. One of the most important policies relates to incident reporting. In this regard the Trust views near miss and incident reporting as the cornerstone of an effective risk management system. Trust staff are encouraged to undertake individual reporting of near misses, errors or mistakes, and to look critically at their own actions/omissions and those of their teams, to ensure we can provide good quality services for our patients/clients, staff and visitors. Incident reporting is seen as a mechanism for quality improvement and is a key component of clinical and social care governance. The Trust promotes an open, just, honest and participative culture in which errors or service failures can be admitted, reported and discussed without fear of reprisal. This will enable lessons to be identified and allow active learning to take place and the necessary changes put into our policies, procedures and practices.

8.0 Risk Management Education and Training

The Trust recognises that the provision of appropriate training and education is central to the implementation, maintenance and development of its Risk Management strategy. An on-going training and education programme will be developed to ensure that Board members, Directors, Assistant Directors, Senior, middle and first line managers, professional and other staff obtain training and education to the required levels and standards appropriate to their role within the Trust. All employees, including members of the Board, Clinicians, Managers, Bank, Locum, Agency Staff and Volunteers should receive appropriate risk management training. Training will include:

An introduction to risk management as part of the Trust‟s induction for all employees;

Training for new managers in line with identified needs in relation to their responsibilities for risk management;

Training for anyone with responsibility for undertaking any aspect of risk management such as risk identification, assessment and management, incident reporting, complaints or claims management, responsibility for controls assurance standards, use of computerised risk management systems and root cause analysis;

19.

Specialist training where particular risks exist (eg, consent, moving and handling, basic life support etc).

The Risk Management & Governance Directorate will co-ordinate, design and/or deliver training for all relevant staff in respect of risk management to enable them to carry out their duties and responsibilities for risk management. Risk Management will be part of the corporate and local induction programmes for all staff. Through routine appraisal of all staff, training needs will be identified and personal development plans defined.

9.0 Stakeholder involvement

It is good practice to involve key stakeholders, as appropriate, in all areas of the Trust activities and this includes consulting on relevant significant high-risk areas/activities. The Trust has a wide range of communication and consultation mechanisms in existence with relevant stakeholders, both internal and external (see list below). Raising general public awareness of the Trust‟s Risk Management Policy and Strategy will be achieved by appropriate means.

List of stakeholders (this is not an exhaustive list) Internal

All staff

Internal Auditors

Patient/Client User Forums

Risk Management Specialists for eg, risk and governance, fire, health & safety, back care, infection control, NIAIC Liaison Officer, security, health records, clinical risk and estates

Corporate Control Committee

Corporate Control Sub Committees (clinical and non-clinical)

Safety & Quality Committee and associated sub committees

Governance Assurance Committee

Executive Management Team

Trust Board External

Department of Health, Social Services and Public Safety

Health & Social Care Board

External Auditors

General Practitioners

General Public

Health & Personal Social Services Trusts

Health & Safety Executive for Northern Ireland

Health Estates Agency

HM Coroner

Legal Advisers

Media

Members of the Local Assembly (MLAs)

Mental Health Commission

20.

Patients and clients

Police Service for Northern Ireland

Politicians

Regulation and Quality Improvement Authority

Social Services Inspectorate

Patients and the Public

Feedback on risk issues will be encouraged through the User Consultation strategy and other relevant bodies. All managers and employees must understand the potential value of risk reporting from patients and or members of the public, and adopt a welcome attitude to comments and complaints. The Trust adopts a positive approach to the official complaints process with strict and thorough follow up of any potential risks identified. Information in the public domain (eg, website, newsletter, annual reports etc) should contain clear points of contact and stress the importance of public feedback.

10.0 Summary of the Risk Management Policy and Strategy

This risk management strategy is a working document that charts the future direction that the Trust will follow based on Departmental direction, guidance and best practice. It is a living document in that it exists within an environment of corporate change and development and, as such, it too will evolve and mature. The document reflects the Trust‟s approach to risk management as it stands at September 2010 and its vision for the next three years.

The Corporate Control Committee will review this strategy annually and any recommendations for change submitted to the Governance Assurance Committee and ultimately the Trust Board for endorsement. A full review of the strategy will be undertaken during the third year of implementation.

EQUALITY STATEMENT This policy has been drawn up and reviewed in the light of Section 75 of the Northern Ireland Act (1998) which requires the Trust to have due regard to the need to promote Equality of Opportunity. In line with the duty of equality this policy has been screened against particular criteria and as a result no major issues requiring further impact assessment have been identified. This policy has also been considered and prepared with regard to the Trust’s obligation under the Human Rights Act 1998. The Trust is satisfied that the policy complies with its obligations under the Act. If at any stage of the life of the policy there are any issues within the policy which are perceived by any party as conflicting with his/her rights, that party should bring these to the attention of the Director of Human Resources or raise a complaint through the published complaints procedure.

21.

_________________________________ Date: 31 March 2011 Hugh McCaughey Chief Executive ___________________________________ Date: 31 March 2011 Eamonn Molloy Director of Human Resources & Corporate Affairs (Lead Director for Governance)

22.

Bibliography An exemplar risk management strategy – NHS Estates Circular HSS (PPM) 13/2002 – Governance in the HPSS – Risk Management Circular HSS (PPM) 3/2002 – Corporate Governance: Statement of Internal Control Circular HSS (PPM) 5/2003 - Governance in the HPSS – Risk Management Circular HSS (PPM) 8/2004 – Governance in the HPSS: Controls Assurance standards – update Clinical Governance: in the new NHS – HSC 1999/065 Establishing an Assurance Framework – March 2009 Governance in the New NHS - Controls Assurance Statements 1999/2000: Risk Management and Organisational Controls Health Quality Service Accreditation Standards HSC Controls Assurance Standards – Governance and Risk Management HM Treasury Orange Book Integrated Governance Handbook, DOH, February 2006 Risk Management in the NHS – NHS Management Executive - December 1993 Risk Management in the NHS Estates – HTM 2050 Standards Australia Risk Management – AS/NZS 4360:2004

23.

Definitions and Glossary of Terms

AS/NZS 4360: 2004

Australian/New Zealand standard on risk management licensed by the Department of Health, Social Services and Public Safety

Clinical & Social Care Governance

A framework within which HPSS organisations are accountable for continuously improving the quality of their services and safeguarding high standards of care and treatment. Clinical and social care governance is about organisations taking corporate responsibility for performance and providing the highest possible standard of clinical and social care (Best Practice – Best Care, DHSSPS, 2002)

Controls Assurance

Is a process designed to provide evidence that HPSS organisations are doing their „reasonable best‟ to manage themselves so as to meet their objectives and protect patients, staff, the public and other stakeholders against risks of all kinds.

Corporate Governance

The systems and process by which health and social care organisations lead, direct and control their functions in order to achieve organisational objectives, and by which they relate to their partners and wider community (Audit Commission 2000).

Hazard A source of potential harm or a situation with a potential to cause loss. Is anything, which has the potential to cause harm eg, falling ladder, and substances hazardous to health.

RQIA Non-departmental public body established on 1 April 2004 will provide independent monitoring of clinical and social care governance and report to the Minister for Health.

Integrated Governance

Systems, processes and behaviours by which trusts lead, direct and control their functions in order to achieve organisational objectives, safety and quality of service and in which they relate to patients and carers, the wider community and partner organisations.

Likelihood Used as a qualitative description of probability or frequency.

Probability The likelihood of a specific event or outcome, measured by the ratio of specific events or outcomes to the total number of possible events or outcomes. Probability is expressed a number.

Risk (AS/NZS standard)

The chance of something happening that will have an impact on objectives. It is measured in terms of consequence and likelihood.

Risk (in health & safety terms)

Is the likelihood, great or small, that somebody or something will be harmed by the hazard. The extent of the risk is measured by the likelihood/frequency of the harm occurring and the potential severity of harm.

24.

Risk Assessment The overall process of risk analysis and risk evaluation.

Risk Avoidance An informed decision not to become involved in a decision.

Risk Evaluation The process used to determine risk management priorities by comparing the level of risk against predetermined standards, target risk levels or other criteria.

Risk Identification

The process of determining what can happen, why and how.

Risk Management

The culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects (AS/NZS standard 4360:2004).

Risk Management Process

The systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analysing, evaluating, treating, monitoring and communicating risks. (AS/NZS standard 4360:2004).

Risk Reduction The application of appropriate techniques and management principles to reduce or eliminate risk.

Risk Register Is a log of significant risks (clinical, non-clinical, financial etc) that threaten the Trust‟s success in achieving its aims and objectives. It is populated through the various risk assessments undertaken within the organisation, together with external reviews and reports. This enables risk to be quantified and ranked to inform the Trust Board and aid decision-making and resource allocation processes.

Statement of Internal Control

Is the process employed by an organisation to ensure that an organisation‟s established objectives are met. It involves identifying and evaluating risks to an organisation and stating how these will be managed and mitigated. An HPSS organisation is required to produce an annual statement on internal control, alongside its annual accounts, summarising the process employed and the results of all evaluations undertaken on the organisation‟s abilities to meet its objectives and discharge its functions.

25.

List of Appendices

1 Risk Management Process – AS/NZS standard 4360:2004

2 Risk Matrix (March 2011)

3 Risk Management Policy Statement

4 Governance Organisational Chart (incorporating risk management)

5 Terms of reference – Corporate Control Committee (March 2011)

6 Risk Management Organisational Management Structure

26.

Appendix 1

RISK MANAGEMENT PROCESS (AS/NZS standard 4360:2004)

Establish the context

■ The strategic context

■ The organisational context

■ The risk management context

■ Develop criteria

■ Decide the structure

Identify risks

■ What can happen?

■ How can it happen?

Analyse risks

Determine existing controls

Evaluate risks

■ Compare against criteria

■ Set risk priorities

Treat risks

■ Identify treatment options

■ Evaluate treatment options

■ Select treatment options

■ Prepare treatment plans

■ Implement plans

Accept Risks

Co

mm

un

ica

te a

nd

co

nsu

lt

Mo

nit

or

an

d r

ev

iew

Yes

No Assess risks

Determine likelihood

Determine consequences

Estimate level of risk

27.

SOUTH EASTERN HEALTH & SOCIAL CARE TRUST – RISK MATRIX Risk Impact (Consequence/Severity) Table

Appendix 2

Category

Patient Safety/

Clinical Safety (Injury/ Harm

to Staff/ Public) Quality &

Professional Guidelines/ Standards

Reputation/ Publicity Legal/statutory Issues

Potential financial cost/loss

Service Continuity

Targets, Objectives and Service Provision

Impact

Catastrophic

Multiple deaths/ fatalities

Multiple deaths/ fatalities

Gross failure to meet professional standards

National Adverse Publicity

Full Public Inquiry

Litigation certain

Certain criminal prosecution (individual)

Unlimited fine and possible imprisonment of senior executives

Above £2m

Loss of multiple essential service/s in critical areas

Significant failure/s to meet a major target/s over a prolonged period of time

Possible termination of senior executives contracts of employment

Major

Death

Permanent harm/ disability, lasting greater than 1 year

15 days+ extended stay

Death

Permanent physical/ emotional injuries/trauma/ harm (lasting greater than 1 year to resolve)

Failure to meet Board, regional and national standards

Repeated failure to meet professional standards

Regional adverse publicity

Questions in the Assembly/ House

Independent external enquiry

MP concern

High level external investigation

Litigation expected/certain

Criminal prosecution likely

Unlimited fine

£250K to £2m

Extended loss of an essential service/s in more than one critical area

Failure to meet major target/s resulting in Departmental sanctions

Moderate Treatment

Temporary significant harm/ disability

Prolonged patient stay

Semi-permanent disability, lasting over 1 month and less than a year, 8-15 days extended stay

Semi permanent physical/ emotional injuries/trauma/ harm (recovery expected within 1 year)

Outside agencies notified (SAI)

>3 days absence, RIDDOR Reportable

Repeated failure to meet internal standards or follow protocols/ policies and guidelines

Expected/high potential for complaint

Needs careful PR handing

Local adverse publicity

High level internal investigation

Litigation possible but not certain

High potential for complaint

Prohibition Notice

Possible minor criminal prosecution up to £20K fine

£100K to £250K

Loss of a service/s in any critical area

Failure to meet major targets. Significant departmental/public attention in respect of non compliance with standard

Minor Minor harm

Increased patient monitoring

Non permanent harm lasting less than a month, 1-7 days extended stay

Short term injury/ harm, eg first aid

Emotional distress (recovery expected within days/weeks)

<3 days absence

Required IR2/IR3

Outside agencies notified

Single failure to meet internal standards, policy or protocol

Complaint possible

Informal unsubstantiated allegations

Complaint possible

Litigation unlikely

Improvement notice

£10K to £100K

Loss of a service in a number of non critical area/s

Failure to meet target /standard – no significant resulting consequence

Insignificant/ None

No harm No injury/harm or no intervention required

Near Miss

Minor property loss/damage

Minor non-compliance with internal standards, policy or protocol

Minimal risks to Trust

Informal complaint

Unlikely to cause complaint

Litigation risk = remote

£1K to £10K

Minor loss of a non critical service

Failure to meet target, objectives, service provision – no sanctions applied

SET Risk Matrix – Version 1.0 (March 2011)

28.

RISK MATRIX & RISK ASSESSMENT FRAMEWORK

Risk Grading – Action Guidance

Green Low Yellow Moderate Amber High Red Extreme

Manage by routine procedure

Management responsibility must be specified

Senior management attention needed

Immediate action required

Risk Likelihood Table

Descriptor Score Description Chance

Very likely/almost certain

5 It is expected to occur in most circumstances (more than once a week)

1 in 10

Likely 4 Will probably occur in most circumstances (once or twice per month)

1 in 100

Possible 3 Might occur at some time (once or twice per year) 1 in 1,000

Unlikely 2 Could occur at some time (may happen once every 3-5 years) 1 in 10,000

Rare 1 May occur only in exceptional circumstances (not in the next 5 years)

1 in 100,000

(Based on AS/NZS 4360:2004 standard)

Impact (Consequence/Severity)

Likelihood

Insignificant(1)

Minor (2)

Moderate (3)

Major (4)

Catastrophic (5)

Almost Certain (5)

High High Extreme Extreme Extreme

Likely (4)

Moderate High High Extreme Extreme

Possible (3)

Low Moderate High Extreme Extreme

Unlikely (2)

Low Low Moderate High Extreme

Rare (1)

Low Low Moderate High High

Green

Low risk. Identified risks which fall in the green area are deemed low acceptable risks and require no immediate action. These should be managed by routine procedure and must be monitored regularly at departmental level.

Yellow

Moderate risk. Identified risks which fall in the yellow area are deemed moderate risk to the Trust and may require further action within 12 months to reduce risk to an acceptable level. These would normally be actioned locally within Directorates and monitored by the relevant Local Governance Committee and entered on the Directorate Risk Register, as appropriate.

Amber

High risk. Identified risks which fall in the orange area are deemed high risk to the Trust and require further actions within 6 months to reduce the risk to an acceptable level. These risks and agreed action plans should be considered by the Local Directorate Governance Committee and risks that cannot be actioned or reduced locally should be forwarded to the Corporate Control Committee (via the Assistant Director: Risk Management & Governance) for further consideration/actioning and entry on corporate risk register, if appropriate.

Red

Extreme risk. Identified risks which fall in the red area are deemed extreme risk to the Trust and must be reported to the Local Directorate Governance Committee. These risks require immediate action to reduce the level of risk and the relevant Director will ensure they are forwarded to the Corporate Control Committee (via the Assistant Director: Risk Management & Governance) for further consideration/ action as appropriate. The appropriate Director will ensure the implementation of a time monitored action plan and provide regular reports to the Corporate Control Committee and or the Governance Assurance Committee. These risks will be added to the corporate risk register, if appropriate.

NB: These notes are for guidance only and should not prevent Directors from notifying the Corporate Control Committee / Governance Assurance Committee of frequently re-occurring green / yellow risks or bringing high priority red risks to the Corporate Control Committee due to their urgent nature.

29.

Appendix 3

SOUTH EASTERN HEALTH & SOCIAL CARE TRUST

POLICY STATEMENT ON RISK MANAGEMENT

Title: Policy Statement for Risk Management

Ratified by Relevant Executive Directors: Yes / No

Ownership: South Eastern Health & Social Care Trust

Status: Current

Publication Date:

March 2011 Next Review:

March 2013

Author(s) Assistant Director: Risk Management & Governance

Version 1 (Dec 2007) Version 2 (Sept 2010)

Evidence Base: Extant Risk Management Controls Assurance Standard SET Risk Management Strategy 2007-2010

1.0 POLICY STATEMENT 1.1 The Trust is committed to providing quality health and social care services to the

population it services. Assessing and managing risks is an integral part of the diverse work carried out within the Trust. Making decisions on risk and managing uncertainty are every day realities for Trust staff. The Trust will support its staff where such judgements have to be made and where sometimes difficult decisions need to be taken. A Risk Management Strategy document has been created to provide an overall framework to assist the overall organisation in managing risk and to give support to staff.

1.2 The Trust‟s person-centred ethos, in line with its Corporate and Directorate Plans,

involves working in partnership with service users, carers and the wider community. As part of that process of providing a person-centred service, the Trust accepts that staff will often have to make difficult decisions on risk, in partnership with service users and carers. Sometimes these decisions need to be made in conjunction with other organisations within and outside the service and, accordingly the Trust will seek to foster close links with commissioners and other providers and agencies from the voluntary, statutory and private sectors.

1.3 The Trust recognises that, in order to facilitate the best possible judgement on risk

issues, appropriate support must be provided to staff and managers. This support will be provided, for example, by the work of the Corporate Control Committee, the Assistant Director: Risk Management & Governance, the Corporate Governance &

30.

Risk Manager and the Risk Management & Governance Directorate. Through this support, and always recognising that patients and clients with the capacity to do so are ultimately entitled to reject what the Trust considers to be in their best interests, the Trust aims to continually build on the wealth of existing knowledge of, and skill, in risk management throughout the Trust. This is so that the optimum balance is maintained between good quality care, treatment and support of patients/clients and the provision of services that reduce potential harm as far as possible, to patients, clients and to staff.

1.4 Risk Management policies and procedures will be reviewed on a regular basis in

line with the arrangements for development and maintenance of policies. The management of risk is a key organisational responsibility and it should, therefore, be embedded within the organisational culture. All managers and health and social care professionals and staff must accept the management of risks as one of their most important duties. Additionally, every member of staff must have a real sense of ownership of, and commitment to identifying and minimising risks. However, this should not preclude Trust staff from taking balanced and sometimes difficult, judgements on risk that will increase the quality of life for Trust patients and clients. Judging risk, however, involves making rational judgements, which can be justified professionally, ethically and legally. Any action taken by staff must take into account appropriate legislation for example, health and safety, human rights, equality and disability discrimination.

1.5 To facilitate the reduction of risk the Trust recognises the value of learning from

incidents and near misses that have occurred in the past (including litigation and complaints). Through a process of incident review it will seek to disseminate this learning throughout the organisation. This is best achieved through a culture of openness and honesty, where mistakes and incidents are identified quickly and handled in a supportive and responsive way. This culture will support shared learning across the Trust.

1.6 Whilst risk management is the responsibility of all staff, the Governance Assurance

Committee will seek assurances that the Corporate Control Committee has in place, and regularly reviews, processes and procedures to properly assess and manage risk.

1.7 The Trust will review the risk management strategy on an annual basis and the

manner in which it is operated so that it can assure itself that the Risk Management processes within the organisation remain appropriate and effective. This strategy is a key part of the Trust‟s approach to governance, which underpins the ability of the Trust to deliver it goals, corporate strategies and annual plans.

EQUALITY STATEMENT This policy has been drawn up and reviewed in the light of Section 75 of the Northern Ireland Act (1998) which requires the Trust to have due regard to the need to promote Equality of Opportunity. In line with the duty of equality this policy has been screened against particular criteria and as a result no major issues requiring further impact assessment have been identified.

31.

This policy has also been considered and prepared with regard to the Trust’s obligation under the Human Rights Act 1998. The Trust is satisfied that the policy complies with its obligations under the Act. If at any stage of the life of the policy there are any issues within the policy which are perceived by any party as conflicting with his/her rights, that party should bring these to the attention of the Director of Human Resources or raise a complaint through the published complaints procedure.

_________________________________ Date: 31 March 2011 Mr Hugh McCaughey Chief Executive ___________________________________ Date: 31 March 2011 Mr Eamonn Molloy Director of Human Resources & Corporate Affairs

32.

Appendix 4

Corporate Control

Committee

Safety & Quality

Committee

South Eastern Health & Social Care Trust

Proposed High Level Governance Structure

TRUST BOARD

Governance Assurance Committee

Medical

Professional

Forum

Social Work

Professional

Forum

Nursing

Professional

Forum

AHP Professional

Forum

Board

Committees

Audit

Finance

Joint

Committees

Adoption Panel

Common

Investment Fund

Management assurance Independent assurance

Remuneration &

Terms of Service

Governance

Assurance

Charitable Funds

Sub Committees Sub Committees

Professional

Governance

Fora

Operational

Performance &

Service Improvement

Processes

Executive Management Team

Directorate Governance Committees (x8)

HL Gov Structure – April 2010

33.

SOUTH EASTERN HEALTH & SOCIAL CARE TRUST

Proposed Lower Level Sub Committee Structure

TRUST BOARD

Governance Assurance Committee

Safety & Quality Committee Corporate Control Committee

Clinical Negligence - Preliminary

Advisory Group

Employers/Public Liability Advisory

Group meeting

LL Gov Structure – SET – April 2010 (V2 – Jan 2011)

Operational Performance &

Service Improvement Processes

Decontamination Sub Committee

Lessons Learnt Sub Committee

Medical Devices & Equipment

Sub Committee

Emergency Planning & Service

Continuity Sub Committee

Environmental Cleanliness

Sub Committee

Health & Safety Sub Committee

Information Governance

Sub Committee

Learning & Development

Sub Committee

Blood Transfusion Sub Committee

Policy Sub Committee

Radiation Protection Sub Committee

Research Sub Committee

Clinical & Social Care Guidelines

Sub Committee

Infection Control Sub Committee

Multi-Prof. Audit Steering

Sub Committee

Patient Safety Leadership

Sub Committee

Resuscitation Sub Committee

Safeguarding Sub Committee

Controls Assurance Project Team

Executive Management Team

Public & Personal Involvement

Sub Committee

STANDING ADVISORY GROUPSFire Sub Committee

Environmental/Waste Management

Sub Committee

Fleet & Transport Management

Sub Committee

Security Sub Committee

Drug & Therapeutics Sub Committee

Organ Donation Sub Committee

34.

Appendix 5

Corporate Control Committee

Terms of Reference Date: March 2010 Version: Version 1.1 Review Date: March 2011

TOR – Corporate Control – April 2010

35.

Contents

Page 1.0 Constitution 1 2.0 Membership of committee 1 3.0 Quorum 1

40 Frequency of meetings 1 5.0 Authority 1 6.0 Roles and Responsibilities of the committee 1 7.0 Operational reporting arrangements 3 8.0 Reporting 5

36.

1.0 Constitution The Governance Assurance Committee hereby resolves to establish a sub

committee to be known as Corporate Control Committee (the Committee).

2.0 Membership of the Committee

Membership of the Committee shall be as follows:

The Executive Management Team;

Two Non-Executive Directors;

Clinical Risk Director;

Assistant Director of Risk Management & Governance (Joint operational lead for Governance);

Assistant Director: Financial Services

Assistant Director: Safe & Effective Care (Joint operational lead for Governance)

Assistant Director, Social Work Regulation, Improvement and Audit

Head of Pharmacy and Medicines Management

Corporate Governance & Risk Manager

The Chief Executive shall be the Chairman of the Committee and he shall be supported in this role by a Vice Chairman who shall be the lead Director for Governance.

3.0 Quorum A quorum shall be one third (5) of the members of the committee (18). 4.0 Frequency of Meetings

The committee shall meet on a quarterly basis. 5.0 Authority The Committee is authorised by the Governance Assurance Committee to

undertake any activity within its terms of reference. In particular, it may seek advice from whatever source it deems to be appropriate in order to fulfil its function.

6.0 Role and Responsibilities of the Committee The role of the Committee is to be the overarching strategic committee

responsible to the Governance Assurance Committee on all matters pertaining to integrated governance issues ie, Financial and Risk Management (including Organisational Controls). Clinical and Social Care Governance remains within the responsibility of the Safety and Quality Committee.

It will support the governance and risk management accountability arrangements

within the organisation and ensure that all significant risks are properly considered and communicated to the Governance Assurance Committee and/or the Trust Board, as appropriate.

37

Governance responsibilities

To provide assurance to the Governance Assurance Committee that the key building blocks of integrated governance - financial governance, risk management (including organisational controls) and clinical and social care governance are being effectively and appropriately managed.

To ensure that key priorities relating to Governance are delivered through a performance management and accountability framework;

To be responsible for the strategic management of the Trust‟s integrated Governance agenda, incorporating financial controls, risk management (including organisational controls) and clinical and social care governance;

To develop and implement an integrated Governance strategy supported by an annual governance plan at Strategic and Director/Directorate levels;

To prepare and submit regular reports to the Governance Assurance Committee on the activities and outcomes of the Corporate Control Committee including the work of related sub committees;

To receive for endorsement the annual programmes of work for the Corporate Control Sub Committees;

To consider and prepare the risk management section of the Trust‟s Annual Statement of Internal Control and any Risk Management Statements for inclusion in the Trust‟s Annual Report;

To develop and implement an Assurance Framework for the Trust ensuring that all significant risks that impact on the achievement of the Trust‟s principal objectives have been identified, recorded, actioned and entered on to the Corporate Risk Register, as appropriate;

To receive regular reports on the operation of the Trust‟s Risk Registers (both Corporate and Departmental) ensuring that regular reports are made to the Governance Assurance Committee and/or Trust Board;

To ensure compliance with the achievement of the Controls Assurance programme and any other similar initiatives for eg, ISO and HQS programmes in accordance with agreed work plans;

To produce an annual report on the activities of the Committee for submission to the Governance Assurance Committee and ultimately the Trust Board;

To ensure appropriate linkages are in place with the Safety & Quality, Financial management and Operational and Performance Management strands of the governance structure to ensure that the risk and safety/quality programmes work in unison.

Risk Management Responsibilities

38

To provide the Governance Assurance Committee with assurances that the Trust has appropriate arrangements for effective internal control, and for the identification and management of risk.

To implement and maintain a strategic framework within which the Trust can develop a dynamic risk management system including relevant policies, procedures and guidelines for clinical and non-clinical risks;

To produce an annual risk management programme of work for endorsement by the Governance Assurance Committee;

To establish a framework of sub committees reporting to the Corporate Control Committee in order to ensure key risk management priorities are being addressed;

To be responsible for the organisation-wide co-ordination and prioritisation of risk management issues and overseeing the work of any specialist risk management groups;

To receive annual action plans and regular reports for all sub committees reporting to the Corporate Control Committee in order to ensure key governance and risk management priorities are being addressed;

To act as a filter mechanism for risk issues from Directorate level risk registers for entry onto the Corporate Risk Register;

To lead on the implementation and monitoring of relevant risk management standards in order to ensure the delivery of high quality, evidence based care for eg, Controls Assurance;

To determine priority areas for the audit programme in respect of governance and risk management activities based on both clinical and non clinical risk programmes.

7.0 Operational arrangements for meetings

7.1 Administrative support to the committee

The Committee shall be supported administratively by the Assistant Director: Risk Management & Governance, whose duties in this respect will include:

Preparation and issue of agenda on behalf of the Chairman;

Collation and distribution of papers sufficiently in advance of each meeting to facilitate their full consideration and discussion at the meeting;

Ensuring appropriate arrangements are in place for the servicing of the committee including the taking of minutes and keeping a record of matters arising and issues to be carried forward.

Advising the Committee on pertinent issues.

7.2 Conduct of meeting

39

All questions arising will be decided by a simple majority of those present. In the case of equal votes, the Chair will have a casting vote. It is intended that meetings will not last more than 2 hours.

7.3 Agenda items and papers for meetings

Agenda items should be submitted to the Assistant Director: Risk Management & Governance 10 days in advance of the meeting. He/she will agree the content of the agenda prior to issue with the chairman of the group.

The Assistant Director: Risk Management & Governance will issue the agenda/papers for the meeting approximately 7 days in advance of the meeting. Should an item need to be raised on the day, this can be covered under Any Other Business, subject to there being available time for discussion. If separate papers require circulation, these should, wherever possible, be issued with the agenda. This is intended to enable the members to have the opportunity to read information in advance.

7.4 Minutes of meetings

The Assistant Director: Risk Management & Governance (or nominee) will provide the secretariat for the meeting. Minutes of meetings will be produced and agreed with the chair prior to issue. These will be circulated as soon as possible after the meeting listing topics discussed, actions agreed and individuals responsible for undertaking those actions.

7.5 Sub Committee Reporting Arrangements

The Committee will oversee the work of all specialist risk management sub committees and will endorse their terms of reference and annual programmes of work. The Committee will receive the minutes of all sub committee meetings and quarterly reports detailing progress reports on work plans.

7.6 Review of terms of reference

The Committee will review its terms of reference on an annual basis. The Governance Assurance Committee should endorse these.

8.0 Reporting

The minutes of the Committee shall be formally recorded and distributed to the members of the Committee and presented to the next Governance Assurance Committee meeting, for information and noting. Regular reports from the Corporate Control Committee will be submitted to the Governance Assurance Committee as per the agreed reporting mechanism.

40

List of members of the Corporate Control Committee – April 2010

The Executive Management Team; o Hugh McCaughey o Eamonn Molloy o Charlie Martyn o John Simpson o Desi Bannon o Kate Thompson o Charlotte McArdle o Seamus McGoran o Neil Guckian

Two Non-Executive Directors; o Donal Flanagan o Dermot O‟Hara

Clinical Risk Director – Mr Maurice Dunlop;

Assistant Director of Risk Management & Governance (Joint operational lead for Governance) – Miss Irene Low;

Assistant Director; Financial Services – Mrs Wendy Thompson;

Assistant Director: Safe & Effective Care (Joint operational lead for Governance) – Mrs Lorna Telford;

Assistant Director, Social Work Regulation, Improvement and Audit – Mrs Barbara Campbell;

Head of Pharmacy and Medicines Management – Miss Jill Macintyre

Corporate Governance & Risk Manager – Mrs Susan McKnight

41.

Appendix 6

STRUCTURE FOR RISK MANAGEMENT AND GOVERNANCE

DIRECTOR OF HUMAN RESOURCES & CORPORATE AFFAIRS

ASSISTANT DIRECTOR OF RISK MANAGEMENT & GOVERNANCE (8C)

Risk Management & Governance

Corporate Governance & Risk

Manager (SM – 8A)Emergency Planning & Information

Governance Manager (SM – 8A)

Complaints/

Patient

Liaison

Manager

(SM–B7)

Litigation/

Systems

Manager

(SM-B7)

Assistant

Complaints

Officer

(Band 6)

Band 4

Band 2

Clinical

Risk

Adviser*

(SM–B7)

Health &

Safety

Adviser*

(SM-B7)

Litigation

Services

Assistant

(Band 4)

Litigation

Services

Assistant

(Band 4)

Litigation

Services

Assistant

(Band 4)

Emergency

Planning

Officer

(SM-B5)

Information

& Records

Management

Officer

(SM-B7)

Admin

Support

Assistant –

NIAIC

(Band 3)

Structure for RM & Gov Directorate – Final Version – 19.12.07 (updated Oct 2010)

SM = Senior Manager

P/T = Part Time

Clinical

Risk

Adviser**

(SM–B7)

Health &

Safety

Adviser**

(SM-B7)

Data Inputers

X5 (P/T)

(Band 2)

Clerical Officer

(Band 2)

Team

Secretary

(Band 3)

Team Secretary

(Band 3)Team Secretary

(Band 3)

Admin

Support

Officer

(Band 4)

(FOI/DP/

Recs)