Risk Management Strategy Review

Transcription

1 REPORT TO TRUST BOARD 30 May 2013 G Title Risk Management Strategy Review Executive summary The NHS Litigation Authority (NHSLA) requires the Board to review the Risk Management Strategy on an annual basis. Following the success of the Trust s assessment against the NHSLA Risk Management Standards earlier this year, (including a 100% score for the assessment of the Trust s Risk Management Strategy) two minor amendments have been made as follows. Revisions to the graphical representation Risk Management framework have been updated at section 2.4 (function remains unchanged) Modifications to relevant NHSLA self-assessments as appendices Post Quality Assurance Committee an additional sentence has been included in executive director responsibilities to clarify the arrangements for highlighting immediate risks to Trust Board following external reviews. Recommendation The Trust Board is asked to approve adoption of the revised Risk Management Strategy Related Trust objectives Risk and assurance Legal implications/ regulatory requirements Presenter Author(s) We will continuously improve quality and safety, with services shaped from user experience, audit and research. Continued effective Risk Management is critical to the achievement of the IBP Strategic Objectives, continued service delivery and service developments. An effective strategy is a key component required for maintaining unconditional registration with the CQC as well as maintaining NHSLA compliance and underpinning the Trusts FT application. Nil to note Bal Johal, Head of Quality and Professional Practice/ Deputy Chief Nurse Richard Apps, Trust Lead for Corporate Risk Assurance S:\Chief Exec\TB\2013\5 - May\Paper G1 Risk Management Strategy Review (front sheet).docx

2 S:\Chief Exec\TB\2013\5 - May\Paper G1 Risk Management Strategy Review (front sheet).docx

3 Risk Management Strategy Version: Feb 2013 Ratified By : Trust Board Date Ratified: 28 th June 2012 Name of originator/author Richard Apps Trust Lead for Corporate Risk Name of Responsible committee: Date issued for Publication: Assurance Quality Assurance Committee 20 th July 2012 Review Date: April 2013 Expiry Date: June 2013 Target Audience: All LPT Staff NHSLA Risk Management 1.1, 1.3 Standards if applicable: State Relevant CQC Standards:

4 CONTRIBUTION LIST Key individuals involved in developing the document Name Richard Apps Bal Johal Frank Lusk Designation Trust Lead for Corporate Risk Assurance Head of Quality and Professional Practice Director of Corporate Affairs / Trust Secretary Circulated to the following individuals for consultation Name Fern Barrell Helen Wallace Jacqueline Burden Nikki Crust Heidi Scott-Smith Bernadette Keavney Rachel Billsborough Helen Thompson Paul Miller Will Legge Heather Darlow Paul Sherriff All Members Designation Risk Assurance Co-ordinator Standards and Compliance Manager Clinical Governance Lead Adult Mental Health and Learning Disabilities Clinical Governance Lead Families Children and Young People Patient Services and Involvement Manager Health and Safety Manager Divisional Director Community Health Services Divisional Director Families Children and Young People Divisional Director Adult Mental Health and Learning Disabilities Chief Information Officer Clinical Governance Lead Community Health Services Head of Business Development and Programme Management Office Quality Assurance Committee Page 2 of 24

5 LEICESTERSHIRE PARTNERSHIP NHS TRUST RISK MANAGEMENT STRATEGY Statement of Philosophy Leicestershire Partnership NHS Trust (LPT) is committed to ensuring that all services are provided to a high quality and that any risks to service users, staff, stakeholders, the public or the organisation are minimised by a process of identification, assessment, management and where possible elimination of risk. Risk Management will provide a safer environment for staff and service users as well as enabling us to fulfil its corporate objectives. It is recognised that not all risk can be, or should be, avoided or eliminated. In providing health services we acknowledge that the service users have the right to be supported in making decisions to increase their independence and autonomy and we are committed to service user engagement in facilitating improvements in our services. Making difficult decisions is part of everyday practice, Clinical and non-clinical staff will be supported in making such decisions, provided they are made responsibly with reference to relevant good practice. Effective risk management systems and a positive learning environment that enables service change will contribute to improvement in the overall quality and delivery of service user care. We are committed to making risk management a core organisational process. This strategy provides a framework for leadership from Board to Ward and will support effective decision making and ensure that risk management is integral to business planning and service delivery. We consider Risk Management to be the responsibility of everyone in the organisation. The implementation of an effective system will involve the Board and all employees, affect all stakeholders, engage service users. It will be applied to clinical, organisational, financial and commissioning systems and processes. Chairman Chief Executive Page 3 of 24

6 Table of Contents 1. Introduction Approach to Risk Management Risk Management Structure Roles and Responsibilities within the Governance Structure Accountability and delegated responsibility Strategies, Policies, Procedures, and Other Documents Related to Risk Management Implementation of the Risk Management Strategy Training Review of the Strategy Communication Due Regard APPENDIX 1-Risk Responses APPENDIX 2 -GLOSSARY OF TERMS APPENDIX 3 -NHSLA Policy Monitoring Section Page 4 of 24

7 Version Control and Summary of Changes Version number Date Comments (description change and amendments) Version 1 June 2012 Developed for the new organisation. Version 2 Feb 2013 Amendments made to take account of NHSLA criteria s Version 3 May 2013 Annual Review Fig on pg 8 & pg 10 updated Version 4 May 2013 Page 13- External review sentence added and formatting and update of contents page All LPT Policies can be provided in large print or Braille formats, if requested, and an interpreting service is available to individuals of different nationalities who require them. Did you print this document yourself? Please be advised that the Trust discourages the retention of hard copies of policies and can only guarantee that the policy on the Trust website is the most up-to-date version. For further information contact: Risk Assurance Trust Lead Lakeside House Grove Park Enderby Leicester LE19 1SS Page 5 of 24

8 LPT RISK MANAGEMENT STRATEGY 1. Introduction 1.1 This document sets out the Leicestershire Partnership Trust s risk management framework, and aims and objectives for managing risk in order to ensure that a holistic approach is adopted across the organisation. The Risk Management Strategy supports the Trust s Integrated Business Plan and takes account of: The Care Quality Commission (CQC) regulations ISO Risk Management Standards NHS Litigation Authority (NHSLA) risk management standards National Patient Safety Agency (NPSA) recommendations Integrated Governance Handbook ( DOH 2006 Gateway ref:5947) Taking It On Trust (Audit Commission, 2009) Internal Audit Recommendations 1.2 AIM The overall aim of this strategy is to present a clear overview of the Trust s intentions in relation to risk management and to present the approach that has to be taken by all staff to support the establishment, implementation and maintenance of effective risk management across the organisation. More specifically LPT will establish and maintain an effective risk management system which ensures; All staff have a clear understanding of their personal contribution to ensuring the continued provision of safe and effective services for all Risks to the achievement of Strategic Objectives are identified and appropriately managed in order to ensure their achievement Risks that threaten LPTs unconditional registration with the Care Quality Commission are identified and appropriately managed in order to ensure continued registration Appropriate levels of management are aware of risks relevant to their remit, and the actions being taken to reduce risk exposure Divisions are enabled to manage risks within their service and escalate those risks which it is unable to bring under reasonable control Divisions are enabled in creating service-line assurance Assurance on the effectiveness of controls measures and action plans is provided to the Trust Board via its sub committees and other groups within the trusts governance structure 2. Approach to Risk Management 2.1 The Trust s risk management and assurance processes identify the following What the organisation aims to deliver (Objectives) Factors that could prevent the objectives being achieved (Risks) The significance of those risks (Impact) Page 6 of 24

9 Processes in place to manage the risks (Controls) The potential for a risk occurring (Likelihood) i.e. the probability of a single event occurring or the frequency of multiple events occurring repetitively Evidence that appropriate controls are in place and operating effectively (Assurance) Actions required to close any gaps in control or assurance 2.2 The Risk Management Cycle, which incorporates Risk Assessment, is illustrated below at Figure 1.The process begins with establishing the context of the risk, including identifying stakeholders then moves into the three stages of risk assessment identification, Analysis, and Evaluation. Once an assessment of risk is completed a suitable response to that risk must be sought. The final stage in the cycle is to monitor and review progress against the initial risk response and if necessary repeat the cycle to reduce risk further. Throughout all stages of the risk management cycle communication and consultation with the identified stakeholders is crucial to ensuring effective outcomes of the risk response. Establishing the Context Risk Assessment Risk Identification Communication and Consultation Risk Analysis Monitoring and Review Risk Evaluation Risk Response Figure1. The Risk Management Cycle 2.3 The Trust operates within an integrated governance framework which aims to ensure that all of the strands of governance such as financial, clinical and non-clinical, research and management of risk are coherent. The Trusts management and Page 7 of 24

10 assurance arrangements rely on on-going risk management processes which identifies risks; a) To the achievement of the Trust s objectives (Strategic Risks) Each year the Trust board will agree its annual objectives and undertake a threat assessment exercise identifying risks to achieving those objectives. These risks will form the Board Assurance Framework. b) Risks associated / arising out of normal work related activities (Operational Risks) 2.4 Risk Assurance Risks arising out of the delivery of services, both Divisional and Enabling, will be identified, assessed, managed and monitored via the risks management processes described below, these will include the systematic identification of risks associated with unconditional registration with the CQC To ensure that the risk management process is, at all levels, governed with appropriate accountability and probity, risk registers will be maintained and presented for regular scrutiny at the appropriate forum as described in Section 4. These groups retain responsibility for ensuring that risk responses are appropriate and timely. NB: The BAF is composed of the risks to achieving strategic objectives as detailed in the Trust IBP and Annual Plans The figure above shows the risk escalation flows between the Risk Register on the right (Where risks are being continually identified, managed, and escalated through the management hierarchy), and the assurance mechanisms to the left Page 8 of 24

11 (where risks are being reported on for assurance purposes at Board Committees and Exception reporting from the Executive Performance Review process) 2.5 Identifying potential risks to maintaining unconditional registration with the CQC Essential Standards of quality and safety Maintaining unconditional registration with the CQC under the Health and Social Care Act 2008 (Regulated Activities) Regulations 2010 and the Care Quality Commission (Registration) Regulations 2009 is a key requirement for the Trust and as such the trust has integrated its approach to monitoring compliance and noncompliance with the Essential Standards of quality and safety with its risk management model A Risk based self-assessment tool based on local self-assessment enables all care settings to self-assess and demonstrate continued compliance or identify any risks associated with non-compliance with the Essential Standards to identify potential risks to maintaining unconditional registration Following completion of the Risk based tool, all risks of potential noncompliance should be progressed onto divisional risk registers in line with the management and escalation approach for all risks outlined in this strategy Potential risks can be identified by the CQC through their national data triangulation and analysis which is presented in the Quality and Risk Profile (QRP). Where risks are identified in this way action planning will mitigate the risks identified but consideration should be made whether these risks should be entered onto the divisional risk register. 3. Risk Management Structure 3.1 The key component of an effective risk management system is a clearly defined structure that performs a number of key functions. Those functions are: To make explicit the scheme of accountability To make explicit the lines of reporting 3.2 Committee structures are in place within the Trust to support good governance and to ensure that all significant risks are properly considered and, as appropriate, communicated to the Board. The structures have been devised to ensure a coordinated and holistic approach to risk management and to assist in ensuring that risk management activities are integrated across the trust. Page 9 of 24

12 Shadow Council of Governors Trust - - Board Audit & Assurance Committee Remuneration Committee Charitable Funds Committee Quality Assurance Committee Workforce and OD Committee Finance & Performance Committee The Trust Board commissions task and finish groups around specific programmes of work as required. Eg. The Foundation Trust Programme Board 3.3 Divisional Governance Structures are in place in order to facilitate Service-Line Reporting of risk within each Division and act as the conduit for risk management and escalation between each Division and the Trust Board sub-committee Structures. Divisional Risk Management and related performance will be monitored centrally within the Executive Performance Review process. 4. Roles and Responsibilities within the Governance Structure The Terms of Reference of each committee as well as the Trust Boards Standing Orders, Scheme of Delegation and Standing Financial Instructions are available on the intranet at: pdf And Page 10 of 24

13 4.1 Trust Board The Trust Board has the ultimate responsibility for risk management. It needs to be satisfied that appropriate policies and strategies are in place and that systems are functioning effectively. The Board will demonstrate its commitment to risk management through the endorsement of the risk management strategy and associated implementation policies. The Board will receive regular reports on risk management activity within the trust and will also select and consider key indicators capable of showing improvements in risk management and/or providing early warning of risk. e.g. Incident and complaints statistics, progress reports on achieving compliance with the Essential Standards for Quality and Safety. The Trust Board will review the Strategic risks at least three times per year and ensure that the Board Assurance Framework document informs the business planning processes. 4.2 Audit and Assurance Committee This is formally constituted as a Committee of the Trust Board. The Audit and Assurance Committee has a responsibility to provide assurance to the Trust Board that the organisation has systems and processes in place to operate in a manner which demonstrates openness, probity, accountability and those effective internal controls are in place to merit public confidence. 4.3 Quality Assurance Committee (QAC) The QAC shall be the designated board committee with overall responsibility for Risk Management and Assurance. The QAC supports the work of the Board in ensuring a balanced and integrated approach to: Clinical focus, engagement and governance. Patient/stakeholder involvement; Operational and performance management The QAC has the responsibility for ensuring that the Trust has essential components in place to promote effective governance through the development and implementation of a comprehensive system of internal control. The QAC will monitor the treatment of applicable Strategic Risks on the Board Assurance Framework monthly. The QAC will monitor all risks (at whatever level of control escalation) that pose a potential threat to continued registration with the CQC on a monthly basis. The Committee will provide advice regarding tolerable risk and residual risk. The Committee will use the Seven A s test to establish if risk responses are robust. The QAC will receive quarterly risk assurance update reports. Page 11 of 24

14 Serious Incidents will be reported on a monthly basis. 4.4 Finance & Performance Committee (FPC) The purpose of the FPC shall be to ensure the effective scrutiny of financial matters and decisions that the Board has determined should be reserved to the Board. The committee will ensure that financial risks are managed in line with the risk management strategy and trust assurance arrangements. The FPC will monitor the treatment of applicable Strategic Risks on the Board Assurance Framework monthly and will provide advice regarding tolerable risk and residual risk. The Committee will use the Seven A s test (see Appendix 1) to establish if risk responses are robust. Workforce and Organisational Development Committee The WOD will monitor the treatment of applicable Strategic Risks on the Board Assurance Framework monthly and will provide advice regarding tolerable risk and residual risk. The Committee will use the Seven A s test to establish if risk responses are robust. 4.5 The Executive Team The Executive Team will receive monthly risk register reports on all risks at Executive Team management and escalation level and will provide advice regarding tolerable risk and residual risk. The Exec Team will use the Seven A s test to establish if risk responses are robust. Where necessary the Executive Team may recommend operational risks for inclusion on the Board Assurance Framework via the appropriate Board Committee. Any significant risk identified following an external review will be highlighted to Trust Board following receipt of the external report by the relevant Executive Director 4.6 Divisional Risk Management and Assurance Each Division shall seek assurance at the Clinical Governance Group that Divisional level risks are being appropriately managed. The Group will receive from each Divisional Director regular Risk Register Report detailing risks identified together with the proposed risk responses. The group will use the Seven A s test to establish if risk responses are robust and may recommend through highlight reports to the QAC that additional consideration be given where risks are not able to be managed at Divisional level. 4.7 Executive Performance Review Each Division and enabling service subject to the Executive Performance Review process will review risk profiles and where necessary may recommend operational Page 12 of 24

15 risks for inclusion on the Board Assurance Framework via the appropriate Board Committee. 5. Accountability and delegated responsibility The Trust Board gives delegated responsibility to the following individuals in respect of risk management; 5.1 Chief Executive The Chief Executive has overall responsibility and accountability for ensuring that an effective risk management system is in place throughout the Trust, for meeting all statutory requirements and adhering to guidance issued by the Department of Health in respect of risk management and governance. In particular the Chief Executive, supported by the Trust Board, will ensure that arrangements, facilities and adequate resources are made available to effectively implement and maintain the Risk Management Framework. As Accountable Officer the Chief Executive is required to sign an Annual Governance Statement. The content of the Annual Governance Statement is likely to vary from year to year. The Annual Governance Statement is a personal statement by the Chief Executive that the systems and processes are in place to ensure that risks and performance are being appropriately monitored and managed. A key source of information in drafting the Annual Governance Statement will be the Board Assurance Framework. The Annual Governance Statement will be published each year in the public Annual Report of the organisation and will be the subject of scrutiny by the appointed external auditors. 5.2 Chief Nurse The Chief Nurse has delegated responsibility for managing the strategic development and implementation of clinical risk management and clinical governance across the Trust. The Director is also responsible for the management and implementation of patient safety and risk management and ensuring that lessons learnt from complaints, claims, and Serious Incidents (SI s) are disseminated and shared across the organisation in order to improve patient safety and quality. The Director holds responsibility for the development of a strategic approach to risk management and for ensuring that this is operationalised throughout the Trust. 5.3 Director of Corporate Affairs/Trust Secretary The Director of Corporate Affairs / Trust Secretary is accountable for ensuring the Trust Board is informed of the totality of the risks facing delivery of the Trust s strategic objectives. This will be achieved via facilitation of a board led comprehensive annual review of these threats culminating in a Board Assurance Framework. He/She will Page 13 of 24

16 conduct an annual review of risk management activity in the Annual Governance Statement. 5.4 Senior Information Risk Owner The organisation has assigned a senior information risk owner (SIRO) who has the responsibility for providing the Board with details of Information Risk. The Director of Finance and Performance is the SIRO. The SIRO is responsible for: Ensuring that an overall culture exists that values and protects information within the organisation. Owning the organisation s overall information risk policy and risk assessment process, testing its outcome and ensuring that it is used. Advising the chief executive on the information risk aspects of the organisations statement of internal control Owning the organisation s information incident management framework. 5.5 Executives/Directors Executive/Directors have a number of responsibilities in relation to risk management. As members of the Trust Board, they have a corporate responsibility to ensure that the Risk Management Strategy is fit for purpose, that it is implemented effectively and that the controls are in place to illustrate that all reasonable care has been taken to manage risk proactively. Executive Director Leads have been identified for each of the Trust s strategic objectives and are responsible for ensuring that systems are in place to manage risks and provide assurance for all areas within their sphere of responsibility. In addition, Executives/Directors have a delegated responsibility to set clear objectives for managers to secure the implementation of the Risk Management Strategy, to monitor performance against these objectives and to act appropriately on this information. Executive Directors will ensure their management teams maintain appropriate risk registers and establish processes for the overall scrutiny of directorate risk registers, accepting escalation of risks to executive director level where appropriate, and escalating to executive team level where risks cannot be adequately mitigated at executive director level. Risk Management will be incorporated into Executive Performance Reviews of Divisions and Enabling Services in the form of Risk Register Reports for that service. The Executive Directors with delegated responsibility for Risk Management are members of the Executive Team and in this forum will provide the Chief Executive with a briefing of the progress on strategic and operational risk management objectives. 5.6 Non-Executive Directors Page 14 of 24

17 Non-executive Directors have a corporate responsibility to ensure that the Risk Management Strategy is fit for purpose, that it is implemented effectively and that the controls are in place to illustrate that all reasonable care has been taken to manage risk proactively. Non-Executive Directors will Chair Board Committees by appointment. 5.7 Head of Quality and Professional Practice Will ensure that structures and processes are in place to deliver the Risk Management Strategy and to support the establishment of an effective, fully integrated risk management system at both corporate and directorate/departmental levels. 5.8 Trust Lead - Corporate Risk Assurance The Corporate Risk Assurance Lead will support the Director of Corporate Affairs in their duties to provide a Board Assurance Framework by facilitating board threat assessment exercises, providing processes for maintaining the Board Assurance Framework and by conducting an annual review of progress in the form of the annual governance statement. He/She will attend Executive Team meetings and Executive Performance Reviews where necessary to facilitate Risk Management performance and assurance, particularly in relation to Strategic Risks and risks at Executive Director or Executive Team management /escalation level. The Corporate Risk Assurance Lead will provide advice and guidance on risk management issues to the Head of Quality Assurance, the Divisional Directors and to the Trust Board and its sub-committees on new statutory, other legal, and Department of Health requirements as well as provide regular updates on compliance with existing statutory, other legal, and Department of Health requirements pertinent to risk management, assurance, and internal control. He/She will maintain a programme of training for Risk Management and Assurance as an integral part of the Mandatory Training Register maintained by the Academy. The Corporate Risk Assurance Lead will monitor safety issues within the Trust and will advise on all aspects of safety, ensuring the highest possible profile for safety within the organisation. The Corporate Risk Assurance Lead will actively promote a positive safety culture within the organisation and will provide advice and training to managers and staff. They will be accountable for the implementation of the Risk Management Strategy and the establishment of a fully integrated risk management system. 5.9 Risk Assurance Co-ordinator He/She will provide advice, support and training to relevant staff in undertaking risk identification, assessment and response. He/she will maintain the risk register elements of electronic risk management system (Safeguard) ensuring appropriate access permissions are maintained at all times Risk Gate-Keepers Page 15 of 24

18 He/She will act as the link between operational management and the risk management system and will act as Risk Champions within their service area. Effectively checking, verifying and challenging risk assessments for adequacy before adding or editing risks in the electronic risk management system. Will provide risk register reports to operational managers and meetings Health and Safety Advisors The Health and Safety Advisors are responsible for undertaking health and safety audits and providing advice on remedial measures required to ensure an environment of safety for patients, staff, visitors and other stakeholders Local Security Management Specialist The Local Security Management Specialist (LSMS) is responsible for ensuring that the Partnership Trust meets the requirements of the Secretary of State s Directions for Security Management and the requirements of NHS Protect (formerly the NHS Counter Fraud and Security Management Service). The LSMS will advise on actions required to meet current and new security guidance and act as a link to the Police in managing violent and abusive incidents. The LSMS will monitor violence and security incident trends and investigate incidents to ensure that the Trust is taking appropriate action with respect to security related incidents Divisional Directors / Clinical Directors / Heads of Enabling Service Must understand and implement the Risk Management Strategy throughout their designated area(s) of responsibility. They have delegated responsibility for implementation of local risk management processes in line with this strategy, including identification and nomination of sufficient Risk Gate-Keepers for their service, and to ensure the development of specific action plans that demonstrate that an effective risk management process is established. As a minimum, they will: Ensure that all managers and staff receive appropriate training in risk management; attend mandatory training and that they understand their responsibilities in relation to the management of risk and related areas such as Health & Safety. Ensure all necessary risk assessments are undertaken within the directorate/department in liaison with relevant advisors where appropriate and that all identified risks are quantified using the Risk Assessment Guidance. Report immediately to the Executive Director with responsibility for the area/service concerned those risks identified as requiring escalation. The Director will advise on any immediate local action to reduce/prevent the likelihood of an adverse outcome and discuss any subsequent treatment required. The DD / CD / Head of Service and the Executive Director will then consider treatment options and action and develop a treatment plan. Page 16 of 24

19 Ensure that a directorate risk register is created, maintained and regularly reviewed and revised; the directorate Risk Register must inform the business planning process of the Division / Enabling Service. Ensure that risks and control measures are reviewed on a regular basis through the Divisional Governance arrangements and regularly communicated to staff; and inform the Risk Register. Ensure that all incidents are identified, reported, investigated, and managed in accordance with the Incident Reporting and Management Policy General/Service Managers Locality and Service Managers have delegated responsibility for: Managing all risks within their control and developing and implementing appropriate treatment plans, where risks are beyond the control of local management escalating to Divisional Director level. Ensuring implementation of local action plans as directed by the Divisional Directors and for monitoring and investigating incidents occurring within their area of responsibility. Ensuring that staff attend the required training. Ensuring risk assessments are undertaken and that risk management is a standing item on their Locality, Service and relevant meetings agendas Divisional Governance Managers/Professional Leads Divisional Governance Managers / Professional and Clinical Leads have delegated responsibility for: Ensuring that an effective risk management process is established in their area of responsibility and that risks are managed effectively. Implementing the local action plans as directed by the Divisional Directors Monitoring and investigating incidents occurring within their area of responsibility, ensuring that staff attend the required training. Undertaking risk assessments and ensuring that risk management is a standing item on their Service or Departmental meetings agendas Managers with responsibility for service delivery, staff or premises Managers have delegated responsibility for ensuring: Page 17 of 24

20 Staff are aware of their responsibilities for identifying, managing and recording risks and attending appropriate training. Managing all risks within their control and developing and implementing appropriate treatment plans, where risks are beyond the control of local management escalating to Divisional Director level. All staff are made aware of risks within their working environment and about their personal responsibilities in helping manage those risks. Staff are aware how to raise issues of risk management and how those risks are escalated through the organisation. Staff who raise risks receive feedback. Risk assessments are undertaken on all activities in their area (for example, clinical risk assessments and health and safety assessments) and risk action plans produced. All adverse incidents are recorded. Risk assessments are included for all business, service and capital plans. Risk assessments are regularly reviewed and updated. Risks that cannot be controlled and managed locally within existing resources are entered into a risk register process and escalated within the organisation for consideration and debate at an appropriate forum All Staff All employees of the Trust have a responsibility to be risk aware at all times and to recognise their personal responsibility for taking reasonable care for their own health and safety and of that of others who may be affected by their acts or omission at work (Health and Safety Commission, 1992). In addition, all staff are required to: Attend all mandatory training and training specific to the management of risk (records of attendance must be kept and maintained) Be able to identify and assess risk Where it is feasible, initiate action to prevent or reduce risk Ensure that controls are put in place until risk is eliminated completely or reduced to an acceptable level of risk. Monitor the effectiveness of controls. Page 18 of 24

21 Notify line managers immediately if any of the steps from 2-5 above are considered to be outside the capability or control of the individual. Report incidents within the timescale indicated in the Incident Reporting and Management Policy using the incident reporting process prescribed Contractors, Agency and Locum Staff All contractors, agency staff, and locums are expected to work in accordance with the Trust Risk Management Strategy and associated policies. The responsibilities of these staff with regard to Risk Management will be communicated to them via the manager responsible for their engagement. 6. Strategies, Policies, Procedures, and Other Documents Related to Risk Management The management of risk does not take place in isolation and there are a number of key documents that complement the Risk Management Strategy. These include: Trust Incident Reporting Policy Health and Safety Policy Major Incident Plan Standing Financial Instructions and Standing Orders Estates & Facilities Policies Raising Concerns Policy Control of Infection Policies Information Security Policy Fire Safety Policy COSHH Policy DSE Policy Manual Handling Policy Waste Management Policy Medical Devices Alert Procedure Medicines Management Policy Lone Worker Policy Records Management Policy Consent Policy Being Open Policy The documents listed above will be found on the Trust s intranet site. Copies of the Risk Register are held by the Corporate Risk Assurance Lead within an electronic database. 7. Implementation of the Risk Management Strategy 7.1 Implementation, Training and Support Page 19 of 24

22 The Risk Management Strategy and supporting procedures are distributed across the Trust and available on the Intranet with all corporate and clinical policies. Directors and managers have a responsibility to ensure that their staff are aware of these policies and procedures. 8. Training A Generic Training Needs Analysis has been undertaken in respect of Risk Management and can be found in the Mandatory Training Register on the Trust Intranet ( Nov10.pdf), the table below describes training and information relating to the implementation of this strategy as opposed to on-going Risk Management Training. Records of training will be via allocation of competencies to specific job roles as defined above within the Electronic Staff Record and recording of attendance against that competence. Monitoring of compliance with training will be via reports to the Quality Assurance Committee via the effectiveness indicators outlined below and will include a process for following-up of non-attendance by individual line managers (in the case of role-specific training) and Divisions (in the case of induction and mandatory training). 9 Review of the Strategy The Risk Management Strategy will be reviewed annually as a minimum, or when procedural/ legislative or best practice changes occur. 10. Communication This strategy will be made available to staff via the Trust Intranet and to service users and others via the Freedom of Information Act Publication Scheme. 11. Due Regard Leicestershire Partnership Trust (LPT) will carry out Due Regard on new strategies in line with the Equality Act Risk Management is a quality improvement process that seeks to ensure objectives and outcomes are achieved and safety maintained through systematic review of risk scenarios. This strategy has been written and reviewed with due regard to equality and diversity consideration and has been found to be procedural in nature, describing internal systems and processes, therefore a more detailed analysis of due regard would be considered disproportionate to the nature of the strategy. Page 20 of 24

23 12. APPENDIX 1-Risk Responses Risk Response Where risks have been identified one or more options for responding to the risk must be taken; Terminate Avoid the risk by making the likelihood of its occurrence totally impossible (break the links at either point) Tolerate - accept that the effects of the risk are (or have been following treatment) reduced to a reasonably practicable level Transfer involve a 3 rd party to share some degree of risk via contract terms or insurance Treat take ACTION to reduce the overall risk score (weaken the link between cause and risk to reduce LIKELIHOOD, weaken the link between risk and effect to reduce IMPACT) Testing Risk Responses Risk Responses should meet the 7 A s test, they should be; 1) Appropriate in proportion to the level of risk posed 2) Affordable time/money/effort balanced against the risk 3) Actionable within a reasonable timeframe 4) Achievable technically or legally possible 5) Assessed will the risk-level post-action be reduced? 6) Allocated controls and actions must be assigned to a lead 7) Agreed all stakeholders must sign-up to the risk responses Page 21 of 24

24 APPENDIX 2 -GLOSSARY OF TERMS Risk Management/escalation level Strategic Risk Objective Likelihood Severity / Impact Risk Score Control Assurance Risk Response Risk Register Strategy The effect of uncertainty on objectives The level within the management hierarchy at which a risk is currently being managed at / has been escalated to A Risk that has the potential to impact on the Strategic Objectives as defined by the Trust Board An end that can be reasonably achieved within an expected timeframe and with available resources An expression of the potential of an event to occur (indicated by a score of between 1 and 5) An expression of the scale of consequences (indicated by a score of between 1 and 5) The product of Likelihood and Severity (indicated by a score of between 1 and 25) Elements that are currently in place which limit the exposure to risk Methods of reporting / information that gives some indication of the performance of a control in limiting risk exposure Options for dealing with risk (Terminate, Tolerate, Transfer, Treat) A report summarising key elements of one or more risk assessments, usually ranked in descending order of risk score a plan of action designed to achieve a particular goal Page 22 of 24

25 APPENDIX 3 -NHSLA Policy Monitoring Section Criteria Number & Name: 1.1 Risk Management Strategy / 1.3 High Level Risk Committees Duties outlined in this Policy will be evidenced through monitoring of the other minimum requirements Where monitoring identifies any shortfall in compliance the group responsible for the Policy (as identified on the policy cover) shall be responsible for developing and monitoring any action plans to ensure future compliance. Reference Minimum Requirements to be monitored 1.1 (a) the organisation s risk management structure, detailing all those committees and groups which have some responsibility for risk 1.1 (b) how the board or high level risk committee(s) review the organisationwide risk register 1.3 (b) Who the members are, including nominated deputies where appropriate 1.3 (c) How often members must attend Self assessment Section 3.2, page 9 Section pages 9-10 QAC terms of reference QAC terms of reference Process for Monitoring Annual Risk management Report informed by review of : Minutes of meetings Annual Risk management Report informed by review of : Board Assurance Framework Annual Risk management Report informed by review of : QAC meeting minutes Terms of Reference Annual Risk management Report informed by review of : QAC meeting minutes Terms of Reference Responsible Individual / Group Quality Assurance Committee, Audit and Assurance Committee and Trust Board Quality Assurance Committee, Audit and Assurance Committee and Trust Board Quality Assurance Committee, Audit and Assurance Committee and Trust Board Quality Assurance Committee, Audit and Assurance Committee and Trust Board Frequency of monitoring Annually Annually Annually Annually

26 Reference Minimum Requirements to be monitored 1.3 (d) Requirements for a quorum 1.3 (e) How often meetings take place 1.3 (f) Reporting arrangements into the high level risk committees 1.3 (g) Reporting arrangements into the board from the high level risk committees Self assessment QAC terms of reference QAC terms of reference QAC terms of reference QAC terms of reference Process for Monitoring Annual Risk management Report informed by review of : QAC meeting minutes Terms of Reference Annual Risk management Report informed by review of : QAC meeting minutes Terms of Reference Annual Risk management Report informed by review of : QAC meeting minutes Terms of Reference Annual Risk management Report informed by review of : QAC meeting minutes Terms of Reference Responsible Individual / Group Quality Assurance Committee, Audit and Assurance Committee and Trust Board Quality Assurance Committee, Audit and Assurance Committee and Trust Board Quality Assurance Committee, Audit and Assurance Committee and Trust Board Quality Assurance Committee, Audit and Assurance Committee and Trust Board Frequency of monitoring Annually Annually Annually Annually Page 24 of 24