supporting the health & personal social services in northern ireland risk management april -...

Supporting the Health & Personal Social Services in Northern Ireland

Risk ManagementKM164

© Copyright HBOS plc all rights reserved

APRIL - 2007


Definitions of Risk Management

“…anything that could stop the organisation achieving its business objectives.”

“The chance of something happening that will have an impact upon objectives. It is measured in terms of likelihood and

impact.”

(AS/NZS 4360:1999)


Some Terminology

Hazard - Confidential report being left in member of staff’s car

Risk - Report falls into wrong

hands and confidentiality is

breached

Incident – Car broken into and report

taken

Near Miss – Car broken

into but report not taken


An ExampleA trailing PC cable lying across the floor is a hazard.

The risk is that someone trips over it.

If the cable is noticed and cleared by a member of staff, it was a near miss

If someone trips up and injures themselves before it is cleared away, this is an incident


Why Manage Risks?

Some Risk Control Failures:•Barings Bank•Zeebrugge Ferry•Enron•Hoover – New York•Harold Shipman•Organ Retention Inquiry•Bristol Royal Infirmary


UncertaintyRReports that say that something hasn’t happened are always interesting to me, because, as we know, there are known knowns; there are things we know we know. WWe also know there are known unknowns; that is to say we know there are some things we do not know. BBut There are also unknown unknowns –the ones we don’t know we don’t know” DDonald Rumsfeld UUS Defence Secretary (5 December 2003)


Why is Risk Management an Issue in the NHS?

•10.8% patients experienced an adverse event.

Of these• 49% judged preventable• 34% developed injury or complication with moderate impairment• 6% permanent impairment• Contributed to death 8%

(June 2003)•28,000 written complaints•£400m per year settlement plus £2.4m liability (clinical negligence only)•Hospital-acquired infections - £1billion annually.

(February 2005)


Why is Risk Management an Issue in the US?

•98,000 deaths per year due to “medical error”

•40% outpatient prescriptions deemed “unnecessary”

•777,000 injuries or deaths caused by “adverse drug events”

(2004)

•£173 million!•135,172 accidents involving NHS staff at work •Only 42% of accidents that are supposed to be reported under the law are reported.

–Work related sickness/absence

–Permanent injury benefits

–Ill health retirements

–Out of court payments (October 2003)Supporting the Health & Personal Social Services in Northern Ireland

Cost of Work Related Accidents


Consider the Risk Types

•Reputation•Financial•Legal•Technical•Environmental•Political•Others?


Examples•Economic problems.•Obsolescence of technology.•Fraud.•Poor accounting systems.•H&S.•Professional.•Environmental.•Ineffective management.•Staff turnover/Skills shortage.•Poor service levels/Poor quality.•IT Systems fail to cope.


Benefits of Good Risk Management

•Links between Risk Management and business objectives.

•Fewer sudden shocks.

•Competitive advantage.

•Strategy-setting basis.

•Assists with change management.

•Reduction in the need for “fire-fighting.”

•Minimise damage and loss.

Why would you not want to the above things?


How Identify Risks?

•Round table discussions.•Workshops.•Questionnaires.•Audits.•SWOT analysis.•Stakeholder analysis.•Complaints.•Sickness absence / staffing levels.•New legislation and policy.•Controls Assurance Standards.

NIPEC’s - Risk Management Structure

Risk Owners

Head of Corporate Services

Internal Business Meeting

Audit Committee

COUNCIL

Health & Safety Group

•Risk Management Strategy & Action Plan 2007/08Risk Action Plan

During 2007/08, the Head of Corporate Services will take forward the following actions:

•Action 1: Review this Strategy;

•Action 2: Arrange regular meetings of the Internal Business Meeting to review the Risk Register, progress risk issues, discuss new risks that have been identified, promote awareness of Risk Management and any other relevant matters;

•Action 3: Monitor and update the Risk Register

•Action 4: Liaise with staff to monitor risk treatment work;

•Risk Management Strategy & Action Plan 2007/08

Risk Action Plan (ctd)Action 5: Continue the work towards compliance with the applicable Controls Assurance Standards. (Where “gaps” are

identified, an appropriate Action Plan will be developed, implemented and progress monitored);Action 6: Make available awareness sessions to staff throughout

NIPEC in order to enhance staff understanding of Risk Management activities and requirements;

Action 7: Review any Risk-related policies Action 8: Undertake a review of this Strategy by the end of March

2007 and produce an Action Plan for 2007/08.

Timetable for Implementation

•January 2007 - February 2007 Review the Risk Management Strategy• May 2007 Awareness sessions to staff throughout

NIPEC•January 2007 – March 2008 Arrange regular meetings of the Internal

Business Meeting.•January 2007 – March 2008 Liaise with staff to monitor risk

treatment work.•January 2007 – March 2008 Continue the work towards compliance

with the applicable Controls

Assurance Standards•March 2008 Formal review of the Risk Register.

NIPEC’s Risk Registers

HIGH Level Risk Register

LOW Level Risk Register

NIPEC’s HIGH Level Risk Register

Major Organisational Areas identified as per the Business Plan .

(a) Risks evaluated and scored using the (5x5) risk matrix based on possible likelihood and impact

(b) An example - the Register for 2007/08

NIPEC Risk Register LEVEL OF RISK

IMPACTIMPACT Risk Quantification Matrix

5 - Catastrophic High High Extreme Extreme Extreme

4 – Major High High High High Extreme

3 - Moderate Medium Medium Medium Medium High

2 – Minor Low Low Low Medium Medium

1 – Insignificant Low Low Low Low Medium

ARare

BUnlikely

CPossible

DLikely

EAlmost Certain

LikelihoodLikelihood

An example from NIPEC’s High Level Risk Register 2007/08.

Risk Risk Assessment (Mitigated by Current Controls)

Impact 3 Likelihood A Level of Risk MEDIUM 5. Council’s operations not in full compliance with the principles of

Corporate Governance. Source Financial/Accountability

Risk Owner

Paddie Blaney

Risk Managed? Fully Partially Not Managed

Specific Objectives Impacted by the Risk Business Implications if the Risk Occurs

NIPEC’s Corporate Strategy (2005 to 2008) achievements met and Business Plan (2007/2008) objectives.

Failure to Comply with Statutory Duty. Breakdown in Probity / Governance. Damage to Council’s Reputation. Poor Professional / Public Image.

Potential Root Causes of the Risk How the Risk / Root Cause is Currently Managed

Failure to update and operationalise Standing Financial Orders and Financial Management Documents as appropriate;

Failure to review, where required, comprehensive internal policies and

procedures; Failure to maintain a NIPEC Equality Scheme, and Freedom of

information Scheme; Failure to maintain adherence with the DHSS&PS control assurance

standards; Failure to achieve strategic HPSS standing and influence.

Standing Financial Orders, Management Statement and

Financial Memorandum in place; Monitoring, Up-dating and Reviewing of Corporate Strategy &

annual Business Plans carried out by Chair, Chief Executive and Council members including Senior Team on a regular basis;

Equality Scheme approved by EC and actively applied; FOI Publication Scheme approved and implemented; SLA for Risk Management in place and both High level & Low

level risk registers in place; Financial management control systems in place; Control Assurance files of Evidence maintained and updated

for designated areas; Addressing issues which may arise from Control Assurances

Statements; Quarterly Council and Audit committee meetings.

Additional Actions to Manage the Risk / Root Cause Criticality Responsibility Est Date Level of Risk (when treated)

NIPEC’s Low Level Risk Register

(a) This Register contains 3 main areas [ Corporate Register, Corporate Register, Functional Register, Professional Areas].Functional Register, Professional Areas].

This is further broken down into 15 areas which are subsequently divided down into 82 sub areas.

Again the above is based on the (5x5) risk matrix.

(b) Example - the Register for 2006/07

An example from NIPEC’s Low Level Risk Register 2007/08.SUPPLIES

6.1 Failure to ensure that the Council is adequately supplied

A 2 Low Adequate Edmund Thom

HEALTH AND SAFETY

7.1 Failure to ensure that all staff, customers and the public (where relevant) are made aware of the Council’s health and safety policy and procedures

B 3 Medium Adequate Edmund Thom

7.2 Personal injury to employee or visitors

A 3 Medium Adequate Edmund Thom

7.3 Workplace violence against staff


7.4 General damage to buildings/ equipment of the organisation


7.5 Increased possibility of accidents due to inadequate processing of requests for work/repairs


7.6 Adverse incidents affecting any part of the organisation are not addressed in line with procedures


7.7 Failure to meet statutory duty to obey Fire Code


This presentation will be available for download at

http://www.nipec.n-i.nhs.uk/presentations




November 2006




APRIL - 2007

supporting the health & personal social services in northern ireland risk management april -...

Documents

northern ireland slide

incident slide

definitions of risk

risk control failures

miss car

permanent impairment

breached incident car

nhs staff