RISK MANAGEMENT POLICY

Transcription

1 RISK MANAGEMENT POLICY Lead executive director: John Brouder, Chief Executive Lead executive director sign off prior to the approval process: Signature: Date of sign off by lead executive director: Name of originator / author and job title: Bridget Tustin, Head of Risk Assurance Approved by: Executive management team Approval date: Implementation date: Review date: 2 Years Date equality impact assessment carried out: Policy No: TW/GO0028/v003 Page 1 of 26

2 Document Control Sheet Policy title Policy number Assurance statement Risk Management Policy TW/GO0028/v003 The establishment of effective risk management is recognised as being fundamental in ensuring good governance. Target audience (policy All staff relevant to) Links to other policies Fire safety policy Infection control policy Human resources policies Information security and access control policy Health and safety policy Discharge policy Records management strategy Control of substances hazardous to health policy Display Screen Equipment (DSE) Policy Major incident policy Serious incident policy Incident reporting policy Compliments, Comments, Concerns and Complaints policy Claims policy Safeguarding adults policy Safeguarding children policy Clinical Risk Assessment and Management Policy VIP Visits Procedure Policy No: TW/GO0028/v003 Page 2 of 26

3 Version Control Version Date approved Author(s) v Bridget Tustin EMT Ratified/ Authorised by Date Changes (please identify page no.) Policy No: TW/GO0028/v003 Page 3 of 26

4 Contents Section Page 1. Introduction 5 2. Aims and objectives 5 3. Definitions 6 4. Roles and responsibilities Process for assessing all types of risk Risk management tools Risk register and BAF Format Process for the management of risk locally Timings of review of risks Performance monitoring and key performance Indicators in relation to risk Training arrangements Monitoring arrangements Implementation process Training Equality statement 15 Appendix 1 Risk management standard 16 Appendix 2 Risk matrix 17 Appendix 3 - Risk management process chart 19 Appendix 4 - Monitoring table 20 Stakeholder form 21 Equality Impact Assessment (EqIA) Approval Checklist 24 EMT approval checklist 25 Policy No: TW/GO0028/v003 Page 4 of 26

5 1. Introduction The establishment of effective risk management is recognised as being fundamental in ensuring good governance. Thus, these arrangements should be endorsed and up-held by the Trust Board, Quality and Safety Committee, Executive Management Team, Audit Committee and the integrated care directorate leadership teams through the implementation of cyclical risk management and risk based board reporting and monitoring regimes. These arrangements should be both proportionate whilst being suitably robust and transparent, underpinning the production of the annual statement of internal control. Risk management is the process by which an organisation identifies risks, assesses their relative importance, determines the appropriate risk control mechanism and assures the agreed action is taken. The Trust has a legal requirement to give assurance that risks in the organisation are identified and appropriately managed. North East London Foundation Trust (NELFT) is committed to the achievement of its vision and supporting the achievement of its core objectives. In doing so, the Trust realises that it will face all manner of business risks. Business risk is regarded as a quantifiable level of exposure to the threat of an event or action that will adversely affect an organisation s ability to achieve its objectives successfully. In simple terms risk is uncertainty. The task of risk management is to effectively respond to these risks so as to maximise the likelihood of the organisation achieving its purposes and in doing so ensure the best use of resources. These business risks can be associated with both clinical and non-clinical activities and processes. 2. Aims and objectives The NHS Constitution safeguards the enduring principles and values of the NHS; it sets out the rights to which patients, public and staff are entitled, and pledges which the NHS is committed to achieve. NHS bodies and local authorities are required by law to take account of this Constitution in their decisions and actions; therefore all policy documents should consider and take into account the NHS Constitution pledges NHS Constitution click here The Trust acknowledges the significance of National Health & Clinical Excellence (NICE) guidance. The Trust strives to provide high quality care that consistently improves by taking account of best practice. In order to achieve this, National Health & Clinical Excellence (NICE) Guidance must be disseminated, reviewed and where appropriate, implemented within the Trust. The Trust is therefore committed to ensuring National Health & Clinical Excellence (NICE) Guidance is disseminated, reviewed and where appropriate implemented within the Trust. The following aims and objectives of this policy have been identified; To develop and maintain an organisational culture which promotes the proactive consideration of risk and which places safety alongside other factors in managerial decision making and which fosters learning and development To support managers, at all levels of the organisation, to take risks where the decision to do so is well-informed, and supported by evidence that the benefits of the proposed course of action outweigh the cost To provide a framework for the proactive identification, evaluation, management and monitoring of risks and for providing assurance on the Policy No: TW/GO0028/v003 Page 5 of 26

6 effectiveness of key controls relating to these risks To reduce to acceptable levels, the risks faced by the trust, and all those to whom NELFT owes a duty of care To establish appropriate internal controls and performance management systems to ensure: Integrated information and monitoring systems which provide the intelligence necessary to drive continuous improvements in service quality and to inform the Trust s strategic and operational plans Development of systems for proactive management through analysis of national sources of information, guidance, local trends and audit Compliance with national and local standards and external inspection standards e.g. by the Care Quality Commission (CQC) or equivalent, NHS Litigation Authority and the Health and Safety Executive. Compliance with Department of Health, Monitor and audit standards on internal control, utilising robust sources of both internal and external assurance Appropriate accountabilities and structures to support effective risk management Improvement to quality and patient safety through managing risks the assessment and management of the risks to their brand and reputation, including as a result of their associations with celebrities and major donors. 3. Definitions 3.1 Risk management Risk management can be defined in several ways. The definition, taken from the Australia/New Zealand management standard, initially adopted by the NHS in the late 1990 s and subsequently updated, is provided below:- Risk management is an iterative process consisting of well-defined steps which, when taken in sequence, support better decision making by contributing to a greater insight into risks and their effects. It is a logical and systematic method of establishing a context, identifying, analysing, evaluating, monitoring and communicating risk associated with any activity or functional process in a way that will enable organisations to minimise losses and maximise opportunities (AS/NZS 4360:2004). Appendix 1 shows the cycle of risk management. 3.2 Risk appetite Methods of controlling risks must be balanced in order to support innovation and the imaginative use of resources, especially when it is to achieve substantial benefit. In addition, the Trust may accept some high risks because of the cost of controlling them. As a general principle the Trust will seek to control all highly probable risks which have the potential to: cause significant harm to service users, staff, visitors and other stakeholders; compromise severely the reputation of the Trust have financial consequences that could endanger the Trust s viability jeopardise significantly the Trust s ability to carry out its core purpose threaten the Trust s compliance with law and regulation Policy No: TW/GO0028/v003 Page 6 of 26

7 4. Roles and responsibilities 4.1 Chief executive The chief executive has accountability for ensuring the provision of high quality, safe and effective services within the Trust. As the accountable officer, the chief executive has overall responsibility for ensuring that appropriate and effective systems of risk management and internal control are in place throughout the Trust. The chief executive must ensure that these systems enable the Trust to meet all relevant statutory requirements, and also that the Trust complies with best practice as described by the Department of Health, Monitor, CQC and any other relevant external bodies. 4.2 Executive directors Executive directors are required to assist the chief executive across the full range of risk management responsibility. They share a collective responsibility for ensuring all risks facing the Trust are managed to an acceptable level. Some executive directors may have an additional responsibility as Board leads for the Trust wide monitoring and reviewing of progress against specific targets. All executive directors are expected to ensure that all risks are identified, across the full range of the Trust s activities and are recorded, as necessary and appropriate, on directorate and/or the corporate risk register or the board assurance framework. The executive director of finance has specific responsibility for managing the development and implementation of systems for the management of risks in the areas of finance, information governance and performance. The executive director of human resources and organisation development is responsible for identification and effective management of risks related to the employment of both permanent and temporary personnel, and for the creation and implementation of appropriate workforce training and development strategies. The executive medical director is responsible for the effective management of clinical risk, clinical audit, clinical effectiveness, research and development, medicines management, and all matters pertaining to medical professional conduct. The postholder is also the Trust Caldicott Guardian. The chief nurse and executive director of integrated care (Essex) is responsible for the operational delivery of all community services in Essex and for ensuring that these all meet acceptable standards of quality and safety and for ensuring all associated risks are adequately controlled. The post-holder carries specific responsibility for all matters relating to nursing and allied health professional conduct. The chief nurse and executive director of integrated care (Essex) manages the nursing directorate which includes the quality and patient safety team and is responsible for reporting to the Trust Board on the development and progress of risk management. The executive director integrated care (London) and transformation is responsible for the operational delivery of all mental health services, community health services (London), communications and management of the organisational change process and for ensuring that these all meet acceptable standards of quality and safety and for ensuring all associated risks are adequately controlled. 4.3 Trust Secretary is responsible for the co-ordination, communication and management of the board assurance framework. Policy No: TW/GO0028/v003 Page 7 of 26

8 4.4 Directors All directors are responsible for the implementation of this policy into practice within their service areas and taking appropriate action should any breach of this policy arise. All directors are accountable and have the responsibility to ensure appropriate risk management processes are implemented within their respective areas of authority. Each integrated care director is required to: understand and implement the risk management policy and related policies ensure appropriate and effective risk management processes are in place within their integrated care directorate risk assess all integrated care directorate and service developments including changes to service delivery risk assess changes to service delivery following agreed cost improvement programme ensure that risk assessments, both clinical and non-clinical are undertaken throughout their areas of responsibility. use risk management processes to monitor compliance against the CQC fundamental standards ensuring recommendations/actions from inspections are incorporated that appropriately trained and competent staff are charged with responsibility for undertaking the necessary risk assessments throughout their area of responsibility. 4.5 Assistant Directors All assistant directors have a delegated responsibility for ensuring that this policy is known to all staff and that its requirements are followed by all staff within their area. All directors and leads have a range of responsibilities relating to the implementation of effective governance and risk management arrangements including health and safety, performance management, compliance with risk management standards, and the CQC s fundamental standards or equivalent, and generating and communicating assurance or exceptions where necessary. Each director/lead is required to ensure: that appropriate and effective risk management processes are in place within their designated area(s) and scope of responsibility as per this policy and related risk management procedural documents a dynamic directorate risk register is maintained that where significant or high risks are identified these are brought to the attention of the locality performance, quality and safety group for inclusion on to the integrated care directorate risk register that all staff are made aware of these risks within their work environment and area aware of their individual responsibilities. 4.6 Associate director of nursing, quality and patient safety The associate director of nursing, quality and patient safety is responsible for ensuring that the risk management process is effectively co-ordinated, managed and communicated to ensure that: the Trust has a comprehensive and dynamic risk register and that integrated care directorate teams understand their accountability and responsibility for managing risks in their areas Policy No: TW/GO0028/v003 Page 8 of 26

9 information relating to risk and patient safety is provided to integrated care directorate leadership teams, performance, quality and safety groups, quality and safety committee and the Trust board and external groups as requested annual risk management awareness training is delivered to board members and senior managers, attendance will be monitored and nonattendance reported and managed via the education and training department 4.7 Operational leads Responsible for: bringing to the attention of their staff the publication of this document providing evidence that the document has been cascaded within their team or department ensuring this document is effectively implemented ensuring that staff have the knowledge and skills to implement the policy and provide training where gaps are identified. Training will be provided following discussion with the training and development department 4.8 Staff Responsible for: adherence to this policy ensuring any training required is attended and kept up to date ensure any competencies required are maintained co-operating with the development and implementation of policies as part of their normal duties and responsibilities identifying the need for a change in policy as a result of becoming aware of changes in practice, changes to statutory requirements, revised professional or clinical standards and local/national directives, and advising their line manager accordingly identifying training needs in respect of policies 4.9 Trust Board The Trust Board is responsible for ensuring that strategies are in place to support the delivery of the Trust s corporate objectives and that assurance is received that objectives are being delivered. The Trust Board is responsible for identifying, reviewing and assessing the risks to the achievement of the corporate objectives and receiving assurance that these are being controlled. The Board Assurance Framework (BAF) supports this process and underpins the Statement of Internal Control Audit committee The audit committee is a sub-committee of and accountable to the Trust Board. The committee is responsible for establishing and monitoring an effective system of risk management, internal assurance and control throughout the organisation. The finance and investment committee reports to the audit committee and has the responsibility of providing effective scrutiny of financial matters in accordance with the Trust s standing orders and standing financial instructions. Policy No: TW/GO0028/v003 Page 9 of 26

10 4.11 Quality and safety committee (QSC) The quality and safety committee is a sub-committee of and accountable to the Trust Board. A key function of the committee is to monitor Trust compliance with Care Quality Commission (CQC) Essential Standards of Quality and Safety, or equivalent, and to provide assurance to the Trust Board that all associated risks have been identified are being managed effectively and where appropriate robust action plans are in place. All risks rated at 15 or above, associated with quality and safety are reviewed by this committee via an exception report Authors Responsible for writing the policy, sending out for consultation and making all amendments prior to final sign off Quality and Patient Safety Responsible for: quality checking all documents to ensure both statutory and Trust requirements are met (this is to be carried out via stakeholder consultation) publishing approved/ratified/amended documents on NELFT s internet communicating newly approved/ratified/amended documents to communications for publication in the Trust weekly newsletter 4.14 Communications Publishing an article in the Trust weekly newsletter indicating all newly approved/ratified/amended documents 5. Process for assessing all types of risks 5.1 The parameters for the assessment will need to be established i.e. site, base, unit, service, team, activity, function, staff group or others. These are examined in order to identify the risks which have the potential to obstruct the achievement of that unit s, area s or activity s objectives. 5.2 Risks may be identified proactively, in advance of the risk materialising (through planned risk assessments of environments, projects, processes, or activities) or reactively once an incident or event has occurred, whether through the Trust s own experience or through external warnings, guidance or advice. The consideration of risks and their implications should constitute a formal part of the Trust s objective setting, business planning, service development or project planning, as well as its on-going general management processes and through the continuous review of incidents, complaints and claims. Staff will need to identify the reason for carrying out the risk assessment; this is known as the risk source. 5.3 The potential of a risk to cause damage, harm or loss is estimated by considering the likelihood of it materialising and the significance of the consequences if it does. The resulting risk rating facilitates the ranking of each risk relative to other risks. The initial risk rating refers to the risk with no controls in place, whilst the current risk rating refers to the level of risk estimated to be present with the existing controls in place and the target risk rating refers to the acceptable risk level. Policy No: TW/GO0028/v003 Page 10 of 26

11 The Trust s risk assessment matrix is shown in appendix 2 with the risk rating scores being calculated by multiplying the consequence by the likelihood. 5.4 Each risk will be evaluated as part of the assessment process. By evaluating the identified risk the various options to control the risk can be addressed, such as terminating the risk, transferring the risk, treating the risk or tolerating the risk. Treating the risk is by establishing controls, including policies or protocols and other management interventions, whether physical, procedural, systems based, cultural etc. These controls are intended to reduce the likelihood and/or the consequence of a risk materialising. The priority given to the treatment of a risk will depend on its rating (consequence x likelihood). Action plans will be drawn up to address those risks that the Trust consider to be unacceptable its appetite to risk. Such action plans have the aim of reducing the risk rating to an acceptable level and should be clear regarding personal accountability for delivery and the timescale for completion. Action plans will follow the SMART principles. The way in which a particular risk is managed should be proportionate to its potential for damaging or harming the interests of the Trust and its ability to meet its objectives. 5.5 The systematic and structured reporting, escalation and monitoring of risk assessments, the effectiveness of existing controls, and of agreed action plans where shortfalls or weaknesses are discovered, is required. It is essential that the progress of the implementation of any identified action plans are regularly and systematically reviewed at the appropriate level of the organisation in order to monitor the progress and effectiveness of the risk treatment and control. During monitoring, the rating of the risk is re-assessed in the light of progress on the action plan or control that was put in place. Any alteration to proposed completion dates of identified actions needs to be formally discussed and minuted at the appropriate directorate or locality performance, quality and safety group meeting. Any change in the risk rating is updated on the risk register. Evidence should be provided to support the decision making process. This evidence should be uploaded to the risk register entry on the local risk management system, (Datix). The monitoring and review process involves structured reporting and or escalation of issues to higher levels via an exception report e.g. executive director, integrated care directorate director, quality and safety committee or the executive management team. A flow of the review/reporting framework is shown in the risk management process chart, appendix Clinical risk assessment, i.e., the assessment of service users/patients to identify and manage any risk of harm associated with their care needs is a separate issue and should be managed in line with the clinical risk assessment and management policy 6. Risk management tools 6.1 A risk register is a management tool that enables an organisation to understand its comprehensive risk profile (CASU and Risk Register Working Group, 2002). It is a record of all forms of risks that threaten an organisation s success in achieving its objectives and mission. Policy No: TW/GO0028/v003 Page 11 of 26

12 6.2 Each directorate will maintain its own directorate risk register on the local risk management system, (Datix). This includes all risks identified at either a team or directorate level. Directorate risk registers are developed, maintained and managed through a multidisciplinary approach; based on a comprehensive programme of risk assessments of all activities, locations, and services; supplemented by risk-related information from any number of other internal and external sources e.g. from an inspection, audit or self-assessment process. Each directorate risk register as a whole will be discussed and reviewed on a monthly basis at each directorate performance, quality and safety group meeting. Individual risks will be reviewed in line with the flowchart in appendix 3. Items on directorate risk registers with a risk-rating of 15 and above will be submitted, as an exception report to the locality quality and safety group. 6.3 Each integrated care directorate will maintain an operational integrated care directorate high level risk register. This register holds all risks, rated at 15 or above, arising from their directorate risk registers. The integrated care directorate high level risk register is reviewed monthly at locality performance, quality and safety group meeting. It is used by the integrated care director as a key tool of management to ensure the appropriate management of all risks to the integrated care directorate s objectives and to service delivery. Any new risks added to the respective integrated care directorate high level risk register are reported to the quality and safety committee. Any risks that are assessed as carrying a risk rating of 15 or above are also escalated to the executive management team meeting with consideration against the board assurance framework. The executive management team holds responsibility for reviewing, on a quarterly basis, the corporate risk register: this holds all risks, with a current risk rating of 15 or above. 6.4 Each executive director maintains the risk register for the corporate area they are responsible for. The corporate risk registers are reviewed on a monthly basis within each individual corporate team meeting. Any risks that are rated at 15 or above will need to be escalated to the executive management team meeting in consideration against the board assurance framework. 6.5 The board assurance framework (BAF) provides the Trust with a simple but comprehensive method for the effective and focused management of the principle risks to meeting the organisation s objectives. The BAF identifies which of the organisation s objectives may be at risk because of inadequate controls or where the Trust has insufficient assurance that these controls are effective. At the same time it provides structured assurances about where risks are being managed effectively and objectives are being delivered. This allows the Board to determine how to make the most efficient use of resources, with economy of input and effectiveness of output, to address the issues identified and so improve the quality, safety and cost effectiveness of care. The BAF can also usefully include certain risks which are believed to be well controlled, but which have a potential to cause a very high degree of disruption or harm. Policy No: TW/GO0028/v003 Page 12 of 26

13 7. Risk Register and BAF format All risk registers will be managed using the local risk management system providing a web-based tool which allows ease of access and reporting. The local risk management system provides a dynamic record of identified risks, their impact, relevant controls and action plans. All risk registers and the BAF will use the same format, including the following information: Risk owner The person responsible for ensuring the risk is controlled. Delegate risk owner The person responsible for monitoring the controls, gaps in controls and progress of associated action plans. Responsible for updating and data quality of the risk register entry. Source of the risk Source of the risk (including, but not limited to, incident reports, risk assessments, internal and external assessments, internal and external audits. Risk category The type category the risk is primarily related to e.g. health and safety, infection control, patient safety etc. Risk description A description of the risk, including the cause and effect. The risk descriptors must be clear as to the cause and the effect of the risk identified. This can be expressed as if and then. The description should be contained to enable the risk owner and those reviewing the risk to see the implications of the risk. Controls The controls, if any, currently in place to manage the risk. Initial Risk Rating The level of risk with no controls in place. Current Risk Rating The current level of risk, given the controls currently in place and in view of the assurance available. Target Risk The level of risk being aimed at and the point at which the trust has assurance that the risk is adequately controlled. This must be in line with the Trust s risk appetite. Actions Actions identified as part of the risk assessment process as gaps in controls 8. Process for the management of risk locally Risks will be discussed in team meetings and escalated to the appropriate manager for inclusion onto the local risk management system. This appropriate manager will depend upon the rating of the risk, refer to appendix 3. Minutes from the team meeting will provide the evidence for this decision making process. Policy No: TW/GO0028/v003 Page 13 of 26

14 Each directorate will maintain a comprehensive risk register using the local risk management system which will be formally reviewed within the directorate. The directorate performance, quality and safety group and locality performance, quality and safety group will finally approve additions and removal of risks onto the local risk management system according to the rating of the risk please refer to appendix 3. Risks that score 15 and above will be reviewed monthly at the locality performance, quality and safety group. The quality and safety committee will be advised of new risks rated at 15 or above via the monthly exception reports that are completed by the integrated care directors. Risks that affect more than one integrated care directorate will be assigned to an executive lead. The directorates risk registers will be collated to form the Trust risk register. These risks will be combined with the corporate risks thus allowing for a bottom up/top down approach to identifying the Trust s principal risks and informing the BAF. 9. Timings of review of risks The following table sets out the timing and frequency of the various elements of the risk management policy. This is to support the embedding of the policy in the Trust Frequency Annual Quarterly Monthly Day to day Ad hoc Action Risk report to QSC Review of all risks Review of BAF (EMT, board of directors) Review of corporate risks rated at over 15 (EMT) Review of all risks rated 8-12 Review of risks rated 15 and over (locality performance,quality and safety groups) Exception reports to QSC of risks of 15 and above and any other risk QSC needs to be made aware of by health economy Ensure all risks are identified in accordance with the risk management policy (all staff) Reports from internal audit as per audit plan (internal audit) 10. Performance monitoring and key performance indicators in relation to risk The process of risk management is monitored via the committees and groups identified in the policy. Performance is validated via: Internal and external audit Compliance reports Minutes of meetings Policy No: TW/GO0028/v003 Page 14 of 26

15 11. Training arrangements Specific training for identified staff groups will be delivered in line with the current training needs analysis which is available on the Trust s intranet. 12. Monitoring arrangements 12.1 The process of risk management is monitored via the committees and groups identified in the strategy. Performance is validated via: internal and external audit minutes of meetings 12.2 The monitoring arrangements table is shown in appendix Implementation process Staff will be made aware of any new approved policies/procedures/guidelines via the Trust weekly newsletter. Quality and patient safety team will be responsible for ensuring newly approved documents are sent to the communications team in order for them to insert into the Trust weekly newsletter. All senior managers/heads of service/team leaders need to ensure new policies and procedures are placed on team meeting agendas for discussion. There is an expectation that the team leader will develop local systems to ensure their staff are instructed to read all relevant policies and to identify any outstanding training deficits. 14. Training The board will receive annual training on risk management. This training will be co-ordinated by the associate director nursing, patient safety and quality. Training for all staff on risk management will be available via an e-learning package. 15 Equality statement This policy reflects the organisation s determination to ensure that all parts of our community have equality of access to services and that everyone receives a high standard of service as a service user, a carer or employee. This policy anticipates and encompasses the Trust s commitment to prevent discrimination on any illegal or inappropriate basis and recognise and respond to the needs of individuals based on good communication and best practice. We recognise that some groups of the population are more at risk of discrimination or less able to access to services than others and that services can often unintentionally put barriers in place that can limit or prevent access. The organisation is continually working to prevent this from happening. Policy No: TW/GO0028/v003 Page 15 of 26

16 Appendix 1 risk management standard (AS/NZS 4360:2004) Establishing the context Risk assessment Risk identification Communication and consultation Risk analysis Monitoring and review Risk evaluation Risk treatment Policy No: TW/GO0028/v003 Page 16 of 26

17 Likelihood Appendix 2 Risk Matrix Consequence 5.Almost certain (80%+) 4.Very likely (60%-80%) 1. Marginal 2.Minor 3.Moderate 4.Major 5.Significant Likely (40%-60%) Unlikely (20%-40%) Highly unlikely (less than 20%) Risk rating Risk rating Low 1-4 Moderate 5-6 Significant 8-12 High Action required Monitoring of risk, further risk reduction may not be feasible or cost effective, refer to risk appetite Risk reduction required so far as is reasonably practicable, refer to risk appetite Action required so far as is reasonably practicable, refer to risk appetite Immediate action required so far as is reasonably practicable, refer to risk appetite Consequence descriptors Marginal Potential impact on individual/family members, visitor, contractor, staff: negligible, for example- no obvious harm. Number of persons affected: none Potential impact on organisation: no risk to the Trust; no impact on service; no impact on environment Financial impact/complaint/litigation: theft/loss < 1k; complaint unlikely; litigation risk remote; financial impact on service < 100 Peripheral effect upon the objective so impacting in a very minor way upon achievement of a small part of it. Minor Potential impact on individual/family members, visitor, contractor, staff: low; non-permanent harm; first aid; minor injury or illness up to 1 month; increased length of stay or care 1-7 days. Number of persons affected: very few Potential impact on organisation: minimal risk to the Trust; slight impact on service; slight impact on environment Financial impact/complaint/litigation: theft/loss > 1k or <= 5K; complaint possible; litigation < 50k; financial impact on service 100-5k Small but noticeable effect on the objective making it fully achievable only with some minor difficulties or cost Policy No: TW/GO0028/v003 Page 17 of 26

18 Moderate Major Significant Potential impact on individual/family members, visitor, contractor, staff: moderate; semi-permanent harm up to 1 year; increased length of stay/level of care 8-15 days. Number of persons affected: small numbers Potential impact on organisation: some service disruption; potential for adverse publicity avoidable; moderate impact on environment. Financial impact/complaint/litigation: theft/loss 5k- 25K; complaint expected; litigation possible 50k- 500k; financial loss to service 5k- 100k Evident and material effect on objective making it fully achievable with some moderate difficulties or cost Potential impact on individual/family members, visitor, contractor, and staff: severe; permanent harm/injury; permanent incapacity; extensive injuries/increased length of stay/level of care >15 days. Number of persons affected: moderate Potential impact on organisation: service restriction; reputation impact; adverse publicity /media coverage; major impact on environment. Financial impact/complaint/litigation: theft/loss 25k- 200k; complaint expected; litigation 500k - 1m; financial 100k - 5m Considerable effect upon the objective making it difficult/costly to achieve Potential impact on individual/family members, visitor, contractor, staff: death; extensive injuries/ increased length of stay/level of care >15 days. Number of persons affected at one time: > 50 people affected by an event Potential impact on organisation: national media interest; significant damage to reputation; severe loss of confidence in Trust; loss of capability Financial impact/complaint/litigation: theft/loss over 200K; litigation > 1m Financial impact to service > 5m Substantial effect on the objective making it extremely difficult/costly to achieve Policy No: TW/GO0028/v003 Page 18 of 26

19 Appendix 3 Risk management process chart KEY High risks: 15 + Significant risks: 8 to 12 Moderate and low (yellow and green), below 8 High risks - risk identified and assessed. - approved at ICD LPQSG and recorded on register. - ownership of risk and action plan assigned to director -delegated to assistant director level Significant risks - risk identified and assessed. - approved at directorate DPQSG and recorded on register. - ownership of risk and action plan can be assigned to assistant director -delegated to service lead Moderate and low risks - Risk assessed. - approved at directorate DPQSG and recorded on register. - ownership of the risk and action plan devolved to department head or equivalent Risk overseen by executive director and managed by director/assistant director Risk overseen by nominated manager Risks overseen by nominated lead High level risk register Comprises all red risks on register ie those rated 15 and above. Risks are assigned to appropriate level/area for mitigation Director/assistant director reviews new risks and action plans, reviews all red and amber risks and action plans, forwards new red risks to LPQSG High level risks (15+) to QSC monthly via exception report High level risks inform Board Assurance framework review quarterly Annual report from QPS to QSG/QSC Exception report from health economy to QSC monthly. High risks reviewed monthly by owner. Re-graded with evidence on register if rating changes Report to relevant governance group/committee red risks monthly, amber risks at least quarterly Significant risks reviewed at least quarterly by owner. Regraded with evidence on register if level of risk changes, escalated/deescalated/closed etc. if indicated Moderate and low risks reviewed at least annually by owner. Regraded with evidence on register if level of risk changes RISK CLOSED Policy No: TW/GO0028/v003 Page 19 of 26

20 Appendix 4 Monitoring table Element to be monitored Lead Tool Frequency Reporting arrangements Risk policy Bridget Tustin Internal audit Annual As part of the internal audit cycle an annual audit of the risk management processes will give assurance to the board Recommendations Audit committee Learning lessons Recommendations from the audit will form part of an action plan to demonstrate learning Policy No: TW/GO0028/v003 Page 20 of 26

21 Comments received Returned, no comments Not returned Stakeholder form Stakeholder title Date sent to Stakeholders Equality and Diversity Manager Leadership Team Basildon and Brentwood Locality Leadership Team Barking and Dagenham Locality Leadership Team Havering Locality Leadership Team Redbridge Locality Leadership Team Thurrock Locality Leadership Team - Waltham Forest Locality Leadership Team - MHIPAD Compliance Team (QPS) policies@nelft.nhs.uk QPS Team Consultant in Old Age Liaison Psychiatry and Associate Medical Director Stephen.O'Connor@nelft.nhs.uk Associate Director of Human Resources Yvonne.Hood@nelft.nhs.uk Director of Nursing (Clinical Effectiveness Susan.Smyth@nelft.nhs.uk Director of Nursing (Patient Safety, BTUH Health Economy) Diane.Searle@nelft.nhs.uk] Director of Nursing (Patient Experience) Debbie.Smith@nelft.nhs.uk Associate Director of Nursing Quality & Patient Safety Alison.Garrett@nelft.nhs.uk Finance Malcolm.Young@nelft.nhs.uk Performance Graham.Blowes@nelft.nhs.uk Estates Martin.Mizen@nelft.nhs.uk Communication team Communications@nelft.nhs.uk Policy No: TW/GO0028/v003 Page 21 of 26

22 NORTH EAST LONDON FOUNDATION TRUST INITIAL SCREENING EQUALITY IMPACT ASSESSMENT FORM Directorate/Department Name of Policy/Service/Function New or Existing Policy/Service/Function? Corporate Risk Management Policy Existing Name and role of Person completing the EQIA Bridget Tustin, Head of Risk Management Date of Assessment 10 August Does the policy/service/function Promote equality on the basis of: Race, Ethnic origins (including, gypsies and travellers) and Nationality Yes/No What/Where is the Evidence to suggest this? Yes That service users/patients, carers and visitors to NELFT services have access to interpreting and translation services, and information is made available in different languages to inform them of any risk associated with their care. Gender (males and females) No That there are separate in-patient facilities for males and females to ensure dignity and respect, and that there is a choice of clinicians based on gender, as well as when caring out complaints and serious incidents investigation. Age No That specific risk assessments are carried out for slips, trips and falls, pressure ulcers, dementia etc. That there are age specific inpatient facilities. Those assessments are carried out as service users go through the transition from children to adulate services. That staff are trained in safeguarding children and safeguarding adult information. Ensure information is available in large print and in child friendly to raise awareness of risk factors. Religion, Belief or Culture No That the services meet the needs of service users with any religious or belief system, as this support the recovery of patients. Disability mental, physical disability and Learning difficulties Sexual orientation including lesbian, gay and bisexual people No No Married/or in civil partnership No That information is available on how the services manage the risks for people with learning disability such as reviewing access to sites, facilities being available, etc. Also that patients have access to information in different formats, e.g. braille, easy read, large print and audio in all practices of risk management. That the services are aware of bullying and harassment in the workplace of gay and bisexuals and these are addressed through appropriate Trust policies. Policy No: TW/GO0028/v003 Page 22 of 26

23 Pregnant/maternity leave No That assessments are carried out for pregnant service users and staff where applicable in order to minimise risks to these groups of people Transgender reassignment No That services are aware of the risk factors when transgender people are admitted on to inpatient facilities. Information to support clinical staff is available on the Trust Website. 2 Is there any evidence that some groups are affected differently? Is the impact of the policy/guideline Yes Please see above likely to be negative? 3 Is there a need for additional consultation e.g. with external organisations, service Users and carers, or other voluntary sector groups? 4 If you have identified potential discrimination, are any exceptions valid, legal and/or justifiable? 5 Can we reduce the impact by taking different actions? No Yes N/A No, as this is an internal document sharing the draft is not applicable, however a copy of the approved version will be shared with commissioners. Please see above. Currently there is no evidence to suggest that the strategy has an impact on the protected characteristics. Systems are in place to monitor complaints, serious incidents, and incidents by protected characteristics in order to ensure risk is minimised for these groups. Audits of these areas will include monitoring the protected characteristics. Assessor s Name: Bridget Tustin Date: 10 August 2015 Name of Director: John Brouder, Chief Executive This section to be agreed and signed by the Equality and Diversity Manager in agreement with the Equality and Diversity Team Recommendation Full Equality Impact Assessment required: NO Assessment authorised by: Name: Michael Beackon Equality and Diversity Assistant Manager Date: 5 th October 2015 Policy No: TW/GO0028/v003 Page 23 of 26

24 Approval Checklist for the Review and Approval of Policy and Operating Procedures or Guidelines Checklist Yes/No Comments 1 Does your document follow the current template for Policies/Procedures/Guidelines available on the Trust website? 2 Is the title clear has best wording been used in order that staff can locate policy easily? Is this in the correct style and format (Arial font size 11, left justified throughout)? 3 Are all paragraphs and sub-paragraphs numbered? Have bullet points been used appropriately, i.e. only for short lists and not in place of paragraphs? Yes Yes Yes 4 Is the front sheet fully completed? Yes 5 Does it have the correct version number? Yes 6 If this is a clinical adult guideline check to see if listed in Royal Marsden on-line manual. If so can Royal Marsden guideline be used? On-line manual accessed via Trust Intranet 7 CQC Does your policy/procedure/guideline reflect the criteria within the CQC s 5 Key questions - that services deliver Safe, Caring, Responsive, Effective and Well led care? 8 Is the monitoring process clearly described and monitoring table within template complete? 9 Any training aspects of policy/procedure identified? Follow-up procedures listed. 10 Does this document link to any NELFT policies? Are they listed on document control sheet? Not applicable Yes Yes Yes Yes 11 Are the references listed up-to-date and appropriate? Not applicable 12 Have you carried out a robust stakeholder process, ensuring those listed in the template as stakeholders are consulted and is the stakeholder form comment box complete? 13 Is the Equality Impact Assessment tool fully completed, Yes individualised to this document and approved - have you received a signed authorised copy back from Equality and Diversity team? 14 If you have attached appendices are they appropriate, Yes referred to within the document and listed on contents page? 15 Regarding HR policies have they been signed off by the Joint Negotiating Consultative Committee (JNCC) prior to submission to the ratification process? Not applicable 16 Finally have you carried out a final proof-read, checked all spellings and ensured your document is accurate and ready for publication? Yes Yes Policy No: TW/GO0028/v003 Page 24 of 26

25 Approved? Y / N EMT APPROVAL SHEET Policy title: Author: Lead Executive Director approval Risk management policy Bridget Tustin Meeting Date of meeting Chair name and title Signature of Lead Director/ EMT Chair Reason for non-approval EMT John Brouder Y Once the form has been agreed/not agreed for ratification by the Executive Management Team the Trust Secretary should send to policies@nelft.nhs.uk as confirmation of approval Policy No: TW/GO0028/v003 Page 25 of 26

26 Addendum Date Section Change Agreed by Policy No: TW/GO0028/v003 Page 26 of 26