2.2 For Board Members to approve the five high risks the Trust is facing:

Transcription

1 HEREFORD HOSPITALS NHS TRUST PUBLIC BOARD MEETING 28 TH JANUARY 2011 COMPANY SECRETARY S REPORT NICOLA.LICENCE@HHTR.NHS.UK BOARD ASSURANCE FRAMEWORK 1.0 INTRODUCTION 1.1 The attached Board Assurance Framework has been developed to ensure that high level risks are identified against the Trusts eight Strategic Objectives. 2.0 RECOMMENDATION 2.1 For Board Members to discuss the attached Board Assurance Framework 2.2 For Board Members to approve the five high risks the Trust is facing: Residual Risk score Risk Strategic Objective 15 Ability of the Trust to: (a) Provide safe care due to admissions exceeding capacity (b) Guarantee elective surgery Due to impact of winter pressures and rise in emergency demand 16 Demand exceeds commissioned activity 15 Failure to deliver QPP (Quality and Productivity Programme) 16 Lack of clinical engagement with the Trust 16 Speed and change of savings expected from Integrated Care Organisation For Board Members to note the summary of key changes set out within paragraph 6.6.

2 3.0 BAF & RISK MANAGEMENT 3.1 It is vital that Boards of Management are able to demonstrate that they have been properly informed about their risks. To do this, they need to be able to provide evidence that they have systematically identified their objectives and managed the principal risks in achieving them. A simple but comprehensive Board Assurance Framework with a hierarchy of reporting in place achieves this responsibility in an effective and focused way. 3.2 Department of Health Guidance states that Boards must: establish principle objectives; identify the principle risks that may threaten the achievement of those objectives; identify the key controls in place to manage the risks; detail the arrangements for obtaining assurance on the key controls; evaluate the assurance across all areas of principle risk; identify gaps in control; put in place plans to take corrective action where gaps are identified; maintain dynamic risk management arrangements. 3.3 Sitting alongside and feeding into the Board Assurance Framework is a risk management system with records that support full management of risks across all the main activities of the Trust. They are classified to match the organisation s structure and are mapped to objectives. The risks are recorded in one of three classes: Strategic Risks those which are identified as threatening the achievement of the Trust s objectives Corporate Process Risks those which affect all or many of the Trust s activities. These are often where systems or processes fail or are not aligned. Operational Risks those which arise from the activities taking place on a day-to-day basis across the Trust All significant risks (extreme and high) should not be considered in isolation, as they are escalated through the whole organisation. 3.4 The key elements of the Trust s risk management system are: Board and senior management commitment to risk management with it being integral to achieving objectives; a sense that taking risk can bring rewards and penalties, and an understanding of the consequences of taking risks; a common framework for the analysis of risks, whether they are strategic, operational, clinical, financial or organisational; a single point of co-ordination for the process. 3.5 The Board Assurance Framework also supports the end of year Statement of Internal Control (SIC), and is assessed by the SHA against Department of Health guidelines.

3 4.0 POLICY AND BUSINESS PLAN CONSIDERATIONS 4.1 Providing the Board of Management with appropriate assurances that business plan objectives will be delivered whilst identifying, managing or mitigating the risks is essential to Hereford Hospitals NHS Trust. 5.0 THE MANAGEMENT OF RISK 5.1 The process for the management of risk in the Trust is described in the Strategy and Policy which was approved by the Trust Board in August The function of the Assurance Framework is to inform and elicit discussion about the significant risks which threaten Trust activities. These reports take place at the Executive Team Meetings and the Trust Board. The quarterly reports will identify the most significant of the strategic risks. 5.3 The Assurance Framework describes the risks and the existing controls, any gap in control, assurance of the controls effectiveness, and the actions that are planned and being executed. This will enable the respective meeting to monitor the significant threats to the Trust and assess whether the mitigation is adequate. This process of review and challenge is both a mandatory activity and good practice. 5.4 The Assurance Framework is the pinnacle of a risk management process which will capture all threats and potential re-occurrence of untoward events, and provide a framework for mitigation. This framework involves a number of groups in the process of assessment and monitoring of these threats. 6.0 UPDATE 6.1 The Board Assurance Framework continues to be developed. This is to ensure that it is a useful tool for the whole Board, in providing appropriate assurances that the key risks in achieving corporate objectives and the functioning of corporate processes are being mitigated / managed. There is an appropriate infrastructure in place in terms of committee and individual responsibilities, with the Audit Committee reviewing the overall operation of these arrangements. 6.2 Two scores have been included, using the NPSA Risk Scoring Matrix: inherent risk (with no controls in place) and residual risk (with current controls and assurances in place). An additional column has also been added which shows the link to the Care Quality Commission (CQC) Quality and Risk Profile Section. 6.3 Our Internal Auditors have also carried out internal audit reviews on some of the identified risks. This has been to ensure that the controls which have been identified, along with any assurances, are actually in place and working. This provides the Board with further assurance. These internal audits are presented to the Audit Committee in the usual way.

4 6.4 The Trust has entered a new and challenging phase of its development. The Integrated Care Organisation (ICO) and the political and economic climates will all have an effect. This is reflected in the new Assurance Framework report. 6.5 The Board Assurance Framework currently highlights 10 strategic risks against the achievement of Corporate Objectives: At last review by the Board Current status extreme risks 5 high risks 6 moderate risks 0 extreme risks 5 high risks 5 moderate risks 6.6 Below is set out the summary of the key changes by objective since the BAF was last reviewed by the Board and updates and progress against actions are shown on the BAF in red. Objective Risk reworded due to registration of additional community premises with CQC. 1.3 New risk added and assessed as High after controls in place. Objective Strategy agreed with Commissioners is to reduce demand which would result in reduced volume. This objective will need to be reviewed / become obsolete upon formation of ICO. Objective Capacity to run and deliver estates and capital scheme Risk removed from BAF as status reduced from Moderate to Low as staff now in post / being recruited to deliver. Objective Changed wording of risk from failure to deliver QPP (Quality and Productivity Programme) to Failure to deliver year end outturn. Objective New risk added and assessed as Moderate after controls in place. Objective Creation of ICO has negative impact upon Trust Risk removed from BAF as status reduced from Moderate to Low due to service now in place e.g. Instant care service, reduced delayed discharges etc.

5 8.3 Transition of Trust into ICO Risk removed from BAF as status reduced from Moderate to Low due to approvals to create ICO been received from DH, SHA and CCP. 7.0 CONSULTATIONS 7.1 The Board Assurance Framework was reviewed by the Executive Team on 11 th January 2011 and by the Audit Committee on 14 th January 2011.

6 Appendix 1 NPSA Risk Scoring Matrix Consequence x Likelihood Likelihood Likelihood score Rare Unlikely Possible Likely Almost certain 5 Catastrophic Major Moderate Minor Negligible Grading of risk 1-3 Minimal Risk 4-6 Low Risk 8-12 Moderate Risk High Risk Extreme Risk