Integrated Risk Management Framework

Transcription

1 Integrated Risk Management Framework October 2012 Patient focused Providing quality, improving outcomes

2 Contents 1. Introduction page 4 WKCCG Risk Management Policy Statement 2. Definitions of Risk page 4/5 Risk Clinical Risks Corporate Risks Financial Risks Risk Appetite Risk Management Significant and Acceptable Risks 3. Scope and Objective of the Integrated Risk page 6 4. Management of this Framework page 6 5. WKCCG s Governance arrangements for risk page 7,8,9,10,11 Accountability and Management Arrangements Individual Accountabilities 1) Accountable Officer 2) Chair of the WKCCG 3) Lay Member with a lead role for governance 4) Director of Quality 5) Chief Finance Officer 6) Directors and Service Managers 7) Corporate Governance Manager 8) All Staff 9) Independent Contractors, Community & Acute providers Committee Accountabilities Page 12,13 1) The Governing Body 2) Audit Committee 3) Quality Committee 4) Other Committees Comment [SR1]: To expand to cover individual committees October

3 6. The Risk Management Process page 14,15 Risk Grading and the Risk Matrix The Risk Register 7. Risk Management Training page Safeguarding page Associated PCT/CCG documentation page 17 Appendices page 18 Appendix A: WK CCG s Governance arrangements for risk Appendix B: West Kent CCG Risk Register Appendix C: Risk Matrix for Risk Assessment October

4 1. Introduction West Kent CCGs Integrated Risk has been developed to support the delivery of safe and effective health services within the resources available for the West Kent population and to provide for the health and safety of its members and employees. Integrated Risk Management is the undertaking of appropriate and consistent identification, evaluation and management of risks to deliver the best possible health care to the population and ensure the health and safety of its members and employees. Every action undertaken involves an element of risk and the utilisation of a robust risk management framework enables the CCG to have adequately managed risks with a clear view of risk accountability, potential impact and the likelihood of occurrence. WKCCG Risk Management Policy Statement The Governing Body accepts that risk management is an integral part of its governance responsibilities and is therefore committed to active risk management within all of the services it commissions for its population. WK CCG will act to minimise risk and the impact of risks within any of its activities wherever possible and to instil a culture whereby risk management is an integral part of any CCG activity or service. Stakeholders must also be involved in the process of risk management in terms of identifying risk, prioritising processes and making decisions about service delivery. 2. DEFINITIONS OF RISK 1 Risk Risk is defined as, the chance of something happening that will have an impact on objectives and is measured in terms of consequences and likelihood Clinical risks Clinical Risks are defined as, those risks which have a cause or effect which is primarily clinical or medical. Examples include clinical care activities, consent issues and medicines management. 1 Australian Standard. Risk Management AS/NZS 4360:1999 October

5 Corporate risks These are defined as, those risks which primarily relate to the way in which WKCCG is organised, managed and governed. Examples include property related risks, human resource issues and corporate governance risks. Financial risks These are defined as, those whose principal effect would be a financial loss or a lost opportunity to deliver a financial gain. Examples include poor financial control, fraud and ineffective insurance arrangements. The risk management framework will encompass risks relating to the delivery of Quality, Innovation, Productivity and Prevention (QIPP) plans. Risk Appetite Comment [SR2]: NB for Finance Risk Register A risk appetite is defined as the amount of risk that an organisation is prepared to accept at any point in time. WKCCG is working towards the development of a mature risk appetite, whereby risks are considered in the context of long term benefits and managed at every step of the commissioning process with a zero tolerance approach to financial risk and breaches in regulations. Risk Management Is defined as a logical and systematic method of establishing the context, identifying, analysing, evaluating, treating, monitoring and communicating risks associated with any activity, function or process in the way that will enable organisations to minimise losses and maximise opportunities. Significant and Acceptable Risks The WKCCG risk assessment matrix (Appendix C) grades a risk as significant (scored as high risk or extreme risk on the Risk Follow up Table; table 5) when the risk score is high enough to be given a red or yellow grading on the scale. WKCCG must maintain a proactive approach to the management and mitigation of these significant risks and must ensure that any new risks are identified immediately to allow them to be graded and any significant risks dealt with. Acceptable risks are those where the risk score is given a green or yellow grading on the Risk Assessment Matrix scale or where those risks given an Amber or Red rating have appropriate risk mitigation and action plans in place which are robust enough for the Governing Body to deem the risk acceptable within the stated CCG risk appetite. These risks should still be consistently monitored to ensure that their risk rating does not change with circumstance without the appropriate officer being aware. An unacceptable risk is a risk which falls outside of the CCG risk appetite and cannot be mitigated to the necessary degree to bring the risk within the boundary of the risk appetite. October

6 3. Scope & Objectives of the Integrated Risk (IRMF) The development of a CCG Integrated Risk ensures appropriate processes are in place to ensure: All risks are identified and managed through a robust and agreed process All risks are approached in an integrated manner incorporating the organisation s corporate objectives, business planning processes and clinical governance procedures. WKCCG is kept suitably informed of significant risks facing the organisation and any associated mitigation plans, in order that it is able to effectively to govern the organisation. All managers, speciality leads, clinicians and stakeholders are responsible for ensuring all risks are flagged through the IRMF process to the organisation. That when commissioning, or expanding, reconfiguring or decommissioning services, equipment or facilities, the contract management process includes appropriate and robust risk management. Tthat risk management is integrated alongside Quality, Safety and Governance issues and with established local risk reporting procedures so as to ensure an effective integrated management process throughout all of the CCGs activities WK CCG will take all reasonable steps to manage risks so as to protect patients, staff and assets from preventable injury, loss and damage, and to ensure benefits of appropriate risktaking can be realised. A mature risk appetite is paramount to ensuring these benefits are not excluded. An organisation which is too risk averse will not be successful in achieving improvement through innovation. 4. Management of this Framework A monthly Board Assurance Framework (BAF) report will be submitted to the WKCCG monthly Governing Body meeting where any significant risks should be flagged and addressed by the Governing Body. All service leads are responsible for regularly updating the appropriate section of the BAF and the corporate risk register and the local implementation of any risk mitigation processes. The framework will be available to all WKCCG staff and stakeholders. October

7 5. WK CCG s Governance arrangements for risk The overall way in which the CCG governance structure will be deployed toward the management of risk is set out in appendix A to this report, and the responsibilities and duties of committees and for individual roles are described below: WK CCG s Constitution states that the functions and responsibilities of the Governing Body include providing assurance of strategic risk. WK CCG s Constitution states that the Aaudit Ccommittee shall review the establishment and maintenance of an effective system of integrated governance, risk management and internal control, across the whole of the Group's activities that support the achievement of the Group's objectives. The Committee shall seek reports and assurances from members of the Governing Body and senior employees as appropriate, concentrating on the over-arching systems of integrated governance, risk management and internal control, together with indicators of their effectiveness evidenced through the Committee s use of an effective assurance framework to guide its work and that of the audit and assurance functions that report to it. WK CCG s Constitution states the Prime Financial Policies are part of the Group s control environment for managing the organisation s financial affairs. They contribute to good corporate governance, internal control and managing risks. They enable sound administration, lessen the risk of irregularities and support commissioning and delivery of effective, efficient and economical services. Formatted: Font: (Default) Calibri, 12 pt, Font color: Black, Highlight Comment [SR3]: For discussion should this be amplified to stress the Audit Committee s responsibility for assuring Governing Body about the structures, processes and overall machinery for managing risk, rather than having responsibility for risk judgements? Accountability and management arrangements From 1st April 2013, the West Kent Governing Body will be solely accountable for the integrated risk management arrangements across the organisation and ensuring effective internal controls are in place. Any committees and sub-groups operating under WKCCG will need to report risks to the Governing Body for inclusion in the organisational BAF and corporate risk register, just as CCG service leads and stakeholders will be required to do. October

8 Individual Accountabilities Accountable Officer The Accountable Officer is ultimately responsible for risk management within the organisation. The Accountable Officer is required to understand the CCG s risk environment, including knowledge and understanding of the strategies that have been adoapted by the CCG and the risks inherent in any transformation strategies. The Accountable Officer will work with the Governing Body to ensure that the overall awareness and monitoring of risks is appropriately delegated. Specific responsibilities are: Continually promoting risk management and demonstrating leadership, involvement and support. Ensuring an appropriate committee structure is in place, with regular reports to the Governing Body. Ensuring that directors and senior managers are appointed with managerial responsibility for risk management. Ensuring appropriate Policies, Procedures and Guidelines are in place and operating throughout the CCG Chair of the WKCCG & the Governing Body The Chair of the WKCCG is expected to have the skills, knowledge and experience to assess and confirm that appropriate systems of internal control are in place for all aspects of governance, including financial and risk management. The Chair will report ensure that all significant risks and the proposed courses of action are reported to the Governing Body for the final decision on what actions to undertake and how to manage the risks. All Governing Body members are responsible for ensuring there is a structure in place within their groups to ensure effective risk management and clinical governance. This includes ensuring that local risk policies and procedures are developed, as well as a local risk register. Governing Body members have responsibility for ensuring, that reflecting and advising on whether the BAF Report contains sufficient meaningful information for Governing Body to be assured about the successful identification and management of risk by the CCG. staff receive appropriate training, and their respective registers are reviewed and appropriately reported. Comment [SR4]: Structures and systems to be the responsibility of AO/Co and Chiefs Lay Member with a lead role for governance October

9 The Lay member on the Governing Body with a lead role in overseeing key elements of governance is expected to have the skills knowledge and experience to assess and confirm that appropriate systems of internal control and assurance are in place for all aspects of governance, including audit, financial and risk management and managing conflicts of interest. Director of Quality The Nurse member of the Governing Body has a specific role in managing quality and safety within the CCG, and specific duties in relation to safeguarding of children and vulnerable adults. Chief Finance Officer The Chief Financial OfficerCompany Secretary & Head of Corporate Services is the CCG s lead director for risk management and is responsible for: Ensuring risk management systems are in place throughout the CCG Ensuring the Board Assurance Framework is regularly reviewed and updated. Ensuring that there is appropriate external review of the CCG s risk management systems, and that these are reported to the Governing Body Overseeing the management of risks as determined by the Executive GroupOperational Leadership Team (OLT) Ensuring risk action plans are put in place, regularly monitored and implemented. Ensuring that a risk register and a Board Assurance Framework are developed and maintained and reviewed by the OLT members and the relevant CCG Committees before report to Governing Body. Executive Group. Ensuring that monthly meetings are arranged with each of the Senior Management Team (SMT) to review risks within their area of responsibility. Ensuring that SMT have the opportunity to review risks jointly Providing advice to Directorates on the risk management process Ensuring that the Governing Body Assurance framework and risk register is up to date for the Governing Body and all of its sub committees Working collaboratively with Internal Audit Formatted: Indent: Left: 1.27 cm, No bullets or numbering Chief Finance Officer The Chief Finance Officer also has specific responsibility for the integrity of the system of internal financial controls, financial risk and for specific responsibilities as set out in the Standing Financial Instructions. The Chief Finance Officer: October

10 Holds executive responsibility for financial risk management, financial, performance management and is accountable to the Accountable Officer. Has professional responsibility for internal audit. Ensuring compliance with the core Financial Management standards Ensuring the effectiveness of the organisations financial control systems, including counter fraud measures. Ensuring that the significant financial risks faced by the CCG are identified and managed effectively. Directors and Service Managers The four Chiefs (members of the OLT) will have responsibility for establishing and maintaining operational risk registers for their leadership areas and ensuring that these feed in to the BAF report as necessary. The four Chiefs will have responsibility for ensuring that the relevant Committees of the Governing Body have the necessary information and regular opportunity to review risks pertaining to their remit. Directors and Service Managers Formatted: Indent: Left: 1.27 cm, No bullets or numbering Accountable and responsible for identifying and managing risks within their area of responsibility, ensuring the achievement of business and organisational objectives Responsible for putting in place within their area of responsibility systems that link in with processes described within this policy to identify and assess risk and Implement effective risk treatments and controls. Report risk in accordance with the organisations IRMF including reporting risk for inclusion on the Risk Registermonthly BAF report. Ensure all managers and staff under their management control, are aware of the organisation s Risk Management Policy, associated policies and of their responsibility for implementing them. Have a responsibility to ensure that policies and procedures are followed, that staff receives appropriate training that a local risk register is developed and monitored on a regular basis, and any risk or concerns that cannot be addressed locally are reported to the next tier of management. Formatted: Indent: Left: 0.63 cm, No bullets or numbering Corporate Governance Manager The Corporate Governance Manager has responsibility for: October

11 Ensuring that a risk register and a Board Assurance Framework are developed and maintained and reviewed by the Executive Group. Ensuring that monthly meetings are arranged with each of the Senior Management Team (SMT) to review risks within their area of responsibility. Ensuring that SMT have the opportunity to review risks jointly Providing advice to Directorates on the risk management process Ensuring that the Governing Body Assurance framework and risk register is up to date for the Governing Body and all of its sub committees Working collaboratively with Internal Audit All Staff All WKCCG employees are accountable, through the terms and conditions of their employment, professional regulations, clinical governance and statutory health and safety regulations, and are responsible for the following: Managing risk within their sphere of responsibility. It is a statutory duty to take reasonable care of their own safety and the safety of others who may be affected by acts or omissions. Neither intentionally or carelessly interferinges with or misusinges, or failing to use when required, any equipment provided for the protection of health and safety as per the Health and Safety at Work Act (1974). To attendundertaking all mandatory training as identified, whether as a new member of staff, on staff transfer or in a new role. To contributecontributing to assessing hazards /risks in own role and any potential risks to patients, users and visitors as well as bringing these to the attention of their managers. Reporting any unsafe occurrences, risks, incidents and near misses or serious incidents (SIs) using appropriate policies and procedures and taking remedial action in accordance with the organisations risk management policies and procedures. Taking care of their own safety and that of their colleagues and all other persons who may be affected by their actions or omissions. Independent Contractors, Community & Acute providers Clinicians within acute and independent providers are bound by their professional bodies to adhere to good clinical practice and the organisations are bound by statutory obligations as October

12 employers to comply with regulatory bodies to ensure standards of professional practice are met. Providers must ensure that they are managing both clinical and non-clinical risk within their organisations. Those providers commissioned by WKCCG will:the CCG should ensure that SLAs, contracts and performance management arrangements are used to ensure that its service providers: Be responsible for effectively manageing the clinical and non-clinical risks within their organisation;. Be responsible for complying with the organisation s respective regulatory bodies, as well as their its statutory obligations as providers and employers;. rregularly report to the CCG on their risk management systems as well as any identified risks and changes to risks within the organisation, to WKCGG at the regular performance/governance management meetings. Committee Accountabilities The Governing Body (Governing Body) The Governing Body has a duty to assure itself that the organisation has properly identified the risks it faces, and that it has processes and controls in place to mitigate those risks and the impact they have on the organisation and its stakeholders. The Governing Body discharges this duty as follows: Identifies risks to the achievement of its strategic objectives October

13 Monitors these via the Board Assurance Framework Ensures that there is a structure in place for the effective management of risk throughout the CCG Assures itself that controls and mitigation of risk are satisfactorily identified and implemented Approves and reviews strategies for risk management on an annual basis Receives regular reports from the Quality Committee identifying significant clinical risks Receives regular updates and reports from the Executive Group identifying significant risks and progress on mitigating actions Demonstrates leadership, active involvement and support for risk management Audit Committee Currently the Kent and Medway Audit Committee is responsible for providing assurance to the Governing Bodys that all strategic investment risks and issues relating to NHS Kent and Medway are being identified and reviewed regularly; and that appropriate actions are being proposed and decisions made in accordance with agreed policies, procedures, governance frameworks and standing orders. From the 1st April 2013, WKCCG will have establishedhas its own aaudit ccommittee to oversee this role for the West Kent arearisk management and assurance arrangements. The Committee shall review the establishment and maintenance of an effective system of integrated governance, risk management and internal control, across the whole of the Group's activities that support the achievement of the Group's objectives. Quality Committee The Quality Committee is a committee of the Governing Body and its purpose is to ensure that the Clinical Commissioning Group delivers its statutory responsibilities for care quality as well as ensuring that the function of risk management is applied to contract monitoring, the reporting and analysis of incident data and the provision of safe and effective system wide workforce. Other All Committees October

14 All Committees (Quality, Finance and Performance, Practice Engagement and Clinical Strategy Group) will receive risk management and assurance reports for consideration and amendment (where necessary) before their presentation to the Governing Body. In each of the Terms of Reference for the Governing Body and all of its sub-committees, there is should be a requirement to demonstrate through reports and minutes of meetings that they are pursuing and monitoring risk in an appropriate and systematic fashion, providing assurance to the Governing Body. The Operational Lleadership Team will manage day to day risks and the Finance and Performance and Finance committee will recommend to the Governing Body a Financial Strategy to include any risk-sharing or management arrangements. Joint collaborative arrangements will include how risks will be managed, and how disputes will be resolved. 6. The Risk Management Process The Australia/New Zealand Risk Management Standard (AS/NZS 4360/1999) has been adopted by many CCGs across the country as an internationally recognised model for risk management providing a generic model for the identification, analysis, prioritisation, October

15 treatment, communication and monitoring of risks across clinical and non-clinical services and activities at local and corporate level. The diagram below shows the Australian Standard of risk management. Diagram 1: Australian Standard AS/NZS: 4360/1999 WKCCG will apply an uniformed approach to risk management based on this system. To ensure the risk management process utilised by WKCCG is robust and efficient, the following steps should be followed: 1. Establishing the Context of the Risk: WKCCG will have specific aims and objectives around each activity undertaken. Risks entered on the risk register should be linked to these to provide context. 2. Risk Appetite: A risk appetite is defined as the amount of risk that an organisation is prepared to accept at any point in time. WKCCG is working towards the development of a mature risk appetite, whereby risks are considered in the context of long term benefits and managed at every step of the commissioning process with a zero tolerance approach to financial risk and breaches in regulations. 3. Risk Assessment: WKCCG will use the risk assessment matrix detailed in Appendix C. As per diagram 1, the method for assessing and appropriately escalating risk is undertaken in a number of steps: October

16 Establish Context Identify Hazards: responsibility for identifying risks is detailed in section 5 Analyse Risks: Using the risk assessment matrix (Appendix C) to determine the acceptable risks from the non-acceptable risks. Prioritise Risks: using the risk score calculated from the risk assessment matrix. Effective prioritisation will enable the appropriate risks to be escalated. Treat Risks: all risks must be mitigated for. Risk mitigation method should be decided by the Governing Body where a decision should be made whether to tolerate the risk (low risk), treat the risk (actions undertaken to reduce the risk), transfer the risk (transfer the risk to a third party) or terminate the risk (terminating the activity causing the risk). At all stages, risks and the processes involved in any risk mitigations should be communicated to the relevant members of staff and stakeholders. It is also the role of the Governing Body to ensure that regular monitoring and reviewing of the risk register and controls takes place, where current risks are updated and any new risks added. Risk Grading and the Risk Matrix The risk grading matrix in Appendix C provides WKCCG with a template by which to grade and therefore effectively prioritise any risks. The matrix is consistent with the guidelines from the National Patient Safety Agency on risk assessment. The Risk Register Each directorate within the CCGChief s area of responsibility will have an directorate operational risk register and specialty leads will be responsible for flagging any risks for their areas of specialty. Those risks graded red and amber (see Appendix C) will be escalated to the corporate risk registerbaf Report to Governing Body by the relevant Chief and Committee team director for review and assessment by the Governing Body. The Board Assurance Framework (BAF) The Board Assurance Framework summarises the CCG s principal objectives and the risks that threaten their achievement. It identifies the key controls in place to manage the risks and what assurances, both internal and external are available to demonstrate their effectiveness. October

17 7. Risk Management Training To enable the Integrated Risk to be fully implemented all CCG staff members and Governing Body members must receive training in the CCG risk assessment and management programme and all staff will be provided with a lead contact for risk management for the organisation for any questions or issues that may arise. 8. Safeguarding The CCGs systems for safeguarding adults and children are as follows: Its Safeguarding Policy There are clearly identified processes for initiating a child protection referral or adult protection alert and organisations must ensure that staff understand how to protect children, young people and adults at all levels across the organisation. There needs to be general awareness and understanding at all levels and a tiered level of knowledge and skills to support this. Formatted: Indent: Left: 1.27 cm, No bullets or numbering Safeguarding is wider than the traditional protection that clinical staff have familiarity with. This involves considering the interests and safety of all children, young people and adults in the broadest sense as well as protecting the vulnerable. This includes being aware of any circumstance which may cause harm, reflecting safeguarding within policy such as safer recruitment policy and learning from incidents. Responsibility for protecting children, young people and adults does not lie with one individual or group, but with all staff at every level of the organisation. The PCT, organisations, service providers and independent contractors should ensure that staff have the knowledge and skills to deal sensitively with the various circumstances in which the safeguarding of children, young people and adults is required. The CCG needs to have a mechanism to identify and manage the risks of failure of these systems. The overall governance structure within which Safeguarding risks are managed is as follows: October

18 Governing Body Quality & Safety Committee responsible for establishing appropriate arrangements for Protection Chief Nurse Adult and Children Protection 9. Associated PCT/CCG documentation Policy for the reporting and management of incidents and near misses including SUIs Procedure for reporting incidents near misses and SUIs and Never Events Complaints Policy Procedure for the Management of Claims Health and Safety Policy Review date; April 2013 Version Number; 2 For further information contact Reg Middleton Chief Financial Officer West Kent CCG Appendix A: West Kent CCG Risk Management framework October

19 Internal audit support Board Assurance Framework: West Kent CCG Governing Body PCT/CCG Audit Committee STRATEGIC risk review & challenge Operational Leadership Team (weekly) & CO/AO monthly one to one review with Chiefs Performance & Finance All Committees review (monthly review of corporate risk) Quality & Safety Committee (monthly review of clinical risk) Individual team risks identified and reviewed through regular senior management meetings Board Assurance Framework (BAF) rating 12 and above Risk register rating 10 and below Monthly one to one risk review meetings Senior management teamchiefs & Corporate Governance manager Risk Register & Board Assurance Risk Framework: Register & Board Assurance Framework Report: MANAGEMENT risk review & challenge OPERATIONAL risk identification & peer challenge Risk Identification from practices via practice feedback forms, Patch meetings, etc.locality management and other engagement forums October

20 Leave blank - the Risk Team will complete this Leave blank - the Risk Team will complete this What was the original risk score given to this risk? The score for this risk last month? Who is responsible for this risk and the action to address it? Directorate applicable to Corporate Risk Register Ref. No. Corporate Objective No. Local Risk Register No. Date Added to Corporate Register Description of Risk Original Risk Rate Current Consequence Current Likelihood Current Risk Rating previous month Last Review Date Owner Actions identified and being taken to reduce risks Consequence Likelihood Target Risk Score Progress on Action Appendix B: WK CCG Risk Register Rework to reflect the matrix already adopted and to align with CCG Assurance metrics Does the risk relate specifical ly to a certain directora te or area? Or the CCG as a whole? The next appro priate numb er refere nce for the risk on the risk registe r Describe the risk providing as much detail as possible so that it can be clearly understood including what the actual risk/s is/are and what the likely / possible consequences are. Please refer to the risk scoring matrix and guidance for help on calculating risk scores The date that this risk was last reviewed Summarise the action being taken to reduce / mitigate the risk. Be as clear and specific as possible. If no further action can be taken, please state this See the risk scoring matrix and guidance When you come to Formatted update the risk register Formatted be sure to describe Formatted in this column the Formatted progress being made Formatted in... the completion of the action as described in the action column. Include the date that Formatted this is being written... too.

21 APPENDIX C: RISK MATRIX FOR RISK ASSESSMENT (Adapted from HCSA (Keele University) Risk Matrix 2004 and NPSA Risk Matrix for Risk Managers 2008) Instructions for Use: Select a descriptor that best fits the issue/risk in question from the first column on the left hand side of the consequence table. Following the row of the selected descriptor, select the most appropriate description for the issue. The number at the top of the column of that description is your consequence score. Select the likelihood of occurrence from the likelihood table using either the frequency or probability of occurrence Multiply your consequence score with the likelihood score (CXL) to arrive at the risk scoring (Table 4) Record on the risk assessment form and/or risk register and follow the required action (Table 5). TABLE 1 CONSEQUENCE/SEVERITY SCORE (C) Domains Impact on the safety of patients, staff or public (physical/ psychological harm) Consequence score (severity levels) and examples of descriptors (taken from the National Patient Safety Agency) Insignificant Minor Moderate Major Catastrophic Minimal injury Minor injury or illness Moderate injury requiring Major injury leading to Incident leading to death requiring requiring minor intervention professional intervention long-term incapacity/ no/minimal disability Multiple permanent injuries or intervention or Requiring time off work Requiring time off work for irreversible health effects treatment for <3 days 4 14 days No time off work required Increase in length of hospital stay by 1 3 days Increase in length of hospital stay by 4 15 days RIDDOR/agency reportable Requiring time off work for >14 days Increase in length of hospital stay by >15 days An event which impacts on a large number of patients October

22 incident An event which impacts on a small number of patients Mismanagement of patient care with long-term effects Quality/complai nts/ audit Human resources/ organisational development/ staffing/compet ence Peripheral element of treatment or service suboptimal Informal complaint/inquiry Short-term low staffing level that temporarily reduces service quality (<1 day) Overall treatment or service sub-optimal Formal complaint (stage 1) Local resolution Single failure to meet internal standards Minor implications for patient safety if unresolved Reduced performance rating if unresolved Low staffing level that reduces service quality Treatment or service has significantly reduced effectiveness Formal complaint (stage 2) Local resolution (with potential to go to independent review) Repeated failure to meet internal standards Major patient safety implications if findings are not acted on Late delivery of key objective/ service due to lack of staff Unsafe staffing level or competence (>1day) Non-compliance with national standards with significant risk to patients if unresolved Multiple complaints/ independent review Low performance rating Critical report Uncertain delivery of key objective/service due to lack of staff Unsafe staffing level or competence (>5 days) Incident leading to totally unacceptable level or quality of treatment/service Gross failure of patient safety if findings not acted on Inquest/ ombudsman inquiry Gross failure to meet national standards Non-delivery of key objective/service due to lack of staff Ongoing unsafe staffing levels or competence Low staff morale Loss of key staff Loss of several key staff Poor staff attendance for mandatory/key training Very low staff morale No staff attendance for mandatory/key training No staff attending mandatory training/key training on an ongoing basis October

23 Statutory duty/ inspections No or minimal impact or breech of guidance/ statutory duty Breech of statutory legislation Reduced performance rating if unresolved Single breech in statutory duty Challenging external recommendations / improvement notice Enforcement action Multiple breeches in statutory duty Improvement notices Multiple breeches in statutory duty Prosecution Complete systems change required Adverse publicity/ reputation Rumours Potential for public concern Local media coverage short-term reduction in public confidence Elements of public expectation not being met Local media coverage long-term reduction in public confidence Low performance rating Critical report National media coverage with <3 days service well below reasonable public expectation Zero performance rating Severely critical report National media coverage with >3 days service well below reasonable public expectation. MP concerned (questions in the House) Total loss of public confidence Business objectives/ projects Finance including claims Insignificant cost increase/ schedule slippage Small loss Risk of claim remote <5 per cent over project budget Schedule slippage Loss of per cent of budget Claim less than 10, per cent over project budget Schedule slippage Loss of per cent of budget Claim(s) between 10,000 and 100,000 Non-compliance with national per cent over project budget Schedule slippage Key objectives not met Uncertain delivery of key objective/loss of per cent of budget Claim(s) between 100,000 and 1 million Purchasers failing to pay on time Incident leading >25 per cent over project budget Schedule slippage Key objectives not met Non-delivery of key objective/loss of >1 per cent of budget Failure to meet specification/ slippage Loss of contract/ payment by results Claim(s) > 1 million October

24 Service/business interruption Environmental impact Loss/interruption of >1 hour Minimal or no impact on the environment Loss/interruption of >8 hours Minor impact on environment Loss/interruption of >1 day Moderate impact on environment Loss/interruption of >1 week Major impact on environment Permanent loss of service or facility Catastrophic impact on environment October

25 TABLE 2 LIKELIHOOD SCORE (L) Descriptor Rare Unlikely Possible Likely Almost certain Frequency Not expected to occur for years. Expected to occur at least annually. Expected to occur at least monthly. Expected to occur at least weekly. Expected to occur at least daily. <1% 1-5% 6-20% 21-50% >50% Probability Will occur in exceptional circumstances. Unlikely to occur. Reasonable chance of occurring. Likely to occur. More likely to occur than not. October

26 TABLE 3 CONSEQUENCE MODIFIERS Modifiers may be necessary for certain consequences involving the probability (not frequency) of a risk affecting more than one person or involving a risk to minor or very important services, projects, or objectives. Modifiers should only be used when scoring consequences with descriptors highlighted in the same colours as in the modifier table. C = -1 (Minimum 1). C= + 1 (Maximum 5). C= +2 (Maximum 5). Formatted: Font: 14 pt, Bold, Font color: Custom Color(RGB(0,121,194)), Strikethrough Formatted: Strikethrough Formatted: Font: (Default) Arial, 10 pt, Font color: Auto, Strikethrough Formatted: Strikethrough Formatted: Font: Arial, Font color: Auto, Strikethrough Number of people affected. More than a single Ward or Department. More than the whole Trust (Local health economy). Formatted: Strikethrough Formatted: Font: Arial, Font color: Auto, Strikethrough Importance of service, project, or object at risk. Minor service/project/objective. Service /project/objective important to the whole Trust. Service /project/objective critical to the whole Trust. Formatted: Strikethrough Formatted: Font: Arial, Font color: Auto, Strikethrough Formatted: Strikethrough TABLE 4 RISK SCORING (CONSEQUENCE X LIKELIHOOD) Likelihood Consequence score Rare Unlikely Possible Likely Almost certain 5 Catastrophic Major Moderate Minor insignificant Formatted: Font: Arial, Font color: Auto, Strikethrough Formatted: Strikethrough Formatted: Font: Arial, Font color: Auto, Strikethrough Formatted: Font: Arial, Font color: Auto, Strikethrough Formatted: Strikethrough Formatted: Strikethrough Formatted: Strikethrough Formatted: Strikethrough Formatted: Strikethrough Formatted: Strikethrough October

27 TABLE 5 RISK FOLLOW UP/ ACTION REQUIRED Risk Score Risk Group Action Required 1-3 Low risk Routine risks which can be managed by routine procedures locally. 4-6 Moderate risk 8-12 High risk Extreme risk Action implemented as soon as possible, not later than a year. Urgent senior management attention required. Action planned within the month. Immediate action required by a Director who must be informed immediately. Brought to CCG Board attentionco/ao and Chair.. October