Risk Management Strategy

Similar documents
Risk Management Policy

Integrated Risk Management Framework Sept Page 1 of 17

NHS North Somerset Clinical Commissioning Group Risk Management Strategy and Framework

Risk Management Strategy

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

Risk Management Strategy Highland Council Pension Fund

Risk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY

CO14: Risk Management Policy

Policy No. Contact Brian Orpin Version 3.0 Issue Date 28/11/2014 Telephone Review Date IA Date 09/08/2013

RISK MANAGEMENT STRATEGY Version 3

NHS BROMLEY CLINICAL COMMISSIONING GROUP RISK MANAGEMENT STRATEGY

DOCUMENT TYPE: Strategy UNIQUE IDENTIFIER: RMS-01. DOCUMENT TITLE: Risk Management Strategy 2018/2019

Risk Management Strategy

Risk Management Policy. September 2015

Risk Management Strategy

Risk Management Policy and Strategy

Bournemouth Primary MAT Risk Management Policy

Integrated Risk Management Framework

Reference Check Completed by Joanne Phizacklea.Date 02/02/2017

RISK MANAGEMENT FRAMEWORK

UNIVERSITY OF ABERDEEN RISK MANAGEMENT FRAMEWORK

INTEGRATED RISK MANAGEMENT FRAMEWORK

Risk Management Framework

RISK MANAGEMENT POLICY AND STRATEGY

Risk Management Strategy

Risk Management & Assurance Strategy. Audit Committee. See reference page 38

Risk Management Strategy

INTEGRATED RISK MANAGEMENT FRAMEWORK (STRATEGY AND POLICY)

APPENDIX 1. Transport for the North. Risk Management Strategy

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

Risk Management Framework

RISK MANAGEMENT FRAMEWORK

Appreciative Inquiry Report Welsh Government s Approach to Assessing Equality Impacts of its Budget

Nagement. Revenue Scotland. Risk Management Framework

Risk Management Policy and Framework

Risk Management Framework

An Introductory Presentation for ECU Staff

RISK MANAGEMENT PROCEDURE GUIDANCE

Risk Management Strategy

CONTROL OF SUBSTANCES HAZARDOUS TO HEALTH

Risk Management Strategy, Policy and Procedure

Risk Management Strategy Draft Copy

Putting Barnsley People First INTEGRATED RISK MANAGEMENT FRAMEWORK

Receipt of Hospitality, Gifts and Inducements. Policy Number: 032 Version: 1.5 Ratified by: Audit Committee 16 Dec 2015 Name of originator/author:

NHS Rotherham Clinical Commissioning Group

M_o_R (2011) Foundation EN exam prep questions

Risk Management Policy

CONTROLLED DOCUMENT. Version Number: 4.1. On: January 2018 Review Date: June 2016 Distribution: Essential Reading for: Information for: 1 of 15

Discussion. Information

Policy and Procedural Documents Development and Management

WRITING OFF BAD DEBT November 2017

Risk Management Policy Adopted by:

RISK MANAGEMENT FRAMEWORK

LONDON BOROUGH OF ENFIELD RISK MANAGEMENT STRATEGY

Scouting Ireland Risk Management Framework

Meeting of Bristol Clinical Commissioning Group Governing Body

PRIME FINANCIAL POLICIES

Audit Committee Annual Report to the Board

RISK REGISTER POLICY AND PROCEDURE

Goodman Group. Risk Management Policy. Risk Management Policy

Risk Management Plan PURPOSE: SCOPE:

NOTTINGHAM CITY HOMES. THE BOARD REPORT OF Ian Rabett Head of Health & Safety 26 November 2015

South Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

INTELLECTUAL PROPERTY POLICY

Organisational-wide Guidelines for the Development and Management of Controlled Documents

Risk Management Framework Policy (incorporating the Risk Management Policy and Strategy)

Policy and Resources Committee 21 March 2017

RISK MANAGEMENT POLICY

Policy (Board Approved)

The Central Bank of Ireland Risk Appetite: A Discussion Paper

Programme Development and Funding Officer

Risk Management Strategy (To be read in conjunction with strategic risk register)

Risk Management Policy. Apollo Hospitals. Risk Management Policy

APPENDIX I: Corporate Risk Register

West Coast District Municipality. Risk Management Policy

NHS HIGHLAND STRATEGIC RISK REGISTER ADULT SOCIAL CARE SERVICES AND CHILDREN S SERVICES

HSC Business Services Organisation Board

Section Defining Risk Management. 11. Principles of Risk Management

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

NATIONAL RISK MANAGEMENT SYSTEM

Risk Management Policy

Risk Management Strategy

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

FINANCE POLICY & PROCEDURE (FPP No.6) POLICY FOR ENTERING INTO SERVICE AGREEMENTS FOR NEW BUSINESS INCLUDING VARIATIONS TO EXISTING AGREEMENTS

RISK MANAGEMENT FRAMEWORK OVERVIEW

Network Rail Limited (the Company ) Terms of Reference. for. The Audit and Risk Committee of the Board

UNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy

Trust Assurance Framework Reviews. (Structure, Engagement and Alignment 2017/18)

British Library Risk Management Policy Framework (2017)

Risk Management Framework. Metallica Minerals Ltd

GRINDROD SOUTH AFRICA//Policy Risk and opportunity governance framework

Approved by: Diocesan Council 17 December 2015

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

PETTY CASH November 2017

BOARD OFFICIAL. Finance and Planning Committee Remit

Title: Budget Management Policy. Reference No: Owner: Author. 005 Finance

Procedure for Accessing Legal Advice. Title: Reference No: Procedure 006. Assistant Chief Officer. First Issued On: January 2017

Risk Management Policy

Risk Management Strategy and Board Assurance Framework

PERSONAL HEALTH BUDGETS TOOLKIT. Learning from the pilot programme

Transcription:

Risk Management Strategy Job title of lead contact: Corporate Services Manager Version number: Version 1 Group responsible for approving Executive Team / Governing Body the document: Date of final approval: 28 th January 2015 Date for review: Q2 FY 2015/16 Page 1 of 24

Version Date Author Status Comment 1 Jan 2015 Emma Reid Draft Final updates in consultation with Director of Corporate Services Contents 1. Introduction 2. Purpose 3. Context 4. Scope 5. Definitions 6. Risk Appetite 7. Ownership and Accountabilities 8. The Risk Management Process 9. Training 10. Performance Management Appendices: Risk Management Framework Appendix 2 Writing Risk Statements (Guidance) Appendix 3 Equality Assessment References: AS/NZS 4360:1999 Australian Standard Risk Management Page 2 of 24

1. Introduction 1.1 NHS Salford Clinical Commissioning Group (Salford CCG) endeavours to provide a Risk Management Strategy that minimises risks to all its stakeholders through a comprehensive system of internal controls whilst providing maximum potential for flexibility, innovation and best practice in the delivery of its strategic programmes. 1.2 Salford CCG Governing Body (GB) seeks to gain assurance that all health services commissioned for the population of Salford are of a good quality and that any known risks to patients, staff and/or the organisation are managed appropriately using a precise method of risk identification, assessment, treatment, monitoring and reporting. 1.3 This Risk Management Strategy has been created as an integral part of Salford CCG s overall Governance arrangements. 1.4 It is intended that by having a systematic and consistent approach to the management of risk, Salford CCG can create an operating environment that enables the organisation and its services to proactively manage identified risks. 1.5 Salford CCG is committed, through its Assurance Framework and Governance structure, to ensuring that risk management forms a key element of its philosophy, practices and business plans, with responsibility for implementation accepted at all levels of the organisation. 1.6 It is recognised by Salford CCG that it is impossible to create a risk free environment, but Salford CCG aspires to empower every employee, contractor and commissioned service provider to proactively consider risk as fundamental part of their daily activities, to ensure that risks are identified, assessed and managed in line with Salford CCG s Risk appetite (See section 6). 2. Purpose 2.1 This Strategy forms part of the overall Risk Management Framework of Salford CCG (see ); it describes Salford CCG s approach to the management of risk at all levels across the organisation, in pursuit of its Vision. 2.2 Specifically, this Risk Management Strategy will help to ensure that: 2.2.1 Appropriate systems and processes, reporting structures and timescales are in place in relation to the management of risk within Salford CCG, 2.2.2 Salford CCG GB is aware of all significant risks that have the potential to affect the achievement of its strategic programmes, 2.2.3 Salford CCG GB is supported in making risk based decisions and allocating resources proportionate to its risk exposure. 2.2.4 Implementation of this strategy will support a cultural shift towards more a risk aware organisation that embraces responsible and calculated risk-taking. Page 3 of 24

3. Context 3.1 This Risk Management Strategy forms part of SALFORD CCG s wider Risk Management Framework which is an element of its overarching Governance arrangements and has been designed to support the achievement of Salford CCG s Vision. 3.2 Governance Structure Page 4 of 24

3.3 Risk Management Framework 3.4 It is important to demonstrate that all risks have a link back to one or more of Salford CCG s strategic programmes as shown below (also at ): Risk Management Framework Risk Assurance Reports Strategic Programmes Work Programmes Projects and Work Streams Actions Strategic Risks Programme Risks Project / Team Risks Risk Management Strategy Delivery Dashboard Performance Related Risks Covalent Corporate Performance Management System (CPMS) January 2015 4. Scope 4.1 This Risk Management Strategy is applicable to; All risks inherent in the business activities of Salford CCG, All staff working for, on behalf of or commissioned to deliver services for Salford CCG, All Salford CCG s Strategies and Policies as well as the daily operations of the organisation. 5. Definitions 5.1 Salford CCG defines risk and risk management in line with the Australia and New Zealand standard as follows; Page 5 of 24

5.2 Risk - the chance of something happening that will have an impact upon objectives. It is measured in terms of likelihood and impact. 5.3 Risk Management Process - the systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying and analysing, evaluating, treating, monitoring and communicating risk. 6. Statement of Risk Appetite 6.1 Salford CCG strives to be a risk embracing organisation which understands the importance of informed risk taking and recognises that there is an element of risk in most if not all of the activities it undertakes as a commissioning organisation. 6.2 Salford CCG determines overall risk scores by assessing the likelihood and potential impact of a risk using the risk scoring matrix described in its Risk Management Framework (RMF), see section 3.4. 6.3 The level of risk Salford CCG is willing to accept is intrinsically linked to each of its strategic programmes and for this reason it has been agreed that the risk appetite should not be prescriptive. 6.4 Salford CCG s willingness to accept a risk will depend on which of the strategic programmes is at risk and the impact that the risk would have, should it materialise. 6.5 This flexible approach is seen as the most appropriate way to allow Salford CCG to make informed decisions for each specific risk exposure. 6.6 Notwithstanding the above and to support the application of this approach in practice, Salford CCG has broadly defined an acceptable risk as one which falls in the low (Green) area of the RMF matrix. However, it is important to note that there may be circumstances when Salford CCG takes the decision to accept an Amber or Red risk where the cost of trying to reducing the risk would outweigh the benefits of doing so. 7. Ownership and Accountabilities 7.1 An integral part of an effective risk management framework is having explicit accountabilities for risk. Every member of staff employed by, working on behalf of or engaged in the activities of Salford CCG has a collective and an individual responsibility for the management of risk within their own remit. With this in mind, every individual should make an effort to familiarise themselves with this Risk Management Strategy and the associated Risk Management Framework. 7.2 Salford CCG Governing Body (GB) 7.2.1 Salford CCG has a duty to assure itself that the organisation has properly identified the risks it faces and that it has appropriate controls in place to manage those risks. The GB is specifically responsible for: Defining the Strategic Programmes of the CCG, Page 6 of 24

7.3 Executive Team Demonstrating leadership, active involvement and support for risk management, Ensuring that there is a structure in place for the effective management of risk throughout the CCG, Reviewing and approving Salford CCG s Risk Management Framework, Agreeing policies and procedures for the management of risk within Salford CCG, Identifying the key strategic risks, evaluating them and ensuring adequate responses are in place and monitored, Deciding whether Salford CCG will use the risk pooling schemes administered by the NHS Litigation Authority or self-insure for some or all of the risks (where discretion is allowed), Monitoring High (Red) risks (risks scoring 16+) via the Risk Assurance Report. 7.3.1 The Executive Team is responsible for compliance with statutory and regulatory duties, operational delivery of all CCG functions and performance management of the objectives of the organisation. It is also specifically responsible for the functions of health, safety and risk, information management and technology (IM&T) including information governance, equality and diversity and health economy resilience. The Executive Team is specifically responsible for: Demonstrating leadership, active involvement and support for risk management, Supporting the Governing Body in Identifying the key strategic risks, evaluating them and ensuring adequate responses are in place and monitored, Reviewing Salford CCG s Risk Management Framework, and providing comments and recommendations to the Governing Body, Ensuring that Salford CCG s Risk Management Strategy is applied consistently throughout the CCG, Monitoring High (Red) risks (risks scoring 16+) via the Risk Assurance Report. Page 7 of 24

7.4 Audit Committee 7.4.1 The Audit committee provides Salford CCG with an independent and objective view of the group s financial systems, financial information and compliance with laws, regulations and directions governing the group in so far as they relate to finance. In addition to this, Salford CCG has delegated the following functions to its Audit Committee: Advise on the establishment and maintenance of effective systems of integrated governance, risk management and internal control, across the whole of the organisation s activities (both clinical and nonclinical), that supports the achievement of the organisation s objectives, Review the implementation and ongoing quality of integrated governance, risk management and internal control, across the whole of NHS Salford s activities (both clinical and non-clinical), Review the effectiveness of Salford CCG s internal controls, CCG Assurance Framework, integrated governance and risk management systems (the CCG audit group shall review the CCG Strategic Risk Register at alternate meetings), Review the adequacy of all risk and control related disclosure statements (in particular the Annual Governance Statement), together with any reports from internal or external audit or other appropriate independent assurances, before making recommendations to the CCG GB, Review the statements to be included in the annual report concerning internal controls and risk management, Review the underlying assurance processes that indicate the degree of the achievement of strategic programme objectives, the effectiveness of the management of significant risks and the appropriateness of the above disclosure statements, Monitor the effectiveness of the internal audit function established by management, which meets mandatory NHS internal Audit Standards and provides appropriate independent assurance to the CCG GB, Monitor and review the quality and effectiveness of Salford CCG s internal audit function in the context of the CCG s overall risk management framework, Request and review reports and positive assurances from directors and managers on the overall arrangements for governance, risk management and internal control, and may request specific reports from individual functions within NHS Salford as they may be appropriate to the overall arrangements. Page 8 of 24

7.5 Chief Accountable Officer 7.5.1 The Chief Accountable Officer has responsibility for having an effective risk management system in place within the organisation, for meeting all statutory requirements and adhering to guidance issued by the Department of Health in respect of Governance. The Chief Accountable Officer is specifically responsible for: Ensuring there is a Risk Management Strategy in place, Ensuring there is an assurance framework meeting best practice standards, that is reviewed at least annually by Salford CCG, Ensuring that Salford CCG keeps an active register which is reviewed at least quarterly by the audit committee, Ensuring that a Risk Management Strategy is in place and in use, that describes how risks are identified, scored, escalated/de-escalated and how the assurance framework is populated. 7.6 Governing Body Chair 7.6.1 The Salford CCG Chair is specifically responsible for: Ensuring that Salford CCG has proper constitutional and governance arrangements in place, Implementing the requirements of Corporate Governance. 7.7 Director of Corporate Services 7.7.1 The Director of Corporate Services is specifically responsible for: Directing systems and processes to support the development of the CCG s corporate performance and risk management functions, organisational competence and cultural change, Directing the development and implementation of a Risk Management Strategy and associated policies and procedures, Leading the organisation in minimising risk wherever possible, whilst remaining in line with the organisation s strategic programmes, 7.8 Head of Planning and Performance 7.8.1 The Head of Planning and Performance is specifically responsible for: Overseeing systems and processes to support the development of the CCG s corporate performance and risk management functions, organisational competence and cultural change, Page 9 of 24

Overseeing effective risk management systems, Overseeing an effective risk register, supported by appropriate systems and processes. 7.9 Corporate Services Manager 7.9.1 The Corporate Services Manager is specifically responsible for: 7.10 Chief Finance Officer Provide specialist Risk Management expertise and support to all Salford CCG staff, Lead on the development, implementation and application of risk management practice in line with Salford CCG s Risk Management Framework, Provide assurance to Salford CCG Governing Body and its wider stakeholders that the organisational approach to Risk Management is aligned to current national guidance and best practice standards. Delivering systems and processes to support the development of the CCG s corporate performance and risk management functions, organisational competence and cultural change, Developing and implementing effective risk management systems, Development and implementation of a Risk Management Strategy and associated policies and procedures, Maintaining effective risk registers, supported by appropriate systems and processes. 7.10.1 The Chief Finance Officer is specifically responsible for: 7.11 Risk Owner Overseeing the robust audit and governance arrangements, leading to propriety in the use of the group s resources. 7.11.1 A Risk Owner is the person allocated to support the Risk Sponsor in the day to day risk management activities related to a specific risk. 7.12 Risk Sponsor 7.12.1 A Risk Sponsor is the person with accountability for a specific risk. 7.13 All Managers 7.13.1 All Managers within Salford CCG have a responsibility to: Page 10 of 24

Implement the Risk Management Strategy within their own remit, and promote the use of the strategy amongst all staff groups, Ensure that appropriate risk management systems and processes are in place within their remit, Ensure that risks are reviewed by risk owners in a timely manner and in accordance with risk review schedules, Monitor all identified risks, and bring any high risks to the attention of an appropriate member of the Executive Team, Communicate and promote all risk management information and training to all staff, including sub-contractors, visitors and the public, Ensure that appropriate induction and mandatory training is accessed by staff and ensure a record of attendance is made on personnel files. 7.14.2 As described above, managers are responsible for all risks related to their own remit. However, there are also dedicated leads for specific risk areas as follows: Risk Area Corporate Governance Human Resources Risk Health and Safety Information Governance Clinical Risk Financial Risk Senior Information Risk Officer Public Health Risk, Infection, Prevention and Control Commissioning Risk Caldicott Guardian Responsible Lead Head of Corporate Services Head of Corporate Services reporting to Senior Information Risk Officer (Chief Finance Officer) GP Clinical Lead Performance GP Clinical Lead Quality Chief Finance Officer Director of Public Health Director of Commissioning GP Clinical Lead IM&T 7.15 All Staff (including those contracted to work on behalf of Salford CCG) 7.15.1 All Salford CCG Staff and its contractors (including commissioning support staff) are required to: Be responsible for security of Salford CCG s property, avoiding loss, exercising economy and efficiency in using resources and conforming to Standing Orders, Standing Financial Instructions and financial procedures, Page 11 of 24

7.16 Partnership Working Be responsible for attending and maintaining a personal record of induction, mandatory and relevant education and training events in relation to Risk Management, Seek to understand Salford CCG s Risk Management Strategy and to apply its principles in practice, Participate in the risk management process, including risk assessment within their own area of work, Notify their line manager of any perceived risk which may not have been assessed. 7.16.1 Salford CCG is committed to the continuing development of partnership working with other health and social care organisations. In commissioning quality services, the organisation needs to be acutely aware of accountability arrangements and the management of risks in partnerships. 7.16.2 When partnership agreements are being developed risk management will be specifically addressed. This will need to incorporate clear lines of accountability and responsibility for staff working across partner organisations. Within the agreement there will be an explicit statement that sets out how the risk management structures and systems of the organisations will link, how decisions will be made and which organisations will lead on the management of specific risks. 7.17 Commissioned Services 7.17.1 Salford CCG commissions health services on behalf of the residents of Salford. The organisation s Governing Body must be informed of and where necessary, consulted on all significant risks that arise from the service level agreements with other healthcare providers. 7.17.2 The failure of a commissioned service to deliver services as Salford would be a significant threat to the achievement of the objectives of the Salford CCG. Therefore risks associated with an SLA must be systematically identified, assessed and analysed in the same way as other risks to the organisation with clear accountabilities defined. Risks associated with SLAs will feature in appropriate risk registers to enable Salford CCG to be fully informed on the risk profile of the organisation. Page 12 of 24

8. The Risk Management Process 8.1 The risk management process adopted by Salford CCG is aligned to the AS/NZS 4360, 1999 Risk Management. Below is an overview of the Risk Management Process: 8.2 In the sections to follow, the Risk Management Process will be explained in the context of Salford CCG s Risk Management Framework. 8.3 Establish the Context 8.3.1 The below shows a one page summary of Salford CCG s Strategic Plan. The Page 13 of 24

Strategic Programmes stated within this plan are used as the basis for Risk Identification within Salford CCG. 8.3.2 Strategic Plan on a page 8.3.3 In addition to the above and in order for Salford CCG to be able to achieve its strategic priorities, it has recognised that it needs to be an Effective Organisation this has been described below. 8.3.4 Support the CCG to deliver its priorities by embedding effective organisational processes. Organisational Development & HR Communications & Engagement Resilience & Business Continuity Risk Management Policy Development Financial Planning & Management Performance Management Asset Management & Estates Equality, Diversity & Human Rights Corporate Support Governance IM&T Sustainability Health & Safety Counter Fraud Page 14 of 24

8.4 Identify Risks 8.4.1 Using the strategic programmes stated within Salford CCG s strategic plan on a page as the focus; strategic risks will be identified during scheduled business planning workshops, as part of the risk based planning process. The outcomes of these planning workshops will be consolidated by the Executive Team to form the basis of a Strategic Risk Register. 8.4.2 During the planning workshops Salford CCG will use PESTLE* analysis to ensure that the organisational environment is scanned appropriately and that a broad scope of potential risk exposures is considered and captured for each of the Strategic Programmes. 8.4.3 *PESTLE stands for - Political, Economic, Sociological, Technological, Legal and Environmental. The term PESTLE has been used regularly over the last 10 years for both strategic planning and risk identification. The Categories used by Salford CCG for risk identification are listed in the table overleaf. 8.4.4 Risk Categories used in PESTLE Risk Category Political Definition Political risks that could have an influence on the regulation of our local health care system, the money available and the priorities for disease management. Environmental Social Information Management and Technology (IM&T) Legal and Compliance Business Process Clinical Environmental risks include ecological and environmental aspects such as weather, climate, and climate change as well as public awareness of the potential impacts of climate change. Social risks would include managing the diverse needs of a population, planning health improvement products, Cultural aspects, community health consciousness, ethnic/religious awareness, population growth rate, age distribution, career attitudes etc. IM&T risks that arise directly from the provision of IM&T. For example, loss of server, systems breakdown. Legal and Compliance risks concern compliance with relevant legislation including Health and Safety, consumer protection, data protection, employment practices and regulatory risks. Business Process risks are those that arise as a result of failures in internal structures, systems, strategies, policies, processes and/or operating procedures. Clinical risks that arise directly from the provision and delivery Page 15 of 24

of quality healthcare. negligence. This includes clinical errors and Financial People Financial risks concerning the effective management and control of the finances of the organisation. This includes funding and grants. People risks are those that concern the recruitment, retention and effective management of an appropriately skilled workforce. 8.4.5 In addition to the cyclical approach to risk identification, and to ensure that the process remains dynamic; Salford CCG will accommodate the identification of new risks as they arise by having an appropriate channel for risk identification and escalation in place. 8.4.6 In identifying risks, it is important to avoid simply stating the converse of the objectives, or Identifying impacts that might arise as a result of the risk. A statement of risk should ideally encompass the cause of the impact and the impact on the objective. For further guidance with writing a risk statement see. 8.5 Assess Risks 8.5.1 Once risks have been identified, appropriately defined and assigned a Risk Owner they will be assessed (by the Risk Owner). This process involves determining the controls already in place, if any (existing controls), assessing the likelihood (chance of risk occurring) and potential impact (what would happen if it did) based on a predetermined scale and calculating the level of risk (risk rating). Salford CCG has opted to use a 5 x 5 risk scoring matrix as indicated in section 3.4. 8.6 Treat Risks 8.6.1 This part of the process involves identifying the range of options for the management (treatment) of the risk, assessing those options and then preparing and implementing appropriate risk control plans. This will be done by the Risk Owner (in consultation with the Risk Sponsor as required). 8.6.2 Salford CCG has a default level of acceptable** risk which is shown in section 3.4 as the GREEN area on the risk scoring matrix. As part of this process Salford CCG will consider the following 4 risk treatment options (known as the 4 Ts): Tolerate (accept the risk without further controls) Terminate (avoid or withdraw from activity causing risk) Treat (put controls in place to reduce the risk) Transfer (or share by way of insurance or contract) Page 16 of 24

** An acceptable risk is one that the CCG feels it can tolerate without any further control measures. Acceptable risks will be monitored as per the schedule described in the Risk Management Framework. 8.7 Monitor and Review 8.7.1 In order for any Risk Management Process to remain dynamic it is important for Risk Owners to regularly review their risks to ensure that changing circumstances do not alter risk management priorities. It is important to monitor the risk environment, review the risk scores and assess the suitability and success / failure of risk control plans at regular intervals to ensure it remains fit for purpose. Salford CCG follows a review schedule as outlined in its Risk Management Framework (). 8.7.2 The review schedule should not be confused with the risk reporting schedule which is also detailed in the Risk Management Framework (Appendix 1). 8.8 Communicate and Consult 8.8.1 Salford CCG will communicate and consult on the nature and extent of its strategic risks through a periodic schedule of reporting as in its Risk Management Framework (). 8.8.2 Salford CCG will use Covalent Software s Corporate Performance Management System (CPMS) to record and report information relating to risks across the CCG. 9. Training 9.1 To ensure the successful communication and implementation of this strategy all staff working for or on behalf of Salford CCG will receive risk management training relevant to their role and responsibilities within the organisation. Specific Training and Awareness events should include: Risk Management Strategy Walkthrough session Risk Identification Workshop will be conducted with Salford CCG GB on an annual basis, Risk Assessment one to ones will be conducted with Risk Owners as and when required, Risk Treatment one to ones will be conducted with Risk Owners as and when required, Risk Management Strategy will be made available on Salford CCG website. Covalent CPMS Training will be conducted as required. Page 17 of 24

10. Performance Management 10.1 Salford CCG will monitor and review its performance in relation to the management of risk through the use of Covalent CPMS as well as overview and scrutiny of the Governing Body, the Executive Team and relevant subcommittees. 10.2 Salford CCG will monitor the effectiveness of its Risk Management arrangements through; CCG Annual Report Annual Governance Statement GB Assurance Framework Risk Management Reports Covalent CPMS reports Risk Registers Internal and External Audit Reports Minutes from related committees and groups Performance Reports Page 18 of 24

Risk Management Framework Risk Management Framework Risk Assurance Reports Strategic Programmes Work Programmes Projects and Work Streams Actions Strategic Risks Programme Risks Project / Team Risks Risk Management Strategy Delivery Dashboard Performance Related Risks Covalent Corporate Performance Management System (CPMS) January 2015 Page 19 of 24

Appendix 2 Writing a Risk Statement (Guidance) Risks vs. Issues Before attempting to write a Risk Statement it is important to understand the difference between a risk and an issue. The Australian Standard for Risk Management AS/NZS 4360:1999 is widely adopted across the NHS. In this Standard, Risk is defined as, The chance of something happening that will have an impact upon objectives. It is measured in terms of consequences and likelihood. The fundamental difference between a risk and an issue is that an issue has already occurred it is affecting your objective at the present time. However, a risk only has the potential to affect your objective but has not yet occurred, hence why we assess the likelihood of a risk occurring. In this respect you can say that a risk could become an issue if it materialises. One of the basic requirements in identifying risk is to describe each one in such a way that it is meaningful to stakeholders who aren t necessarily involved in the management of the risk or who lack subject matter expertise. To that end, it is common practice to describe risks using cause and effect or if, then sentence structures. Cause - Risk Effect Construct Using the Cause-Risk-Effect format to describe risk can be of real benefit in terms of understanding the true nature of your risk exposures. The cause is typically explained as the source of the risk or the trigger that may enable the right conditions for it to occur. The risk is what may or may not happen as a result of that cause (trigger) and the effect is the impact that the risk would have on the plan or objective, should the risk materialise. Below is an example of a Risk to a software development project: Risk # Cause Risk Effect Risk 01 System Analyst doesn t have experience in medical business software. System Analyst and the customer have difficulty in communicating and understanding. Inception phase will take more than 3 weeks, the customer may become frustrated and the project may be cancelled. Page 20 of 24

If, then, so Construct In the same way as for the cause-risk-effect construct, the If, then, so method enables you to create a risk statement that is meaningful to stakeholders but also aids risk assessment and risk treatment planning. The If part of the sentence should explain the condition(s) that would need to be present in order for the risk to occur. For example, if birth rates continue to increase... The Then part of the sentence should detail the consequence(s) that might occur should the risk occur. For example...then midwifery services will be under increased pressure A useful way of making further sense of your risk is to ask yourself the question, So? See the below example: Risk # If Then So? (What condition(s) would need to be present for the risk to occur?) (What will happen if the condition(s) are present?) (So if the risk does occur, what does this mean for us and our objective?) Risk 02 If the economic crisis continues Then demand for health services will increase So prevention and intervention activities will cease as Primary Care deal with increases in demand Converse Objective Trap When identifying risks, care should be taken to avoid simply stating the reverse of the objectives, or Identifying impacts that might arise as a result of the risk. A statement of risk should ideally include the cause of the impact and the impact on the objective. See the simple example below: Objective: to travel by train from A to B and arrive for a meeting at a specified time. Event Outcome Failure to get from A to B on time for the meeting Not a risk statement: simply the converse of the objective Being late and missing the meeting A statement of the impact of the risk, not a risk itself Page 21 of 24

There is no buffet on the train This has no impact on the achievement of the objective Missing the train causes me to be late and miss the meeting This is a risk that can be controlled by putting in place controls to reduce the likelihood and / or the impact of the risk Severe weather prevents the train from running and getting you to the meeting on time This is a risk that cannot be controlled, but a contingency plan could be developed Risks should be identified at a level where a specific impact can be identified and actions to address the risk can be determined. The most effective way of identifying a risk is to hold a workshop with key stakeholders. This is best done in groups of a manageable size by team, directorate or business area and should be focussed on the risks associated with the team /group s objectives. Writing a Risk Statement A well-constructed Risk Statement will make your subsequent risk management activities (risk assessment and risk treatment) easier. It also makes it easier to explain and report the risks you are managing to your stakeholders and senior management teams. By describing the cause of the risk and the effect it will have on your plan / objective, you are also able to think more clearly about how you could prevent the cause and/or create contingency plans to limit the effect if the risk occurs (risk treatment (control) and contingency planning). There are 4 important things to remember when writing a Risk statement: 1. Write a complete sentence including a cause and an effect. 2. Use the if...then concept to link the cause and effect. Or use words such as, may lead to or may result in to join the two parts. 3. Describe the cause as a condition or set of conditions (triggers) that need to be present for the risk to occur. 4. State the impact on the plan, goal or overall objective under consideration. (Ask yourself so what?) Page 22 of 24

Appendix 3 - Equality Assessment 1. Name of the Policy*: Risk Management Strategy 2014/15 2. Person Responsible: Hannah Dobrowolska 3. What are the main aims of the Policy*? The Risk Management Strategy forms part of the overall Risk Management Framework of Salford CCG; it describes Salford CCG s approach to the management of risk at all levels across the organisation, in pursuit of its Vision, Strategic Aims and Objectives. 4. Is this a strategic document or a major project? 5.a What type of impact is this Policy* likely to have on staff or service users from the following equality groups? Age Carers Disability Ethnicity Gender Gender Reassignment Pregnancy & Maternity Religion & Belief YES HIGH MEDIUM LOW NO ** DON T KNOW Sexual Orientation 5.b Please explain your answer: This is a strategy fundamental to how Salford CCG operates but is an internal managementfocused document and so does not impact directly on the public. It will not have a differential impact on any equality group. If you have answered YES to question 4, and: HIGH impact in 5a - you should move on to a FULL Equality Impact Assessment. MEDIUM / LOW / DON T KNOW in 5a - you should move on to an INITIAL Equality Impact Assessment. If you have answered NO to question 4, and: HIGH / MEDIUM / DON T KNOW in 5a, you should move on to an INITIAL Equality Impact Assessment. LOW impact in 5a, you do not need to complete an Equality Impact Assessment. 6. Based on this screening, please INITIAL FULL NONE indicate if this should proceed to an Initial or Full EIA? 7. Date of EIA Approval: 17/11/2014 Page 23 of 24

* The term Policy in this context is used to cover any of the following: Policy / Procedure / Guidelines / Protocol / Service / Practice / Project / or Strategy ** The Risk Management Strategy is a strategic document. However, this revision is an interim document and so is not subject to the usual processes. A full revision of the strategy will be completed in Q2 FY 2015/16. Page 24 of 24

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback