Risk Management Strategy

Transcription

1 Risk Management Strategy Solent NHS Trust policies can only be considered to be valid and up-to-date if viewed on the intranet. Please visit the intranet for the latest version. Purpose of Agreement Solent NHS Trust is committed to the implementation of a strategy that develops and maintains an open and proactive culture associated with all aspects of risk management. Document type Reference Number Version Strategy Solent NHST/Policy/RK02 5 Name of Approving Committee/Groups Assurance Committee Board for Endorsement Operational Date November 2015 Document Review Date November 2018 Document Sponsor (Name & Job) Document Manager: Document developed in consultation with Internet Location Website Location Keywords (for website/intranet uploading) Chief Nurse Clinical Risk Manager Quality Improvement & Risk Team, Trust Secretary Electronic Document Library Location: Solent NHS Trust Strategies: Intranet / Trust Website Risk Management, Risk Assessment, Risk Registers

2 Amendments Summary: Amend Issued Page(s) Subject Action Date No. 1 April 2011 All Complete review in line with significant changes in the organisational composition 2 July 2012 All Review to reflect the organisational changes and new objectives 3 November 2012 All -Review risk appetite include the role of TMTM -Inclusion of risk sharing arrangement - Reference and link to Clinical Risk Management Policy - Inclusion of the role of TMT - Removal of the role and function of the disbanded Quality, Risk and Workforce Subcommittee - Strengthen of risk management in project management - Inclusion to links to Monitor Quality Governance Framework - Updated Governance Structures 4 June 13 All Updated Organisational Governance Structure, s nd review of financial risk scoring matrix 5 September 14 All Reviewed and updated Review log: Version Review Lead name Approval Notes number date process 2 April 2012 R Taylor IGAP Approval 2 July 2012 R Taylor Assurance Approval Committee 3 November R Taylor Board Approved (subject to some changes, listed above) June 2013 R Taylor Policy Group Updated Organisational Governance Structure, and review of financial risk scoring matrix 5 June 2015 E. Peachey Assurance committee Reviewed and updated and agreed for submission as a Trust Strategy Risk Management Strategy V5 Page 2 of 24 xxxxxx 2015

3 Contents 1. Introduction 5 2. Risk Management Overview 5 3. Purpose and Scope 6 4. Definitions 6 5. Risk Management Objectives 7 6. Strategic Objectives 8 7. Risk Management Strategy Statement 8 8. Risk Management Approach 8 9. Roles and Responsibilities Risk Management Process Risk Identification Measuring and Reporting Communication and Consultation Training Equality and Diversity and the Mental Capacity Act Approval and Review Monitoring Compliance with the Strategy Supporting Documentation References and Links to Other Documents 21 Appendices 1 Solent NHS Trust Governance Committee Structure 22 Risk Management Strategy V5 Page 3 of 24 xxxxxx 2015

4 Risk Management Strategy This document aims to provide an overarching strategy for the management of internal and external risk in Solent NHS Trust for 2015/16 and beyond. It provides the framework for the continued development of risk management culture and processes throughout the organisation and describes levels of accountability, processes and frameworks. This effectiveness Risk Management Strategy will be subject to on-going review and will be part of each annual internal audit cycle. The Strategy has been approved and endorsed by the Board, as the agreed strategy and approach to the management of risk. This strategy seeks through its application to support all other key Trust strategies to ensure that the associated non-clinical and clinical risks are effectively managed to ensure delivery of all key objectives. The strategy has been developed using the NHSLA Risk Management standards although no longer a requirement these are a useful benchmark for good practice. The Key organisational strategies in place to enable achievement of the organisational objectives include Quality Improvement Strategy Information Technology Workforce and Organisational Development Foundation Trust Membership Commercial Estates Research & Development Care Group Strategies Sexual Health Services, Child & Family, Adult Services and Adult Mental Health The Strategy will integral to the achievement of our vision and mission Our vision - To lead the way in local care Our mission - To work in partnership to deliver better health and local care The Strategy will help achievement of our objectives Strategic Objective 1 To place the people who use our service at the centre of decision making Strategic Objective 2 To value, reward and develop our staff Strategic Objective 3 To deliver service and financial performance and cost improvement programmes safely and confidently Strategic Objective 4 To strengthen our commercial position and business resilience through relationship management, partnership and collaboration Risk Management Strategy V5 Page 4 of 24 xxxxxx 2015

5 1. INTRODUCTION 1.1 Healthcare is a complex business and successful management of the organisation, requires effective and robust risk management systems. 1.2 The Board of Solent NHS Trust recognises that sound risk management is essential for meeting key objectives and identifying and managing future opportunities and threats, by ensuring risk management forms a fundamental element of its normal business processes rather than a separate programme. 1.3 The Trust is committed to ensuring that responsibility for implementing risk management across the Trust is accepted and owned by all appropriate levels throughout the organisation, and by those with the necessary level of authority. (see page 21) 1.4 The purpose of this strategy is to set out the overall aims, objectives and rationale for risk management within Solent NHS Trust. 2. RISK MANAGEMENT OVERVIEW 2.1 Solent NHS Trust is committed to the achievement of its vision, values and supporting the achievement of its core objectives. In doing so the Trust realises that it will face a wide range of risks and opportunities 2.2 Risk is regarded as a quantifiable level of exposure to the threat of an event, action or situation that will adversely affect an organisation s ability to achieve its objectives or operate successfully. In simple terms risk is uncertainty. The task of the organisation is to effectively respond to these risks so as to maximise the likelihood of the organisation achieving its purposes and in doing so ensure the best use of resources. These risks can be associated with both clinical and non-clinical activities and processes. 2.3 Within healthcare some exposure to risks or risk taking will be necessary and tolerated. However this must be under a clear risk management methodology and culture that enables: An understanding of the type of risk and level of risk exposure that can be tolerated by the Trust and its services in going about its activities Consistent risk measurement, using agreed matrices so that risk priorities can be identified through a combination of impact and likelihood, concluding in the level of risk Understand the effect of the risk, should it be realised, on the ability to achieve its objectives and deliver safe high quality care The establishment of mitigation and control that is proportionate to the level of risk and that where the risk exposure is too high that further action is taken by management to reduce the risk to a acceptable and agreed level The on-going effectiveness of mitigation and control is subject to regular assessment and review in a systematic manner, providing subsequent assurance to responsible committees (see appendix 2) A solid awareness of risk at all levels within the Trust, in particular awareness of the appropriate mechanisms to ensure that risks can be escalated to a level of management that can effectively respond to them. Risk Management Strategy V5 Page 5 of 24 xxxxxx 2015

6 2.4 The establishment of effective risk management is recognised as being fundamental in ensuring good governance. Thus, these arrangements should be endorsed and up-held by the Trust Board and Trust Executive Leadership Team. These arrangements should be both proportionate whilst being suitably robust and transparent, underpinning the production of the Annual Governance Statement and assurance statements required by Monitor, under Quality Governance Framework issued by Monitor 2.5 The Annual Governance Statement forms part of the Annual Report of the Trust and is included in the Financial Statements. The Annual Governance Statement is a public report that confirms the on-going effectiveness of the internal control in the management of all type of business risk, both clinical and non-clinical. 3. PURPOSE AND SCOPE 3.1 Purpose: To ensure that risk management is a fundamental part of the total approach to quality governance, corporate governance, financial governance, information governance and clinical governance, and is considered at all levels within the organisation 3.2 Scope: This document applies to all directly and indirectly employed staff within Solent NHS Trust and other persons working within the organisation in line with Trusts Equal Opportunities Policy. 4. DEFINITIONS 4.1 Risk Management can simply be described as: A proactive way of protecting people, property, reputation and the objectives of the organisation from the uncertainty that risk represents The framework of risk management helps us understand what is going on and what we can influence A systematic process for identifying risks and opportunities by assessing potential consequences, looking at how likelihoods and impacts may be managed, monitoring actions and embedding escalation and reporting routes. 4.2 Risk can be described as: The effect of uncertainty on objectives which may be positive, negative or not what is expected The possibility and potential impact of incurring misfortune or loss 4.3 A hazard is anything with the potential to cause harm, damage, non achievement, or loss. 4.4 A control is something put in place to manage the likelihood and/or severity of exposure to risk, also known as mitigation. 4.5 An assurance is a level of confirmation / evidence that something (perhaps a control) is working as it is supposed to, thus giving the desired outcome. Risk Management Strategy V5 Page 6 of 24 xxxxxx 2015

7 5. RISK MANAGEMENT OBJECTIVES 5.1 The following objectives have been identified which form the basis of the Trust Risk Management Strategy. These objectives will be achieved through various mechanisms that are outlined in the risk management strategy and associated programmes of work: Promote awareness of risk management and embed the approach through all functions and management framework throughout the organisation Ensure the Trust has and maintains the required level of risk management infrastructure to successfully manage its risks and also be able to evolve this infrastructure to meet future demands Seek to identify, measure, control and report on risk that will undermine the achievement of objectives, both strategically and operationally, through appropriate analysis and assessment Protect the services, service users, visitors, staff, reputation and finances of the organisation through application of sound risk management Provide the Trust with adequate assurance that risk is being effectively managed through the establishment of appropriate risk management and escalation mechanisms for the purposes of decision making, coupled with proportionate monitoring and compliance of the process To ensure that risk management is properly managed and monitored through the Service line Clinical Governance Groups Achieve a level of significant assurance from internal audit each year Continue to ensure that staff are able to access the online reporting system and encourage reporting of all incidents Undertake a full internal audit in regards to level 1 compliance in practice and put in an action plan to deal with any gaps Ensuring that there is adequate IT arrangements for remote areas to be able to use the IT systems to report incidents and risks To ensure that appropriate training is available and delivered 5.2 The Trust will seek to identify the risk and its cause(s) at the earliest opportunity and then measure the risk effect. Wherever practicable, it will seek to apply a proportionate level of resources to control the risks whilst managing costs. It will prioritise risks relating to patient care and quality. 5.3 Furthermore, the Trust will seek to obtain assurance that the controls, on which it relies upon, to mitigate the risks are progressing and are effective for those risks that are residually classified as high / extreme. 5.4 Ultimately it is the role of Trust Management Team and the Quality Improvement and risk Group to ensure that risk is identified and appropriately mitigated on a day to day basis and it is the role of Assurance Committee and relevant sub-committees to obtain assurance that this is the case. They will then report through to the Audit & Risk Committee and Trust Board, providing assurance that the systems for the management of risk are fit for purpose. 5.5 The objectives will be achieved through: Risk Management Strategy V5 Page 7 of 24 xxxxxx 2015

8 Leadership and commitment from the Trust Board, supporting a culture of risk awareness and personal, professional and corporate responsibility, along with applicable accountabilities Clarity of understanding at all levels of the individual roles and responsibilities in the context of risk identification and management Providing a clear system and framework within which risks and adverse events may be identified, reported, analysed, managed and monitored Working in collaboration with services to ensure these risk management objectives are achieved Sharing good practice, effective risk management actions and audit recommendations which reduce exposure to risk Providing appropriate training to ensure staff have the appropriate knowledge and skills, including at Board Level Complying with legislation, regulations and best practice standards Providing clarity through working with partner organisations to define common approaches and risk sharing arrangements Reducing the adverse impact of adverse events, complaints and claims. Ensuring that lessons are learnt from risks, incidents, complaint and claims 6. STRATEGIC OBJECTIVES 6.1 The aims and the risk management strategy will support the achievement of Trust s Strategic Objectives by: Maintaining the safety and welfare of patients, staff, visitors Providing a strong risk management framework, supporting the organisation strategies, allowing the service to move forward, innovate and provide high quality care Enhancing the reputation of the Trust and increasing public confidence in NHS services and Trust activities Assisting with the management of financial risk 7. RISK MANAGEMENT STATEMENT 7.1 The Trust is committed to ensuring that the management of risk underpins all key strategies, processes and activities that lead to the achievement of Trust main objectives and operations, therefore safeguarding against the following: Risk Management Strategy V5 Page 8 of 24 xxxxxx 2015

9 Financial loss Damage to the Trust image and reputation Failure to deliver key objectives or regulatory compliance Injury and / or death of staff, service users & visitors involved in Trust activities. 7.2 It is vital that for each key process or activity that contributes to the achievement of Trust objectives or operations then the following is known: the type and level of risk for each process and / or activity; how the risk is being identified and managed and who is responsible for the management of the risk; whether further action should be considered to further mitigate the risk, including transfer of the risk where possible (i.e risk sharing or insurance), or whether Trust will knowingly accept the risk, through appropriate escalation and authority in line with this strategy 7.3 The Trust recognises that the application of risk management practices should not and will not eliminate all risk exposure. Moreover, through the application of a sound risk management approach then it is expected the Trust will have a better understanding of the risks being faced and their implications for the business. Therefore informing decisionmaking and creating opportunities for service improvement or commercial advantage. 7.4 The Risk Management Strategy will enable the Trust to obtain, maintain, assess and respond to its changing risk profile depending on its risk appetite. See section The following elements make up the Risk Management Strategy: Objectives Approach Roles and Responsibilities Processes Risk Identification Risk Measurement Risk Analysis Risk Control / Mitigation Risk Appetite / Tolerance Risk Escalation Monitoring, review and reporting Board Assurance Framework. 8. RISK MANAGEMENT APPROACH 8.1 The Trusts approach to risk management will encompass the breadth of the organisation by considering financial, organisational, reputational and project risks, both clinical and non- Risk Management Strategy V5 Page 9 of 24 xxxxxx 2015

10 clinical for all parts of the organisation involved. See Appendix 1 for the organisation s governance committee structure. 8.2 This will be achieved through: having an appropriate risk management framework with appropriate delegations of authority, seeking competent advice and seeking assurance Having a clear risk appetite, risk culture, philosophy and adequate resources for risk management Integration of risk management into all strategic, operational and project management activities Identification and analysis, active management, monitoring and reporting of risk across Trust Ensuring appropriate and timely escalation of risks Excellent communication encouraging the sharing of experiences and learning in a fair blame culture Consistent compliance with legislation, relevant standards, targets and best practice Ensuing that robust business continuity plans and recovery plans established and regularly tested. Ensuring that where the Trust engages in joint ventures or other arrangements where risk exposure could be possible for the Trust, where there are shared or perceived responsibilities and accountabilities exist. 9. ROLES & RESPONSIBILITIES 9.1 The following section covers the roles, responsibilities and the main duties in regards to risk management and governance across Corporate, Service line and team levels. Detailed responsibilities of committees will be listed in the applicable Terms of Reference. (Appendix 2) 9.2 Committees See Appendix 1 for Solent NHS Trust governance committee structure. 9.3 Solent NHS Trust Board The Board will be responsible for: Having overall accountability for the management of governance, quality, risk and assurance, determining the strategic approach to risk and setting the risk appetite for the organisation Ensuring and approving the structure and framework for risk management Risk Management Strategy V5 Page 10 of 24 xxxxxx 2015

11 Consideration whether, and seeks assurances that the organisation has implemented an effective system of internal control, including appropriate risk management arrangements Regularly receiving the Assurance Framework, which contains the most significant risks that can impact of the achievement of the specific strategic objectives Regularly reviewing all extreme operational risks from the services, through the Corporate Risk Register or exception reports Receiving risk assurance reports form the Assurance Committee and respond to issues raised by this committee and the Audit & Risk Committee in regards to risk, internal control and assurance. 9.4 Audit & Risk Committee The Audit Committee will be responsible for: 9.5 Assurance Committee Providing assurance to the Board on the effectiveness and adequacy of the processes for managing principle risks and risk management framework Challenging the way in which risk is managed, particularly where there is uncertainty or concerns over the effectiveness of existing arrangements. This could include requesting attendance at meetings for the purpose of providing relevant information for assurance purposes Audit and Risk Committee have overall responsible for programming work related to external and internal assessments of the Trusts risk management arrangement, including governance and performance, including corporate information and nonclinical governance, assessment against the previous NHSLA Risk Management Standards as these were a good benchmark. Recommending specific risk management issues for investigation to the Assurance Committee or Service Line Clinical Governance Groups Issues may be referred to the Audit & Risk Committee by the Board or the Assurance Committee for further scrutiny Receiving and reviewing the Corporate Risk Register report at each meeting. Ensuring that arrangements of risk management are regularly included in the cycle of internal /independent audits The Assurance Committee will be responsible for: Being accountable for providing the Trust Board with overall assurances that the management of the Trusts risks to quality and safety is effective. The committees of the Board and Subcommittees Assurance Committee will be the forums through which these duties are discharged and are achieved. Principally the Service Line Clinical Governance Groups will be the main forums where the Assurance Committee will seek its assurance. Risk Management Strategy V5 Page 11 of 24 xxxxxx 2015

12 Overseeing and monitoring clinical governance and risk management and quality. It will report regularly to the board on these areas Receiving and reviewing the Corporate Risk Register report at each meeting. Has delegated authority to ratify, on behalf of the organisation, those policies that fall within the remit of the committee s terms of reference. The Clinical Risk Manager will also ensure that the Committee is signposted to any specific areas of concern via the Risk Register report. 9.6 Trust Management Team (TMT) The TMT will be responsible for: Overseeing the operation of the risk management framework for Solent NHS Trust, providing assurance of its effectiveness to the Assurance Committee Considering all aspects of risk assurance to ensure that the organisation is responsive in appropriately managing it risks, including operating safely and legally, plus exploiting risks which expose potential opportunities. Work closely with the Clinical Directors, as part of the membership in regarding to the management of specific risk at service level Review the Corporate Risk Register and hold Clinical Directors to account for their risks mitigation plans Identifying clinical and quality facets of risk ensuring that these are well managed. 9.7 Quality Improvement and Risk Group The purpose of the Quality Improvement and Risk Group is to: Have detailed oversight of matters relating to leadership and management of the quality, safety and risk agenda within the Trust and all subcontractors (including: patient safety & experience, infection control, health and safety, safeguarding, risk management, research & development, clinical effectiveness and audit, medicines management) and interface issues with other providers on patient pathway Seek assurance that effective governance arrangements are in place at all levels within the Trust and with subcontractors and partners. Provide strategic direction to Service Lines and corporate functions to ensure that the Trust is providing high quality, safe, effective care, fostering a culture of continuous improvement, learning and development. Review and recommend to the Board, via the Assurance Committee, any strategies, policies and procedures relating to quality, safety and risk which support the delivery of the Trust strategic objectives. Risk Management Strategy V5 Page 12 of 24 xxxxxx 2015

13 9.8 Service Line Clinical Governance Groups These groups will be responsible for: Having clear and robust governance and management structures to assist and ensure effective risk management at service line and service level Having local groups in place and managing the risks associated with their services and activities, which report to the Service Line Governance Group Identification and management of risks, through local risk registers Monitor the risks, incidents, claims and complaint within their division, ensuring that action plans are developed and progressed. A member of the Quality and Risk team will be a core member of these groups ensuring that risk, particularly patient safety and quality risks are captured Having and utilising processes for escalation of risks to the Corporate Risk Register and Executive Directors. 9.9 Other Trust Committee s and Groups Risk Management is part of the whole organisation and therefore all committees and groups will have a level of risk management responsibility. These committees / groups will have a range of responsibilities in regards to the business and services of the Trust and the management of associated risks The Chief Executive The Chief Executive is ultimately accountable for all risks relating to the delivery of all clinical and non-clinical services provided by the Trust and will lead on determination of the strategic approach to risk. The Chief Executive will establish the structure for risk management and will lead the organisation in any time of crisis Company Secretary The Company Secretary is responsible for ensuring that the Board Assurance Framework is developed, reviewed and reported to the Board and Audit & Risk Committee. The Company Secretary and Clinical Risk Manager will ensure that the BAF adequately reflects the significant risks from the Cooperate Risk Register where the need to be added to the BAF 9.12 Chief Nurse Is the nominated Executive Lead Director for risk management and governance providing drive, vision and senior level leadership for this agenda Director of Finance and Performance The Director of Finance & Performance is the designated Executive Director responsible for internal financial control and sound financial governance Deputy Director of Nursing Risk Management Strategy V5 Page 13 of 24 xxxxxx 2015

14 The Deputy Director of Nursing is responsible leadership for the quality governance, assurance and risk management agenda and developing and overseeing the risk management strategy, the internal procedures and risk structures. They will coordinate risk management activities and ensure risk information and reports are compiled to inform the organisation. They will provide specialist expertise in this field and will liaise externally on behalf of the organisation. They will ensure that business continuity and disaster recovery plans are established and are regularly tested Clinical Risk Manager Clinical Risk Manager: Is responsible for risk management activities providing leadership and expertise in the clinical risk field. Ensures there are structured and systematic processes for the assessment, analysis, control, and prioritisation of risks Oversees the risk management function, developing an organisational philosophy of learning from issues raised through risk management processes. Ensure that organisational learning occurs from Incident reporting and any follow-up investigations, across the Trust in conjunction with the Quality and Risk Team Risk Management Team The Risk Management Team will: Provide professional advice and support to the services and staff in support of risk management. Regularly analyse adverse event and trend reports from services and will ensure that evidence is received in a timely manner so as to influence practice and manage areas of concern Monitor appropriate response and organisational learning following adverse events, external visits, national reports and alerts Benchmark organisational information, encouraging learning from best practice Work closely with all services, promoting good working relationships, in order to ensure continuous improvement and consistency within risk management approaches and processes Report and manage Serious Incidents Requiring Investigation (SIRI) and High Risk Incidents, including the support of investigations Raise concerns generated from reviews/analysis with Clinical Directors/Operational Directors and Non-Medical Clinical Governance Leads Place significant risk and threats to the organisation on the risk register Provide specialist advice to services Risk Management Strategy V5 Page 14 of 24 xxxxxx 2015

15 9.17 Clinical Directors and Operational Directors Senior managers will provide leadership for the risk management agenda and ensure that responsibilities to identify, record, analyse, control and communicate risk issues (via processes such as Risk Assessment, Adverse Event (Incident) Reporting and Risk Registers are in place within the divisions They will be responsible for the management of risk inline with their level of authority as listed in section Managers at Local Level Managers are responsible for: Ensuring that risk management is integrated into all operational activities at a local level Ensuring that risk registers are maintained and local (service level) risks are validated and escalated appropriately as per process detailed in this document Ensuring that appropriate and effective risk management processes are in place within their designated area(s) and scope of responsibility; and that all staff are aware of the significant and potential risks within their work environment and of their personal responsibilities Ensuring that all policies, protocols and guidelines pertaining to risk assessments and management are carried out within their services /departments, in liaison with appropriate identified relevant advisors where necessary e.g. Health & Safety, Infection Control and Safeguarding leads Implementing and monitoring any identified and appropriate risk management control measures within their designated area(s) and scope of responsibility. In situations where significant risks have been identified and where local control measures are considered to be potentially inadequate, these are to be raised to the applicable Directors Ensuring Health and Safety legislative requirements are complied with by ensuring that adequate resources are made available to provide safe systems of work and care for patients. This will include making provision for risk assessments, appropriate control measures, raising outstanding concerns, staff training, ensuring safe working procedures/ practices and continued monitoring and revision of same. These responsibilities extend to anyone affected by the organisation s operations including sub-contractors, members of the public and visitors Ensuring that all their staff receive training in line with the Training Needs Analysis and mandatory updates are attended Identifying suitable staff to be trained as Risk Assessors (covering statutory risk assessment duties) and to facilitate their release to carry out these duties Monitoring clinical and non-clinical performance, where appropriate, using robust clinical governance mechanisms to ensure safe, high quality care Risk Management Strategy V5 Page 15 of 24 xxxxxx 2015

16 Ensuring the identification of all employees who require health surveillance according to risk assessments; ensuring that where health surveillance is required no individual carries out specific duties covered by the surveillance until they have attended the Occupational Health Department Making adequate provision to ensure that fire and other emergencies are appropriately dealt with and business continuity arrangements are in place Ensuring compliance with all Information Governance requirements through the Connecting for Health IG Toolkit, subsequent plans and associated policies Providing assistance as reasonably requested in times of crisis The management of risk inline with their level of authority as listed in section Staff All staff within the Trust have a responsibility to understand, accept and implement the mechanisms in this Strategy. Staff have a responsibility for actively identifying and addressing risk and for undertaking their roles with full appreciation for the risks and the potential consequences of their actions All staff have a responsibility in relation to health and safety risks, to take action to protect themselves and others. Organisational policies and the Training Needs Analysis (TNA) detail the required training that is provided in each risk area. Staff must take responsibility to ensure that they attend training as required All staff are responsible for: Ensuring that identified risks and adverse events are dealt with swiftly and effectively, and reported to ensure further action/learning may be taken as necessary Adherence to their professional codes and providing safe clinical practice in diagnosis and treatment Complying with all approved policies and Standard Operating Procedures Reporting inefficient, unnecessary or unworkable risk controls Neither intentionally, nor recklessly interfering with nor misusing any equipment provided for the protection of safety and health Being aware of relevant emergency procedures e.g. resuscitation, evacuation and fire precaution procedures appertaining to their particular Directorate/Department locations Co-operating with management on incident investigations Providing assistance as reasonably requested in times of crisis. Risk Management Strategy V5 Page 16 of 24 xxxxxx 2015

17 Communication and Consultation 10. RISK MANAGEMENT PROCESS 10.1 Risk Management is the responsibility of everyone in the organisation. The risk management process is a continual cycle, systematic approach to all risks throughout the Trust, as illustrated below: Establish Context Identify Risks Analyse Risks Monitor and Review Evaluate and Rank Risks Action Plans to mitigate risk / Accept Risk 11. RISK IDENTIFICATION 11.1 Risk management is an integral part of the culture of the organisation with leadership from the Board and a structure that permits staff to identify and report risk at all levels Risk identification establishes the organisation s exposure to risk and uncertainty. There is no one correct way to identify risks and, in practice, the use of multiple methods by different staff groups, is more successful. The risk identification processes used by the organisation will include, but is not limited to: General risk assessment process Clinical risk assessments specific to individual patients Quality Impact Assessments Adverse event report Serious Incidents Requiring Investigation (SIRI) Claims, inquest and complaints information Business decision making and project planning External/Internal audits findings. Patient & Staff Experience and other surveys Triangulation and analysis of trend and other data Whistle blowing events Being Open / Duty of Candour 11.3 Risk Assessment Process The organisation has a structured risk assessment process. This also includes having trained risk assessors in place to undertake assessment to support local management. Risk Management Strategy V5 Page 17 of 24 xxxxxx 2015

18 The Service Manager is responsible for managing action planning against identified risk and for escalating risks with additional resource implications via the Service & service line risk registers. The Risk Management Team receives and centrally records risk assessments to identify commonalities for organisational risk treatment Adverse Event Report (AER) trends and data analysis All staff are required to report incidents and near misses using the Adverse Event Report (AER) process. Line Managers and Service Managers use these reports to identify risks and take immediate and planned risk management action. The Trust has in place a web base incident reporting system and where possible this must be used. Some areas do not have IT access to this system and will report on the paper incident form until such time this can be resolved The Risk Management Team provides bespoke reports and trend analysis for managers for risk identification and monitoring. The Team also carries out high level analysis to identify trends and risk issues, reporting the Assurance Committee and the Quality & Risk Subcommittee 11.5 Serious Incidents Requiring Investigation (SIRI) The organisation externally reports, as required, the most serious incidents that occur. These incidents are investigated to identify contributory factors and root causes, where risk treatment will then be instigated to prevent future occurrence. Identified residual risk from these investigations will be added to the applicable risk register where appropriate 11.6 Business Decision Making and Project Planning Risk identification is an essential part of business planning and project management to ensure the identification of those risks that could impact on achievement of objectives and risks that would be present if objectives aren t achieved. Risk identification will be used to seek business opportunities to exploit and as a fundamental part of all proposed projects. All significant service transformation or change is required to undertake a formal Quality Impact Assessment (QIA), in line with the QIA process document Strategy Development Analysis Developments in strategy can and do have considerable impact on service provision, plans, organisational form and staff. Senior Managers will look to their own field and specialism to identify potential risks and opportunities. 12. MEARSURING and REPORTING 12.1 Adverse Event Report (AER) forms and risks will continue to be reported on the Ulysses Safeguard Risk Management system at a local level. These incidents and associated risk will then be reported and escalated as appropriate in the system, including to local management and the risk management team 12.2 The organisation will operate with a pyramid of risk registers with a clear escalation route from Departmental to Service to Corporate risk registers. A mechanism is in place to escalate to the Corporate Risk Register and Board Assurance Framework. A risk register is not a static Risk Management Strategy V5 Page 18 of 24 xxxxxx 2015

19 record but should be viewed as an action plan giving details of current controls and auditable actions for risk treatment The organisation will report Serious Incidents Requiring Investigation (SIRI) using the Strategic Health Authority STEIS system. These incidents will be investigated and reported to the SIRI Panel and to the appropriate Commissioner for closure Patient safety incidents reported using the AER forms will be regularly reported to the National Reporting and Learning Service (NRLS) by upload from the risk management database Solent NHS Trust will adopt the following approach: Apply a scale of 1 to 5 to measure or score the impact and likelihood and thus through their combination determine the risk classification or priority 1 of the risk. A risk matrix is attached below In order to assess likely risk: Ask what are the consequences if it occurs? Ask how likely is it to occur? Multiply the consequences by likelihood using the matrix to define the level of risk severity This process can and should be used for all types of risk, eg clinical, non-clinical, strategic, financial, operational, information governance etc. Further matrix s to aid with the assessment process of other areas and impact guidance can be found at (appendix 8). 13. COMMUNICATION & CONSULATION 13.1 Communication and Consultation are important consideration at each step of the risk management process and staff and managers are to ensure this occurs. This will also be achieved through the relevant committees and groups responsibility for the management of risk. It is important to develop a communication plan for both internal and external stakeholders at the earliest stage required 13.2 The strategy will be a document used as evidence in any NHS Litigation Authority assessment This strategy will be made available to Commissioners and to contracting bodies upon request This strategy will be published on the Trust intranet and staff will be made aware through training sessions and by Team Brief. 14. TRAINING 14.1 Training to ensure competency at all levels is recognised as one of the most cost effective controls for good risk management. The organisation is committed to a system of corporate and local induction for all new starters and those returning to work after a long absence. 1 The Trust have chosen a risk measurement methodology based on that provided by the NPSA guidance a risk matrix for risk managers (January 2008) Risk Management Strategy V5 Page 19 of 24 xxxxxx 2015

20 Risk Management related training is on going for all staff and will be delivered in line with the Trust Training Needs Analysis (TNA), which is managed by the Trust Learning and Development Team. This Team will ensure that systems are in place to ensure attendance for training The Trust recognises that senior management will need training in risk management which is more suited to their role, level of accountability and authority. Therefore bespoke training will be provided to the Trust Board and Directors. This process will be co-ordinated by the Head of Risk Management and attendance at an appropriate session and will be formally recorded and followed up by Head of Risk Management. 15. EQUALITY & DIVERSITY AND MENTAL CAPACITY ACT 15.1 No equality or diversity issues have been identified as a result of this Strategy This strategy was assessed and meets requirements of the Mental Capacity Act APPROVAL AND REVIEW 16.1 The Risk Management Strategy for Solent NHS Trust was approved at the Quality Improvement and Risk Group and ratified by the Assurance Committee 16.2 The Strategy will be formally reviewed on an annual basis and where there are no significant changes it will be approved by the Assurance Committee on behalf of the Board. 17. MONITORING COMPLIANCE WITH THE STRATEGY 17.1 Trust Management Team and the Clinical Risk Manager will be principally responsible for ongoing review of this strategy, to ensure that the systems and arrangements described are followed and working effectively Independent assurance will be gained when required, by means of the Internal Auditors, to assess the operation of the risk management framework of the organisation. Internal Audit support may also be requested to assess specific controls, areas or risks identified through these processes. 18. SUPPORTING DOCUMENTATION 18.1 The Trust intends to implement this strategy by means of the following key policies, which is not an inclusive list. Further advice and support may be requested from the Risk Management Team. Health & Safety Policy Adverse Event (Incident) Reporting Policy Significant Incidents Requiring Investigation (SIRI) Policy Infection Control Framework Policy Security Management Policy Counter Fraud Policy Complaints Policy Learning & Development Policy Training Needs Analysis Claims Policy Risk Management Strategy V5 Page 20 of 24 xxxxxx 2015

21 Whistleblowing Policy Information Governance Policy Being Open Policy. Supporting staff involved in a Incident, Complaint or Claim 19. REFERENCES AND LINKS TO OTHER DOCUMENTS The Risk Management Process, Federation of European Risk Management Associations (FERMA), 2005 A Risk Management Standard, The Association of Insurance and Risk Managers, (AIRMIC), 2002 Corporate Manslaughter and Corporate Homicide Act, 2007 A Risk Matrix for Risk Managers, NPSA, January 2008 Department of Health (2003) Building the Assurance Framework: A Practical Guide for NHS Bodies London: Department of Health Consequence Grading Matrix (from A Risk Matrix for Risk Managers Jan 2008 NPSA) ISO Risk management Principles and guidelines A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000, Airmic, Alarm, IRM 19.1 The strategy takes into consideration the requirements as set out in the registration requirements for Care Quality Commission (CQC) and the National Health Service Litigation Authority (NHSLA) Risk Management Standards. It also ensures procedures and processes are in place to implement any new guidance, advice, etc received from the National Patient Safety Agency (NPSA), Medicines and Healthcare products Regulatory Agency (MHRA) and any other relevant external bodies through the Central Alert System (CAS) The Management of Health and Safety at Work Regulations 1999 and the Workplace (Health, Safety and Welfare) Regulations 1992 (As Amended 2002) require that employers should carry out assessments of the risks created by their operations, which may affect their employees, or anyone else who might be affected. Furthermore, the Corporate Manslaughter and Corporate Homicide Act 2007 highlights the commitment required of senior management to take reasonable steps to protect employees, or anyone else who might be affected where risks are created by their operations; the implementation of robust risk management systems is of paramount importance. The Data Protection Act (DPA) 1998, the Freedom of Information Act (FOI) 2000 and other legislation requires organisations to comply with rules relating to the handling of information. Risk Management Strategy V5 Page 21 of 24 xxxxxx 2015

22 APPENDIX 1 Solent NHS Trust Governance Committee Structure Risk Management Strategy V5 Page 22 of 24 xxxxxx 2015

23 Risk Management Strategy V5 Page 23 of 24 xxxxxx 2015

24