NLG(18)407. DATE OF MEETING 27 November Trust Board of Directors Public. Wendy Booth, Trust Secretary

Transcription

1 NLG(18)407 DATE OF MEETING 27 November 2018 REPORT FOR Trust Board of s Public REPORT FROM Wendy Booth, Trust Secretary CONTACT OFFICER Jeremy Daws, Head of Quality Assurance Kelly Burcham, Head of SUBJECT Board Assurance Framework (BAF) & Strategic Register (SRR) BACKGROUND DOCUMENT (IF ANY) Improving Together Project Scope BAF and Strategic Register PURPOSE OF THE REPORT: For assurance on the actions being taken to manage the Trust s strategic risks EXECUTIVE SUMMARY (PLEASE INCLUDE: A SUMMARY OF THE REPORT, KEY POINTS & / OR ANY RISKS WHICH NEED TO BE BROUGHT TO THE ATTENTION OF THE TRUST BOARD AND ANY MITIGATING ACTIONS, WHERE APPROPRIATE) The Board Assurance Framework (BAF) for November 2018 provides an overview for the Board of the Trust s current strategic risk register alongside controls and assurances. New features included in the November BAF are: Simplified heat map summary view of the strategic risks that impact on the Trust s 3 strategic objectives: o Page 5: Strategic Objective 1: Provide safe, compassionate care o Page 6: Strategic Objective 2: Staff to feel valued and empowered, o Page 7: Strategic Objective 3: To be a partner of choice Following the Board Briefing held in September 2018, the November edition of the BAF includes the current unmitigated risk rating (if current controls where not in place), replacing the initial risk rating when first added, to make it clearer for the Board to determine the effectiveness of current controls in reducing the risk towards the target risk rating. Two new strategic risks are included: o Britain s exit from the EU Brexit [ rating 12] o Data & Cyber Security: Cyber Infrastructure (the risk of being affected by a cyber-attack, despite having adequate protection, given the increasing incidence around the world) [ rating 12] The BAF continues to provide: The Trust s Appetite, Target risk being aimed for any by when, When the risk was first added to the risk register, Rationale for any risk rating movement from previous quarterly reports. In November 2018, the Trust s highest strategic risks are as follows: 1: Mortality Performance [25] 1: Staffing [20] 1: Nurse Staffing [20] 1: Organisational Culture, Systems and Processes [20] 1: Clinical Engagement [20] 1: Water Safety Compliance [20] 1: Capacity & Demand Application to ensure timely access [20] 1: Premises & Engineering Services [20] 1: SOF: Finance [20] 2: Data & Cyber Security: Cyber Infrastructure [16] risk rating reduces during November from a risk rating of 20 to 16. 2: IPC: Hygiene Code [16] 2: IPC: Antimicrobial prescribing [16] 2: Clinical Harm Review [16] 2: SOF: Performance against constitutional targets [16] 2: SOF: Quality [16] 2: Staffing [15] 3: Data & Cyber Security: Data Security & Information Governance [12] risk rating reduces during November from a high risk rating of 15 to a moderate risk rating of 12. Other risk rating movement during November includes: Capacity & Demand: Process reduces from a risk rating of 12 to 8 (the challenges with regard to implementation of capacity and demand remains a high risk (risk 1) with a risk rating of 20.

2 Leadership & Management: Annual Appraisal increases from a risk rating of 9 to 12 given the continued challenges in achieving Trust targets around appraisal rates. The following strategic risks have not been updated in readiness for Trust Board papers deadline: o Development of the digital 2020 strategy, o NHS Information Standard, o Single Oversight Framework: Strategic change, o Single Oversight Framework: Performance against constitutional targets. The Board Assurance Framework is presented in varying levels of detail as follows: Executive Summary Heatmap summary of risks Received by Trust Board to strategic objectives Highest strategic risks Dashboard by sub-committee Dashboard by sub-committee Received by Board Sub- Full detail by sub-committee Committee TRUST BOARD ACTION REQUIRED The Board is asked to: Note the contents of the BAF: o o Note the Heatmap summarising strategic risks affecting the Trust s delivery of its strategic objectives (pages 5-7) and determine if this is a more helpful summary of Trust risks and assurances, or if the previously employed composite risk summary should be used instead, Note the Trust s highest strategic risks and the movement trends over time (pages 8-9). 2 P a g e

3 3 P a g e Trust Secretary Board Assurance Framework (BAF) & Strategic Register November 2018

4 4 P a g e Executive Summary The Trust s Approach to ( Appetite Statement) 2017/18: Executive Summary The Trust s risk appetite for 2017/18 is best described as: The Trust will not accept risks that impact adversely on patient safety and therefore has a greater appetite for financial risk in that they are prepared to take the necessary actions to safeguard safety despite the potential financial consequences and regulatory impact. The Trust also has a greater appetite to take considered risks in pursuit of innovation which may challenge established working practices and may pose a risk to its reputation, where positive gains can be seen. BAF New Features in November 2018: To support understanding of the effectiveness of risk mitigation, within this edition of the BAF, the current unmitigated risk rating is included to demonstrate the risk rating during October 2018, if the controls described where not in place. This is designed to make it clearer for the Board to determine the progress and effectiveness of controls in reducing the risk overt time. This current unmitigated risk rating will be annually rebased to ensure the Board is able to see ongoing progress in mitigation of strategic risks. A simplified heat map summary view of the strategic risks that impact on the Trust s 3 strategic objectives is included as follows: o o o Page 5: Strategic Objective 1: Provide safe, compassionate care Page 6: Strategic Objective 2: Staff to feel valued and empowered, Page 7: Strategic Objective 3: To be a partner of choice Two new strategic risks are included: o Britain s exit from the EU Brexit [ rating 12] o Data & Cyber Security: Cyber Infrastructure (the risk of being affected by a cyber-attack, despite having adequate protection, given the increasing incidence around the world) [ rating 12] Board & Sub-Committee Detail The Trust s Board Assurance Framework is presented in varying levels of detail, as follows: o Executive Summary o Heatmap summary of strategic risks impacting on strategic objectives o Highest Strategic s (>20) o Highest Strategic s (15-20) o Individual Strategic by committee dashboard o Individual Strategic by committee dashboard o Individual Strategic full detail Presented to Trust Board as routine, quarterly updates Presented to Board Sub-Committees [Also available to the Board as appendix, on request]

5 5 P a g e Strategic Objective 1 Heatmap summary: The following heatmap summary presents the strategic risks that impact on the Trust s first strategic priority to provide safe, compassionate care. The heatmap demonstrates the current risk rating of each risk, mapped on to the 5x5 matrix (consequence x likelihood). The heatmap better illustrates the severity of the strategic risks to the Trust s first strategic objective, relating to quality of care. Strategic Objective 1: To Provide Safe, Compassionate Care Strategic Objective 1: To Provide Safe, Compassionate Care Assurances: Last updated: High s: L1 L2 L3 Target Rating & Date: x5 Mortality A A 24-Sep x3 No target date set x4 Water Safety A A A 17-Oct x2 Apr x5 Capacity & Demand - Implementation A A G 09-Oct x3 Mar x4 IPC: Hygiene Code A A 01-Oct x1 Mar x4 IPC: Antimicrobial prescribing A 01-Oct x1 Jun x4 Clinical Harm Review Process A G 01-Oct x2 Mar-19 Key: x3 SOF: Quality A A 19-Oct x2 No target date set High Moderate s: x3 Accreditation: JAG A G 01-Oct x2 Dec-18 Consequence Moderate x3 Patient Administration A 08-Oct x2 Mar x3 Improving Together Programme A A A 13-Nov x2 Dec Low (Minor) x2 Accreditation: Path Links A G 26-Sep x1 Dec x2 Accreditation: Pharmacy Aseptic Unit G G 02-Oct x2 Achieved Likelihood The Trust s highest strategic risks (>20 and 16-20) are summarised on pages 8 and Very Low The Trust s management of its strategic risks is summarised, at committee level, in tabular format, on page 12 (Quality & Safety), page 30 (Workforce), page 42 (Audit, and Governance) and page 49 (Finance & Performance Committee) x2 Capacity & Demand - Process G A G 09-Oct x2 Achieved Linked to the heatmap summary is a focus on the high and moderate rated strategic risks and a summarised view of the assurances available to the risk owners and for assurance, to the Trust Board, summarised by an understanding of the source of assurance (levels 1 3) and RAG rating, driven by the assurance being positive, negative or a mixture of the two. Also presented is the movement of risk ratings since the previous quarters Board Assurance Framework. A blue arrow pointing sideways means this is the same risk rating as presented last quarter, a green downward pointing arrow indicates a reduced risk rating and a red upwards pointing arrow shows an increased risk rating. To further support the Trust Board s understanding of the management of strategic risks is the target risk rating being aimed for (often the level of accepted risk) and the timescale. Those marked as achieved are strategic risks that have been mitigated to their target (accepted) level of risk. Target dates in red demonstrate that the target has passed, and the target risk is therefore overdue.

6 Strategic Objective 2 Heatmap summary: The following heatmap summary presents the strategic risks that impact on the Trust s second strategic priority for our staff to feel valued and empowered. The heatmap demonstrates the current risk rating of each risk, mapped on to the 5x5 matrix (consequence x likelihood). The heatmap better illustrates the severity of the strategic risks to the Trust s second strategic objective, relating to its staff and workforce. Strategic Objective 2: For our Staff to Feel Valued & Empowered Strategic Objective 2: For Our Staff to Feel Valued and Empowered Assurances: Last updated: High s: L1 L2 L3 Target Rating & Date: x5 Staffing: Recruitment & Retention A G A 01-Oct x3 Apr x5 Nurse Staffing A A 16-Oct x3 Apr x5 Organisational Culture, Systems and Processes A A A 02-Oct x2 Mar x5 Clinical Engagement A 19-Oct x2 May-19 Consequence Key: High 8-12 Moderate 4-6 Low (Minor) 1-3 Very Low x3 Staffing: Job planning A 12-Oct x2 Apr-19 Moderate s: x4 Annual Appraisal R R 01-Oct x2 Mar x3 Mandatory Training A R 01-Oct x2 Mar-19 Linked to the heatmap summary is a focus on the high and moderate rated strategic risks and a summarised view of the assurances available to the risk owners and for assurance, to the Trust Board, summarised by an understanding of the source of assurance (levels 1 3) and RAG rating, driven by the assurance being positive, negative or a mixture of the two. Likelihood Also presented is the movement of risk ratings since the previous quarters Board Assurance Framework. A blue arrow pointing sideways means this is the same risk rating as presented last quarter, a green downward pointing arrow indicates a reduced risk rating and a red upwards pointing arrow shows an increased risk rating. The Trust s highest strategic risks (>20 and 16-20) are summarised on pages 8 and 9. The Trust s management of its strategic risks is summarised, at committee level, in tabular format, on page 12 (Quality & Safety), page 30 (Workforce), page 42 (Audit, and Governance) and page 49 (Finance & Performance Committee). To further support the Trust Board s understanding of the management of strategic risks is the target risk rating being aimed for (often the level of accepted risk) and the timescale. Those marked as achieved are strategic risks that have been mitigated to their target (accepted) level of risk. Target dates in red demonstrate that the target has passed, and the target risk is therefore overdue. 6 P a g e

7 Strategic Objective 3 Heatmap summary: The following heatmap summary presents the strategic risks that impact on the Trust s third strategic priority to be a partner of choice. The heatmap demonstrates the current risk rating of each risk, mapped on to the 5x5 matrix (consequence x likelihood). The heatmap better illustrates the severity of the strategic risks to the Trust s third strategic objective, relating to its relationship with partners, stakeholders and regulators. Consequence Strategic Objective 3: To be a Partner of Choice Key: High 8-12 Moderate 4-6 Low (Minor) Strategic Objective 3: To be a Partner of Choice Assurances: Last updated: High s: L1 L2 L3 Target Rating & Date: x4 Premises & Engineering Services A A A 02-Oct x2 Apr x4 Finance and Use of Resources A A 13-Sep x2 Sep x4 Cyber Infrastructure: 1 A G 13-Oct x3 Apr x4 SOF: Operational Performance G A 19-Jul x2 Mar-20 Moderate s: *New* x3 Britain's Exit from the EU 02-Oct x3 Achieved x3 Data Security & Information Governance A G 13-Oct x1 Mar-20 *New* x3 Cyber Infrastructure: 2 A 13-Oct x3 Achieved x3 SOF: Strategic Change G G 19-Jul x2 Apr x2 Business Continuity G G G 03-Oct x2 Achieved x3 Development of the Digital 2020 Strategy G 17-Jul x2 Mar Very Low x3 Sustainability & Transformation Plans (STP) A A 19-Jul x2 Oct Likelihood The Trust s highest strategic risks (>20 and 16-20) are summarised on pages 8 and 9. The Trust s management of its strategic risks is summarised, at committee level, in tabular format, on page 12 (Quality & Safety), page 30 (Workforce), page 42 (Audit, and Governance) and page 49 (Finance & Performance Committee). Linked to the heatmap summary is a focus on the high and moderate rated strategic risks and a summarised view of the assurances available to the risk owners and for assurance, to the Trust Board, summarised by an understanding of the source of assurance (levels 1 3) and RAG rating, driven by the assurance being positive, negative or a mixture of the two. Also presented is the movement of risk ratings since the previous quarters Board Assurance Framework. A blue arrow pointing sideways means this is the same risk rating as presented last quarter, a green downward pointing arrow indicates a reduced risk rating and a red upwards pointing arrow shows an increased risk rating. To further support the Trust Board s understanding of the management of strategic risks is the target risk rating being aimed for (often the level of accepted risk) and the timescale. Those marked as achieved are strategic risks that have been mitigated to their target (accepted) level of risk. Target dates in red demonstrate that the target has passed, and the target risk is therefore overdue. 7 P a g e

8 Trust Strategic Register: HIGHEST RISKS ( Rating >20) The following table presents the Trust s highest strategic risks (those with a risk rating exceeding 20). Overseeing Committee Quality & Safety Workforce SO 2 13-Dec Mortality performance Workforce SO 2 Chief Nurse 29-Dec Nurse Staffing Workforce SO 2 Workforce SO 2 Audit, & Governance Finance & Performance Finance & Performance Finance & Performance Strategic Objective Key points: Lead Date added ID Strategic Title of People & Organisational Effectiveness of Facilities Chief Operating Officer of Facilities of Finance Failure to deliver required clinical improvements and reduce mortality ratio and potential for adverse patient impact TREND TREND TREND TREND TREND CURRENT 2 5 -Ju l Se p Jan A pr Jul N ov-1 8 TOTAL Grading Target Rating DATE Unable to set Current vs target Le ve l 1 Le ve l 2 Le ve l 3 (+16) A Nil A 01-Jun Staffing to delivering the required level of service Apr-19 (+8) A G A 01-Jun Jun Aug-16 Organisational Culture, Systems & Processes 2431 Clinical Engagement 2425 Description of the The risk to the Trust is that we are unable to deliver safe and effective care to our patients and providing the required level of service due to staffing shortages and reliance on temporary staff. There is a risk that organisational culture adversely effects the Trust's ability to continuously focus on quality improvement adversely affecting patient care and the Trust's reputation and relationship with regulatory bodies. Lack of clinical engagement - risk of failure to deliver the required service improvements. Health & Safety: Water of exposure to legionella and other water based pathogens, adverse staff Safety Compliance and patient impact and regulatory action. 17-Jun Capacity & Demand 2: IMPLEMENTATION: The risk is that the available resource (capacity) is not used sufficiently to meet the demand resulting in risks to performance and quality of care. 14-Nov Premises & Insufficient Backlog Maintenance to meet regulatory and other requirements Engineering Services and address issues with an ageing estate. 27-Jul Single Oversight Failure to deliver Financial Improvement Plan and risk of further regulatory Framework: Finance & action and intervention. Use of Resources Unmitigated risk rating (Oct 18) Trending TARGET Rating ASSURANCE Apr-20 (+8) A A Nil Mar-24 (+14) A A A May-19 (+12) A Nil Nil Apr-24 (+10) A A A Mar-19 (+8) A A G Apr-28 (+10) A A A Sep-19 (+10) Nil A A Data and Cyber Security: Cyber Infrastructure: 1: rating has reduced during this quarter, reducing from a risk of 20 to a high risk of 16. Trust Strategic s Highest s The remaining number of high risks rated above 20 has remained the same since the July 2018 edition of the BAF. 8 P a g e

9 Trust Strategic Register: HIGHEST RISKS ( Rating 15-20) The following table presents the Trust s highest strategic risks (those rated as a high risk, risk rating of 15-20). Overseeing Committee Quality & Safety Quality & Safety Quality & Safety Finance & Performance Finance & Performance Quality & Safety Workforce SO 2 Strategic Objective Key points: Lead Date added ID Strategic Title of of 23-Dec Mar Jun Nov Jun Jun Oct Infection, Prevention & Control: Failure to have sufficient suitable Infection Prevention & environmental infrastructure to manage high risk patients in a proactive Control: Hygiene Code manner in particular on the DPOW medical site resulting in increased hospital onset C Difficile infections. Infection Prevention & Infection, Prevention & Control: Inappropriate antimicrobial prescribing Control: Antimicrobial leads to increased risk of hospital acquired infections. Prescribing Clinical Harm Review Process Data & Cyber Security: Cyber Infrastructure The risk is that patients are coming to harm because of delays due to a lack of effective processes. 1: INADEQUATE CONTROLS: Lack of adequate controls to defend the Trust s computer systems when a cyber-attack occurs. of further security breaches and risk of regulatory action. SOF: Performance Failure to achieve performance target. Potential for adverse patient impact against constitutional and loss of STF income. targets Single Oversight Framework: Quality 2420 Staffing Description of the The risk is that the Trust could fail to deliver the quality measures outlined in the Single Oversight Framework which consequently impacts on the provision of quality services and negatively impacts on the Trust s reputation with service users and regulatory bodies Lack of effective job plans to meet service needs and make the necessary clinical improvements. Unmitigated risk rating (Oct 18) TREND TREND TREND TREND TREND CURRENT 2 5 -Ju l Sep Jan A pr Jul N ov-18 TOTAL Grading Target Rating DATE Current vs target Mar-20 (+12) A A Nil Jun-19 (+12) A Nil Nil Mar-19 (+8) A Nil G Apr-19 (+4) A Nil G Update needed Trending TARGET Rating Level 1 Level 2 Level 3 6 Mar-20 (+10) G A Nil TBC by QGG ASSURANCE (+6) A Nil A Apr-19 (+7) Nil A Nil Data and Cyber Security: Cyber Infrastructure: 1: rating has reduced during this quarter, reducing from a risk of 20 to a high risk of 16. Trust Strategic s Highest s Data and Cyber Security: Data Security & Information Governance: rating has reduced during this quarter, reducing from a risk of 15 to a moderate risk of 12. Otherwise, the number of high risks rated between has remained constant since the July 2018 edition of the BAF. 9 P a g e

10 Board Sub-Committee Appendices Board Sub-Committee Appendices: The following appendices are divided by Board Sub-Committee and contain the following details: Strategic (by lead sub-committee) DASHBOARD [showing at a glance summary: lead director, risk description, initial, current and target risk rating and summary of assurances being received]. Strategic (by lead sub-committee) DETAIL [showing full detail: controls, assurances, gaps and mitigating actions in detail]. The order of presentation is as follows: Appendix 1: Strategic by Committee: Quality Quality & Safety Committee & Trust Board: Page 11 Appendix 2: Strategic by Committee: Workforce Committee: Page 29 Appendix 3: Strategic by Committee: Audit, & Governance: Page 41 Appendix 4: Strategic by Committee: Finance & Performance & Trust Board: Page P a g e

11 11 P a g e Board Assurance Framework: Sub-Committee Appendices Appendix 1: Recommendations Strategic By Committee: QUALITY & SAFETY COMMITTEE

12 Strategic Objective 12 P a g e Trust Strategic s: RISK DASHBOARD BY SUB-COMMITTEE: QUALITY (Trust Board, Quality & Safety Committee) Appetite: Low: The Trust will not accept risks that impact adversely on patient safety and therefore has a greater appetite for financial risk in that they are prepared to take the necessary actions to safeguard safety despite the potential financial consequences. The Trust has a low risk appetite concerning the regulatory framework it must operate within. Chief Executive 12-Aug Lead Chief Operating Officer Chief Operating Officer Chief Operating Officer Date added 23-Dec-13 ID Mar Strategic Title Failure to deliver the actions within the Improving Together Programme Improving Together (specifically the CQC compliance actions) and risk of further regulatory Programme (Inc. CQC) action and intervention. Infection, Prevention & Control: Failure to have sufficient suitable Infection Prevention & environmental infrastructure to manage high risk patients in a proactive Control: Hygiene Code manner in particular on the DPOW medical site resulting in increased hospital onset C Difficile infections. Infection Prevention & Infection, Prevention & Control: Inappropriate antimicrobial prescribing Control: Antimicrobial leads to increased risk of hospital acquired infections. Prescribing 30-Apr NICE Guidance Non-compliance with NICE and not delivering care in line with best practice is a risk to patient safety. 03-Jun-15 National Clinical There is a risk of not meeting national deadlines or the submission of nonvalidated clinical data resulting in inaccurate national reporting Audit 01-Jun Patient Safety Alerts of not adequately disseminating critical safety alerts or not acting fully on these alerts leading to adverse staff and patient impact. The risk is that the Trust could fail to deliver the quality measures outlined in 01-Jun-17 Single Oversight the Single Oversight Framework which consequently impacts on the provision 2432 Framework: Quality of quality services and negatively impacts on the Trust s reputation with service users and regulatory bodies Not achieving the required quality standards places the Trust at risk of not 11-Oct Accreditation: (1) JAG achieving accreditation, a loss of income, reputational damage and regulatory action. Not achieving the quality system that complies with ISO:15189 which then 18-Jul-18 Accreditation: (2) 2416 places Path Links at risk of not achieving accreditation by UKAS risk of loss Pathology (Path Links) of income from referred work and reputational damage. 18-Jul Accreditation: (3) Pharmacy Aseptic Units 03-Jun-16 Clinical Harm Review 2401 Process 13-Dec Mortality performance Description of the Not achieving the required quality standards places the Trust at risk of not achieving accreditation, a loss of income, reputational damage and potential regulatory action. The risk is that patients are coming to harm because of delays due to a lack of effective processes. Failure to deliver required clinical improvements and reduce mortality ratio and potential for adverse patient impact Unmitigated risk rating (Oct 18) TREND TREND TREND TREND TREND CURRENT 25-Jul Sep Jan Apr Jul Nov-18 Trending TOTAL Grading Target Rating DATE Current vs target Dec-18 (+4) A A A Mar-20 (+12) A A Nil Jun-19 (+12) A Nil Nil Achieved (+0) A Nil Nil Achieved (+0) A A Nil Sep-18 (+3) A A Nil TBC by QGG Level 1 Level 2 Level 3 (+6) A Nil A Dec-18 (+4) A Nil G Dec-18 (+4) A G Achieved (+0) G G Mar-19 (+8) A Nil G TARGET Rating Unable to set ASSURANCE (+16) A Nil A

13 Key points: The strategic risks remain largely static in terms of risk rating from the previously reported position in July Infection Prevention & Control: Both risks remain high (at 16). Antimicrobial prescribing has seen sustained reduction in the use of carbapenems and the Trust is now in line with peer comparators within the Yorkshire & Humber region, although more work still to do. Adherence to prescribing quality standards remains a challenge and the implementation of e-prescribing which will support review processes is likely to be longer away than first expected. The strategic risk regarding non-compliance with CAS alerts has not yet been mitigated to the target risk being aimed for, September This is going to be a core element of the Patient Safety Group, a sub-group of the Quality Governance Group which is still yet to be established. The strategic risk relating to the Single Oversight Framework: Quality remains a high risk (at 16). This entry has been updated to include the recent CQC visit ratings, the establishment of the Quality Governance Group (QGG), the externally commissioned review of quality governance being received alongside the RCOG review. Mortality performance remains the Trust s highest scoring risk (at 25). The Trust s official SHMI has reduced, but the Trust is still within the higher than expected range of Trusts. The Trust s crude mortality has also reduced over time. The Mortality Improvement Group is now meeting on a monthly basis and has agreed a strategy. 13 P a g e

14 29 P a g e Board Assurance Framework: Sub-Committee Appendices Appendix 2: Recommendations Strategic By Committee: WORKFORCE COMMITTEE

15 Strategic Objective SO 2 SO 2 30 P a g e Trust Strategic s: RISK DASHBOARD BY SUB-COMMITTEE: WORKFORCE (Workforce Committee) Appetite: Low: The Trust will not accept risks that impact adversely on patient safety and therefore has a greater appetite for financial risk in that they are prepared to take the necessary actions to safeguard safety despite the potential financial consequences. The Trust has a low risk appetite concerning the regulatory framework it must operate within. TREND TREND TREND TREND TREND CURRENT 01-Jun Staffing to delivering the required level of service Apr-19 (+8) A G A SO 2 Chief Nurse 29-Dec Nurse Staffing SO 2 SO 2 SO 2 SO 2 Lead of People & Organisational Effectiveness of People & Organisational Effectiveness of People & Organisational Effectiveness Date added 22-Oct Staffing Lack of effective job plans to meet service needs and make the necessary clinical improvements. The risk to the Trust is that we are unable to deliver safe and effective care to our patients and providing the required level of service due to staffing shortages and reliance on temporary staff. Leadership & Failure to ensure staff receive an annual appraisal could impact on 17-Feb Management: Annual knowledge, competency, skill and professional development. Staff may feel appraisal undervalued and are not supported in line with Vision and Values. 17-Feb Jun Jun-17 ID Strategic Title Leadership & Management: Mandatory Training Organisational Culture, Systems & Processes 2431 Clinical Engagement Description of the If staff are not adequately trained in areas deemed mandatory for their role there is a potential risk to staff and patient safety through lack of competency and skills. There is a risk that organisational culture adversely effects the Trust's ability to continuously focus on quality improvement adversely affecting patient care and the Trust's reputation and relationship with regulatory bodies. Lack of clinical engagement - risk of failure to deliver the required service improvements. Key points: staffing remains a high strategic risk (of 20). Some positive indications are emerging such as a reducing vacancy rate, a higher deanery fill rate and improved HEE/GMC staff survey findings. Nurse staffing also remains a high strategic risk (of 20) with some significant challenges at SGH. Despite this wider recruitment during the quarter has led to filling of HCA vacancies, appointment of 15 care navigators and commencement of newly qualified nurses during quarter 3. The New Deal for Nursing continues to progress. Limited progress with mandatory training compliance, although the target has been reduced in line with other Trust s mandatory training target, more work to be initiated to understand the blockages in completing training/padrs both in operational and non-operational areas. PADR s risk rating has increased as a result of the continuing gap between target performance and current reported levels of compliance. Clinical Engagement risk rating remains the same at 20 [high risk] but some improvements seen during this last quarter. However, this still remains a high risk and is critical driver supporting mitigation of other strategic risks. Reflecting the change of focus within the Improving Together programme, this will next quarter be widened out to include engagement in all staff groups not limited to clinicians. Unmitigated risk rating (Oct 18) 25-Jul Sep Jan Apr Jul Nov-18 Trending TOTAL Grading TARGET Rating Target Rating DATE Current vs target Apr-19 (+7) Nil A Nil Apr-20 (+8) A A Nil Mar-19 (+6) R Nil R Mar-19 (+3) A Nil R Mar-24 (+14) A A A May-19 (+12) A Nil Nil Level 1 ASSURANCE Level 2 Level 3

16 41 P a g e Board Assurance Framework: Sub-Committee Appendices Appendix 3: Strategic By Committee: AUDIT, RISK & GOVERNANCE

17 42 P a g e TRUST STRATEGIC RISKS: Dashboard: Trust Sub-Committee: Audit, & Governance (ARG) Appetite: Low: The Trust has a low risk appetite concerning the regulatory framework it must operate within. Strategic Objective Lead Date added ID Strategic Title Description of the Unmitigated risk rating (Oct 18) TREND TREND TREND TREND TREND CURRENT 2 5 -Ju l Se p Jan A pr Jul N ov-1 8 Trending TOTAL Grading TARGET Rating Target Rating DATE Current vs target ASSURANCE Le ve l 1 Le ve l 2 Le ve l 3 of Facilities 22-Aug Health & Safety: Water of exposure to legionella and other water based pathogens, adverse staff Safety Compliance and patient impact and regulatory action Apr-24 (+10) A A A of People & Organisational Effectiveness of People & Organisational Effectiveness 25-Sep Oct Business Continuity Britain s Exit from the European Union ( Brexit ) to business continuity and patient safety through a major system failure, Majax including terrorist attack and other unforeseen incident that causes major disruption to services. s to the Trust following a no-deal exit from the European Union (EU) in March 2019 for access to medicines/medical devices, the workforce and access to some forms of diagnostics Achieved (+0) G G G **NEW** 12 Mar-19 (+0) Nil Nil Nil Key points: Health and Safety: Water safety compliance risk rating as high risk (20) as a result of the need for a cold water tank replacement at SGH, alongside the ongoing scheduled risk assessment work and central logging of hot water temperatures. The Business Continuity risk has been reviewed. The consequence [5 catastrophic] remains the same, and whilst the Trust remains confident in its business continuity arrangements, the likelihood was felt to have increased due to increasing threat levels across the UK to public bodies. The likelihood has therefore been increased to 2 unlikely, resulting in an increased risk rating of 10. As this is likely to remain the norm for public bodies in the UK, the target risk rating has been altered accordingly to represent this increased risk being the new normal. The risk to the Trust following Britain s exit from the EU has been agreed as needing to be added to the Trust s strategic risk register. This is a new addition and will be updated as more information becomes available. The Information Governance risk has moved to Finance & Performance committee, given the close and interrelatedness of this area with the existing Cyber Security strategic risk, also overseen by Finance & Performance committee.

18 48 P a g e Board Assurance Framework: Sub-Committee Appendices Appendix 4: Strategic By Committee: FINANCE & PERFORMANCE

19 49 P a g e TRUST STRATEGIC RISKS: Dashboard: Trust Sub-Committee: Finance & Performance (FPC) Appetite: Moderate: The Trust will not accept risks that impact adversely on patient safety and therefore has a greater appetite for financial risk in that they are prepared to take the necessary actions to safeguard safety despite the potential financial consequences. The Trust also has a greater appetite to take considered risks in pursuit of innovation which may challenge established working practices and may pose a risk to its reputation, where positive gains can be seen. Strategic Objective Lead Date added ID Strategic Title Description of the Unmitigated risk rating (Oct 18) TREND TREND TREND TREND TREND CURRENT 25-Jul Sep Jan Apr Jul Nov-18 Trending TOTAL Grading TARGET Rating Target Rating DATE Current vs target ASSURANCE Level 1 Level 2 Level 3 of of of of Chief Operating Officer of Chief Operating Officer of of Facilities of of of Finance of 02-May Nov Oct Jun Jun Jun Data & Cyber Security: Data Security & Information Governance Data & Cyber Security: Cyber Infrastructure Data & Cyber Security: Cyber Infrastructure 2400 Capacity & Demand 2406 Capacity & Demand Jun Nov Development of the digital 2020 strategy Patient Administration (Inc. CAR) NHS Information Standard of non-compliance with the Information Governance Requirements and therefore compliance with the Data Protection Act 2018 (encompassing the General Data Protection Regulation (GDPR) from May 2018). 1: INADEQUATE CONTROLS: Lack of adequate controls to defend the Trust s computer systems when a cyber-attack occurs. of further security breaches and risk of regulatory action. 2: INCREASED RISK: Inability to provide 100% assurance that the Trust will not suffer a cyber-attack, given the context of increased attacks worldwide. 1: PROCESS: The risk is that the Trust is not clear on what its capacity is or the demands needing to be met resulting in potential mismanagement of available resource. 2: IMPLEMENTATION: The risk is that the available resource (capacity) is not used sufficiently to meet the demand resulting in risks to performance and quality of care. that there is a lack of strategic direction and engagement in digital projects resulting in a failure to deliver improved and innovative systems of care that could lead to patient safety and financial risks. of delay and engagement in implementing the changes to the patient administration structure and arrangements impacting on the delivery of the Trust s waiting list recovery plan and efficiency of the clinical service. of non-compliance with the standards and not meeting statutory obligations Mar-20 (+8) A Nil G Apr-19 (+4) A Nil G **NEW** 12 Achieved (+0) Nil Nil A Achieved (+0) G A G Mar-19 (+8) A A G Update needed 6 Mar-18 (+3) G Nil Nil Mar-19 (+4) A Nil Nil Update needed 2 TBC (+2) A Nil Nil 14-Nov Premises & Insufficient Backlog Maintenance to meet regulatory and other requirements Engineering Services and address issues with an ageing estate Apr-28 (+10) A A A 01-Jun Single Oversight The risk is that without an organisational strategy, services could become Update Framework: Strategic unsustainable and start to fail resulting in uncertainty and ineffective quality needed Change of services. 8 Apr-19 (+4) Nil G G 27-Jul Sustainability & Update Transformation Plans to longer term sustainability of the health & social care system needed (STP) 6 Oct-18 (+3) A A Nil 27-Jul Single Oversight Failure to deliver Financial Improvement Plan and risk of further regulatory Framework: Finance & action and intervention. Use of Resources Sep-19 (+10) Nil A A 01-Jun SOF: Performance Failure to achieve performance target. Potential for adverse patient impact against constitutional and loss of STF income. targets Update needed 6 Mar-20 (+10) G A Nil