Meeting of Bristol Clinical Commissioning Group Governing Body

Transcription

1 Meeting of Bristol Clinical Commissioning Group Governing Body To be held on Tuesday 30 June 2015 commencing at 13:30pm at the Greenway Centre, 119 Doncaster Road, BS10 5PY Title: Risk Appetite Statement Agenda Item: 12 1 Purpose This paper presents to the Governing Body a proposed Risk Appetite Statement and process that will inform risk management processes, wider decision making and guide staff. 2 Background The adoption of a risk appetite statement is considered a fundamental aspect of risk management and is set out in a number of authoritative sources. Treasury guidance is that it is essential that both private and public organisations set out the Boards attitude to risk and that this is used to inform decision making. British Standard (BS31100) states the organisation should prepare a risk appetite statement which may provide direction and boundaries on the risk that can be accepted at various levels of the organisation, how the risk and any associated reward are to be balanced and the likely response. The UK Corporate Code of Governance sets out that The board is responsible for determining the nature and extent of the principal risks it is willing to take in achieving its strategic objectives. The board should maintain sound risk management and internal control systems. A risk appetite statement is included in our Risk Management Strategy and the Governing Body has held two seminar sessions aimed at developing and strengthening its understanding of its risk appetite. 3 What is Risk Appetite An organisations risk appetite is the amount of risk that an organisation is prepared to accept, tolerate or be exposed to at any point on time (HMT Orange Book 2005). Our Risk Appetite statement provides our staff with guidance as to the boundaries on risk that are acceptable and how risk and reward are to be balanced. As such it recognises that risks present both challenges and opportunities and should not be considered solely in terms of their potential financial consequences. Our risk appetite helps our staff and our stakeholders understand the level of risk that we are prepared to accept across the CCG. This is not to say that risks may If you need this document in a different format telephone the CCG on Page 1 of 6

2 not be assessed as above the risk limits within the risk appetite statement. The risk appetite and the risk limits set out acceptable levels of risk. 4 Establishing our Risk Appetite and its use As part of the review of our Risk Management Strategy the Governing Body s Risk Appetite Statement has been revised to clearly define the amount and type of risk we are able to support in pursuit of our objectives. Our risk appetite has been revised to include both qualitative and quantitative elements to support the determination of the acceptability of risks. The Governing Body has worked with the Good Governance Institute Risk Appetite Matrix for NHS organisations in its seminar sessions. The principal objectives set out in the Governing Body Assurance Framework have been mapped to the risk levels described in the GGI Risk Appetite Matrix. This indicates the risk appetite for each of the objectives and provides the qualitative element. The quantitative element to our Risk Appetite is achieved through matching the risk appetite levels to the CCG risk assessment scoring matrix (appendix 1). This gives an indication of the risk limits within the risk appetite. Breaches of these risk limits will trigger corrective action as described in the risk assessment guide. This notwithstanding, the CCG has set an overall risk tolerance threshold of 12 whereby all risks assessed as 12 or over using the risk assessment tool, must be reported to the Governing Body. When carrying out risk assessments staff are required to indicate the risk appetite and risk limits by applying the CCG risk appetite statement. To further assist staff the risk categories set out in the CCG Risk Assessment Guidelines are mapped to the GGI risk levels and the subsequent risk appetite and risk limits are included in the risk appetite statement. It is important that risk reviews take into account whether the risk limits have been reached as this will guide decisions to remove risks from risk registers. Where a risk is recorded on the Corporate Risk Register the Governing Body will review risks. If a risk is scored below the risk threshold of 12 however the risk limit has not been reached the Governing Body will decide whether the risk will continue to be reported to the Governing Body or whether the risk appetite should be amended. The proposed risk appetite statement is given below. This will be incorporated into our Risk Management Strategy and Policy once approved by the Governing Body. 5 Risk Appetite Statement Bristol CCG s approach is to minimise our exposure to risk in relation to the patient experience and access to healthcare (this includes nationally defined standards such as the NHS Constitution Standards) our finances and our reputation. We accept and encourage an increased degree of risk in pursuit of our objectives to improve the health of people in Bristol and in our work with partners to ensure a sustainable and affordable healthcare system in Bristol and reduce health inequalities. Page 2 of 6

3 Our risk appetite takes into account our capacity for risk, that is, the amount of risk we are able to shoulder before we breach our statutory obligations and duties. Our capacity for risk is also delineated by the risks our stakeholders are willing to bear. Our statement of risk appetite is dynamic and its drafting is an iterative process that reflects the challenging environment facing the CCG and the wider NHS. We will review our risk appetite at least annually. Our appetite for risk mapped against the Governing Body Assurance Framework (GBAF) Principal Objectives is illustrated below: Risk level Appetite Risk limit Principal Objectives (GBAF) Avoid: risk avoidance is a key objective None - - Minimal: preference for ultra-safe delivery options with low inherent risk and limited reward potential Cautious: preference for safe delivery options with low inherent risk etc Open: willing to consider all potential delivery options whilst providing acceptable reward and VFM Seek: innovative options offering potentially higher rewards and greater inherent risks low 1-3 Improve patient experience and access to healthcare moderate Ensure cost effective delivery of QIPP and other financial arrangements Embracing our corporate responsibility High 8-12 Improve the health of the people of Bristol Significant Work to reduce health inequalities Work to ensure sustainable affordable healthcare system The risk limit is reflected on the Governing Body Assurance Framework Page 3 of 6

4 Our risk appetite mapped against the types of risks contained in the risk assessment guidelines appended to the Risk Management Strategy is: Public and patient safety low 1-3 Quality/patient experience low 1-3 Finance low 1-3 Capacity and capability Moderate 4-6 Business management and reputation low 1-3 Environment, estate and IT moderate 4-6 Information Governance low How have service users, carers and local people been involved? The Risk Appetite Statement is part of our overall strategy for the management of risk. It is one element of our internal framework for managing risks that face the organisation. Members of the public have not been involved in its development. 7 Implications on equalities and health inequalities. An Equality Impact Assessment screening has been completed for the Risk Management Strategy. 8 Evidence Informed Commissioning The requirement for a risk appetite statement is driven nationally by HM Treasury and good practice in risk management. The risk appetite is based on guidance issued by a number of sources and on the work carried out by the Governing Body in seminar. Our risk appetite statement will be assessed and evaluated as part of the Internal Audit work focusing on risk management. 9 Financial Implications There are no inherent financial risks arising from the proposals in this paper. 10 Legal implications There are no legal issues raised in this paper. 11 Risk implications, assessment and mitigation Failure to adopt an appropriate risk appetite statement would impact on our capacity to effectively manage risk. 12 How does this fit with Bristol CCG s Operational Plan or Strategic Objectives? Page 4 of 6

5 The risk appetite statement is part of the framework used to identify, quantify and provide to direction to the management of risk across Bristol CCG. This includes risks identified in the annual commissioning plan. 13 Recommendation(s) The Governing Body is asked to: Approve the process used to define the Risk Appetite Statement Review the proposed risk appetite statement and its constituent elements Approve its adoption and inclusion in the Risk Management Strategy Agree that this paper is appended to the Risk Management Strategy Sarah Carr, Corporate Secretary 12 June 2015 Alison Moon Director for Transformation and Quality 23 June 2015 Page 5 of 6

6 Appendix 1 Bristol CCG Risk Assessment Matrix Risk Assessment scoring matrix Probability of happening again Almost certain = likely = possible = unlikely = Rare = Insignificant = 1 Minor = 2 Moderate = 3 Consequence Major = 4 Catastrophic = 5 If a risk falls into one of the boxes numbered immediate action is required, so far as is reasonably practicable. If a risk falls into one of the boxes numbered 8-12 prompt action is required, so far as is reasonably practicable. If a risk falls into one of the boxes numbered 4-6, risk reduction is required, so far as is reasonably practicable. If a risk falls into one of the boxes numbered 1-3 further risk reduction may not be feasible or cost effective. Page 6 of 6