RISK MANAGEMENT ANNUAL REPORT 2016/2017

Transcription

1 RISK MANAGEMENT ANNUAL REPORT 2016/2017 Lead Executive Director Dr Iain Wallace, Medical Director Report Prepared By Mrs Carol McGhee, Corporate Risk Manager Approved By Corporate Management Team May 2017 Received By Audit Committee June 2017 Endorsed By NHSL Board August 2017

2 CONTENT Page 1. ASSURANCE STATEMENT 3 2. INTRODUCTION 5 3. RISK MANAGEMENT RE-ORGANSATION 6 4. STRATEGY AND FRAMEWORK YEAR Risk Management Strategy Review Organisation Structure : Risk Management Reporting Electronic Risk Management System: Datix Adverse Event Data Risk Register NHSL Risk Register Profile Risk Management Key Performance Indicators Training Management of Adverse Events Policy Management of NHSL Corporate Policies WORK ACTIVITY FOR YEAR 2017/

3 1. ASSURANCE STATEMENT As outlined within the Audit Committee Handbook, Scottish Government, (2008), a key role of the N H S L a n a r k s h i r e ( N H S L ) Audit Committee is to support the Board and Accountable Officer to maintain a sound system of internal control, demonstrated through assurance, defined as an evaluated opinion, based on evidence gained from review, on the organisation governance, risk management and control framework. The Corporate Management Team (CMT) agreed, at its meeting on February 2017, an annual evaluation of the risk management arrangements to assure the Audit Committee, and ultimately enable the Chief Executive to complete the Corporate Governance: Governance Statement. This annual evaluation was set out in the Key Lines of Enquiry, based on Annex F of the Audit Committee Handbook. This completed evaluation was agreed by the CMT members in February 2017 and was received by the Audit Committee in March Based on the core requirements of the framework already in place, the following are the areas of work undertaken this year, and areas of work identified for improvement in 2017/18 to continue to strengthen the risk management framework. Strengthening of the Risk Management Framework in year: The CMT has received the following risk management reports on a monthly basis, throughout 2016/17: o Corporate Risk Register Report, including identification of coowned risks as the Health & Social Care partnerships have evolved o Category 1 Adverse Event Report o Corporate Policies Report The implementation of a compliance and assurance schedule of reporting for CMT and the Audit Committee included: o Review of the Risk Management Strategy o Quarterly Risk Management Process Compliance Report o Quarterly Risk Management Report o Annual Key Lines of Enquiry o Risk Management Annual Report CMT Risk Register reporting has improved to include risk profile, heatmap and overview of risks exceeding tolerance Internal audit reports on the management of Adverse Events were received by both the CMT and the Audit Committee, resulting in improved Category 1 Adverse Event Reporting from September 2017 and the appointment of an Adverse Events : Project Manager to fully review the Adverse Events Systems and Processes Review of the Documentation Library system for Significant Adverse Event Reviews and implementation of a revised system Continuous improvement of Category 1 Adverse Event Reporting to CMT to include monitoring of Significant Adverse Event Review process 3

4 RISK MANAGEMENT ANNUAL REPORT 2016/17 Review of the Risk Management Strategy, including revised Risk Appetite Statement Review of the risk register processes set out in the Risk Register Policy Improved monitoring of the key performance indicators (KPI) for the closure of incidents Review of the Category 1 Incident Review Group function Extended Category 1 electronic notification to designated Executive Directors and Operational Management Teams Review of, and implementation of the revised format of the Adverse Event reports for Healthcare Quality; Assurance and Improvement Steering Group (QAISG) and the Healthcare Quality; Assurance and Improvement Committee (HQSAIC) Evaluation of the SAER learnpro module Joint review of risk register process with North and South Health and Social Care Partnerships through workshop participation and facilitation Review, refinement and implementation of a modified risk assessment process to be applied to all Cash Releasing Efficiency Schemes (CRES) Testing of Incident Decision Tree Review of the Term of Reference for the Risk Management Improvement Group Through re-organisation, improvement work for will have a focus on the monitoring, review and reporting of the risk register framework, with review, developments and improvements to the effective management of adverse events being directed through the Quality and Improvement Directorate. Key areas identified for continuous improvement for : Implementation of the revised risk register policy Advise on, and implement changes to the electronic risk management system, risk register module Monitoring of the application of the risk register policy across NHSL Implement and monitor the change to the to the risk register matrix Reformatting of risk reports to align with changes to the risk appetite and tolerance approach Review of, and continuous improvement to the format of the risk management process compliance report Audit of the Acute operational risk registers Continue to provide subject expertise, and work in collaboration with the North and South H&SCP to agree and support a consistent approach to risk register management across the partner agencies Consider an approach to assessing organisation behaviours as a component part of understanding the overall risk culture Annual review of the risk management strategy Undertake an annual sense check of the Corporate Risk register with the CMT members 4

5 From the work undertaken during the year, the agreed evaluation through the Key Lines of Enquiry and the Interim Evaluation of Internal Control Framework 16/17 : Assessed Outcome for Corporate Governance : Risk Management Arrangements assessed as Level C, the CMT can confirm that there were adequate and effective risk management arrangements in place throughout INTRODUCTION The duty of the NHS Lanarkshire (NHSL) Board is to deliver healthcare both within the l aw, and without causing harm or loss to the o rganisation and all it represents. It does this by ensuring there is an effective Governance Framework, and operating a Governance System and Risk Management. This report sets out to confirm that there have been adequate and effective risk management arrangements in place throughout the year and highlights material areas of risk. Good risk management has the p o t e n t i al to i m p a c t on performance improvement, leading to: Improvement in service delivery More efficient and effective use of resources Improved safety of patients, staff and visitors Promotion of innovation within a risk management framework Reduction in management time spent fire fighting Assurance that information is accurate and that controls and systems are clear and defensible. Application of the risk management framework will ensure the O rganisation s management understands the risks to which it is exposed and deals with them in an informed, proactive manner. Staff are empowered to use their professional judgement in deciding which risks are significant. The complete elimination of risk will not be a feasible goal for the Board, however in certain circumstances calculated and balanced risk taking and risk mitigtion will be required to achieve creative or innovative solutions that will help to improve the services to patients, as expressed through the risk appetite statement. In seeking to deliver these objectives, the CMT will advise on/oversee and/or support: Implementation of the Risk Management Strategy & Framework Management of risk within the Board, including the risk register process NHSL Corporate Risk Register Risks highlighted through the organisation Risk tolerance measures, specifically the high and very high graded risks Quarterly process compliance reporting with the risk KPI s Category 1 adverse event reporting 5

6 Application of risk management at all levels in NHS Lanarkshire will further underpin the success o f Achieving Excellence: A Plan for Person-Centred, Innovative Healthcare to Help Lanarkshire flourish, March 2017and the NHSL Transforming Patient Safety & Quality of Care in NHS Lanarkshire, by defining the amount of balanced risk that can be taken to achieve the strategic aims. There has been, and will continue to be a strengthening of the r isk m anagement f ramework at both corporate and at an operational level to identify risks and to put in place control measures to mitigate their impact. There are designated risk management facilitators across the operational sites/units to facilitate and support the Implementation of risk policies and procedures Monitoring of compliance with the risk KPI s Operational risk reporting Use of local data for continuous quality improvement Continued contributions from all staff groups across NHSL, is essential to respond to the many challenges NHSL will face in delivering s a f e a n d e f f e c t i v e c a r e in the years ahead; within the financial constraints delivery of Cash Releasing Efficiency Schemes (CRES) and the impact of integrated Health and Social Care Partnerships. 3. RISK MANAGEMENT RE-ORANISATION Until the 31 st March 2017, the risk management team has been integrated within the Clinical Governance and Risk Management Department with executive leadership and direction provided by the Medical Director for NHSL. The department provides clinical quality, patient safety, quality improvement, research & development and risk management advice, guidance and support to the NHS Board, its managers and staff and was subject to a re-organisation within the year. Effective from 1 st April 2017, the corporate risk management function aligned to corporate governance will be managed within the Chief Executive office, in support of the Board Secretary function. 4. STRATEGY AND FRAMEWORK YEAR Risk Management Strategy Review NHSL has in place an approved Risk Management Strategy with a scheme of delegation. The Strategy has been subject to review in year to reflect the changes resulting from the re-organisation and review of risk appetite and risk tolerance statement. 6

7 The Risk Management Strategy sets-out: risk management guiding principles aims and objectives scheme of delegation implementation of the strategy and framework risk appetite and risk tolerance The Strategy can be accessed through the Risk Management web page. 4.2 Organisational Structure : Risk Management Reporting The accountability and reporting structure for the risk management function is outlined in the risk management strategy, with the CMT having the responsibility to develop, refine, review and oversee the implementation of the Strategy in support of the Board and in collaboration with the Governance Committees. The CMT has a collective responsibility to support and promote risk management across NHSL. The Audit Committee has overall responsibility to evaluate the System of Internal Control and Corporate Governance, including the Risk Management Strategy, Framework and Processes. Core risk management reporting through the year is outlined below: The CMT have received standard monthly risk reports: Corporate Risk Register Report Corporate Policies Report Category 1 Adverse Event Report The agreed schedule of reporting for CMT and onward reporting to the Audit Committee was implemented and included: Quarterly Risk Management Process Compliance Report Quarterly Risk Management Report Annual Review of the Strategy Annual Key Lines of Enquiry Annual Report Any other relevant reports including internal/external audit, Healthcare Improvement Scotland (HIS) Reports 4.3 Electronic Risk Management System: DATIX NHSL continues to use Datix as the electronic Risk Management System, utilising the following modules: Risk Register module Incident recording module Claims module Complaints module PALS module (as a general enquiry line) 7

8 Slips, Trips and Falls Violence/Abuse/Harassment Medication Administration Incident Maternal/Delivery Breach of legislation policies and procedures Staffing Issue Tissue Viability Fetal/Neonatal Incident Accidental Damage/Loss to Belongings/Property Treatment Problems RISK MANAGEMENT ANNUAL REPORT 2016/ Adverse Event Data The adverse event recording process, as with other Health Board areas, is a voluntary recording system dependent on the culture of the organisation and may not represent all adverse events that actually occur, or some types of adverse events may be overly represented. The following table outlines the overall number of incidents recorded for the period 1 st April st March 2017 for Category 1, Category 2 and Category 3 incidents by month. The top ten reported category of incident is occurring across NHSL is set out below:

9 From the category 1 adverse events, 2 never events were confirmed as categorised through the Department of Health: WEB Retained Swab WEB Wrong Site Surgery Slips Trips and Falls and Violence/Abuse/Harassment continue to be the adverse events that are consistently recorded across NHSL and are the top 2 recorded events in numbers. Over the year, the other categories have fluctuated. Clinical adverse event reports were received as part of standing agenda items through the Healthcare Quality Assurance and Improvement Committee (HQAIC) and the Healthcare Quality Assurance and Improvement Steering Group (HQAISG), with reports on staff incidents and patient falls through the Occupational Health Groups. Monitoring of the adverse event data, in particular, Category 1 graded adverse events, highlighted the need for further improvement towards a more effective overall management of adverse events Risk Registers Improvements to the risk register process this year included: Improved assurance and compliance reporting Defining and monitoring of risk tolerance Integrating risk profile, heatmap and stratification of risks into reporting Implementation of risk reporting to all governance committees The Corporate (level 1), Divisional (level 2) and Health and Social Care Partnership (H&SCP) Unit / Clinical Division (level 3) Risk Registers are all directly linked to the 3 primary corporate objectives : Safety, Effectiveness and Person-Centred, within the Datix System and recorded within the Datix system. The CMT members have had access to the updated monthly Corporate Risk Register and have reviewed the very high graded risks and risk tolerance at every meeting, confirming the Register as an appropriate reflection of the risks to the business of NHSL over the annual period. The Divisional and Corporate Services (eg PSSD, ehealth) Risk Registers are reviewed and monitored by their respective management teams. The operating sites/units and corporate services have nominated risk management facilitators, or delegated responsibility through existing job profiles to oversee the management of the risk registers directly linked to their management team business. 9

10 LIKELIHOOD RISK MANAGEMENT ANNUAL REPORT 2016/ NHSL Risk Profile The table below outlines the changing NHSL risk profile from 1 st March 2016 to 31 st March 2017, noting the overall fluctuation in number of risks; proportionately, the increasing number of high graded risks Very High High Medium Low As at the end of March 2017, there was 34 live Corporate Risks, the profile demonstrated in the heatmap by likelihood x impact as below: IMPACT Low Minor Moderate Major Extreme Score Almost Certain 5 1 Likely Possible Unlikely Rare Note the directional arrows indicate the change from the reporting period in Corporate Objectives All risks continue to be aligned to the 3 primary corporate objectives agreed this year as Effective, Person centred, Safe: Low Medium High Very High Totals Effective Person Centred Safe Totals Risk Types 10

11 The 34 risks were further described and set out as risk types below: Low Medium High Very High Totals Business Clinical Reputation Staff Totals The 3 very high graded risks for NHSL as at the end of March 2016 are set out below: ID Title Likelihood x Risk Type Corporate Impact Objective 1412 GP input to sustain current community 4x4 Business Safety hospital clinical model of service 1450 Ability to maintain existing GMP Services 4x4 Business Safety across NHS Lanarkshire 1462 NHSL Ability to realise the required savings within year 2017/18 5x4 Business Effective From the 34 Corporate Risks, the Chief Executive for NHS Lanarkshire remains the Lead for the overall Corporate Risk Register. However, as the Health & Social Care Partnerships were evolving moving towards working within a whole system principle there is an increasing requirement for coownership of a number of risks where all 3 partners (NHSL, North H&SCP and South H&SCP) have a unique role to play in effective mitigation of the risk. As the H&SCP further evolve and mature, risks may migrate between the 3 partners. There are currently five (5) risks that had co-ownership at the end of March 2017: ID Title Risk Level 1412 GP input to sustain Very current community High hospital clinical model of service 1450 Ability to maintain existing GMP Services across NHS Lanarkshire 1025 Reconfiguration of beds for Older Peoples Services 1379 Delayed Discharge Performance and Impact 1389 Service Model Review for OOH Service Very High Risk Corporate Type Objective Business Safety Business Safety Risk Owner NHSL Chief Executive North and South Lanarkshire H&SCP Chief Officers NHSL Chief Executive North and South Lanarkshire H&SCP Chief Officers High Business Effective NHSL Chief Executive North and South Lanarkshire H&SCP Chief Officers High Business Effective NHSL Chief Executive North and South Lanarkshire H&SCP Chief Officers Low Business Effective NHSL Chief Executive North and South Lanarkshire H&SCP Chief Officers 11

12 NHSL has an identified taxonomy of level of organisation risk registers that are defined and assessed using the same matrix and can be escalated and / or descalated dependent on the nature of the risk and effectiveness of mitigation. Level of Risk Register Level 1 Level 2 Level 3 Corporate Risk Register Operating Divisional Risk Register Corporate Support Services Risk Register Acute Hospital Site Risk Register H&SCP Unit Risk Register Service and Function Risk Register Whilst there are three (3) very high graded risks on the Corporate Risk Register, it is reasonable to have very high graded risks at Level 2 or Level1 within the Organisation that can be managed at this level of ownership. Across NHSL, there are a further five (5) very high graded risks identified and overseen by the acute operating divisional management team (Level 2) and reported on through the Corporate Management Team. ID Title Op Div Likelihood x Risk Type Corporate Impact Objectives 1478 Medical Staffing for Acute Operating 4x4 Staff Effective Dermatology Service Division 1408 Ophthalmology Acute Operating 5x4 Clinical Effective Reviews Division 1140 Emergency Medicine Acute Operating 4x5 Clinical Safety Medical Senior Decision Makers Division 1282 Workforce - Medical Acute Operating 5x4 Staff Safety (ED & medical) 1012 Treatment Time Guarantee Division Acute Operating Division 4x4 Clinical Person Centred 4.4 Risk Management Key Performance Indicators (KPIs) Within this year, there was the implementation of the quarterly monitoring and reporting of the agreed set of KPIs. The reports were prepared for the CMT with onwards reporting to the Audit Committee and are set out in the table below: 12

13 Risk Register Adverse Events RISK MANAGEMENT ANNUAL REPORT 2016/17 Key Performance Indicator (KPI s) *Category 1 (extreme) incidents are closed within indicative timescale of 90 days *Category 1 (major) incidents are closed within indicative timescale of 90 days Category 2 (moderate) incidents are closed within indicative timescale of 30 days Category 2 (minor) incidents are closed within indicative timescale of 30 days Category 3 (low/no harm) incidents are closed within the indicative timescale of 10 days All risk should be reviewed within the review date All very high graded risks should be reviewed monthly All individual risks exceeding the assessed level of tolerance will have key actions identified Designated committees and groups receive the risk registers Expected Quarterly Reported Compliance Compliance Jun 16 Sept 16 Dec 16 Mar 17 95% 56% 50% 25% 40% 95% 75% 29% 60% 67% 90% 86% 92% 91% 89% 90% 94% 90% 93% 92% 85% 89% 84% 85% 91% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% as scheduled *note this measure has been recognised as an ineffective measure due to the small numbers and has since been reviewed with a more appropriate measure being developed. The Audit Committee have continuous oversight. 4.5 Training To maintain basic training for individuals, staff are signposted to the learnpro modules for incident recording and verification: learnpro Module Number of Staff Completed Modules for the reporting period April 2016 : March 2017 Incident recording 322 *Incident verification *mandatory training for verifiers Significant Adverse Event Review Currently closed and under review to align with improvement work. There is a standard induction programme for all new staff to NHSL, which includes an introduction to risk management, including incident recording and bespoke sessions are delivered in response to specific needs: Let me Help You Session delivered on Adverse Events to the Infection Prevention and Control Team Overview of risk management presentation to the CPD for Human Resources Senior Managers 4.6 Management of Adverse Events Policy 13

14 The scheduled review for the Management of Adverse Events Policy was completed and launched in May It will be subject to review again through the Quality and Improvement Directorate. 4.7 Management and Improvement of NHSL Corporate Policies There has been continuous monthly monitoring of the KPI : All Policies are Within Review Date by the CMT and quarterly review at the Audit Committee, integral to the compliance reporting. See below effective from August 2016: 5 WORK ACTIVITY FOR YEAR Through re-organisation, improvement work for will have a focus on the monitoring, review and reporting of the risk register framework, with review, developments and improvements to the effective management of adverse events being directed through the Quality and Improvement Directorate. The developments for forthcoming year will focus on: Implementation of the revised risk register policy Implementation of changes to the electronic risk management system, risk register module Monitoring of the application of the risk register policy across NHSL Implementation and monitoring the effectiveness of the change to the risk register matrix Reformatting of risk reports to align with changes to the risk appetite and tolerance approach Review of, and continuous improvement to the format of the risk management process compliance report Continue to provide subject expertise, and work in collaboration with the North and South H&SCP to agree and support a consistent approach to risk register management across the partner agencies Consider an approach to assessing organisation behaviours as a component part of understanding the overall risk culture Annual review of the risk management strategy Audit of the Acute operational risk registers Undertake an annual sense check of the Corporate Risk register with the CMT members 14