Standard Operational Procedure 1 (SOP 1) Risk Assessment and Risk Register Why we have a procedure? Effective risk management processes enable the Trust to ensure actions are taken to identify areas of risk and strategies to reduce or prevent this. This procedure is to ensure there is a standard approach to Risk Management and Assessment throughout the Trust and that all staff are aware of how risks are escalated, updated and resolved. What overarching policy the procedure links to? Risk Management Policy Which services of the trust does this apply to? Where is it in operation? Inpatients Community Locations Mental Health Services all Learning Disabilities Services all Children and Young People Services all Corporate Services all Who does the procedure apply to? Any member of staff can report a risk to their Team Manager, however, access to the Risk Register Module of the Datix system is restricted to a login access and therefore only identified users can update the system. This ensures the risk register is auditable and controlled. When should the procedure be applied? When identifying and reviewing risks via the Trust risk management system (Datix). How to carry out this procedure All identified risks should be reported using the Datix Risk Register Module. The flow chart below outlines the process: Version 1.0 November 2015 Page 1 of 5 Risk Assessment and Risk Register
Potential Risk is identified following an incident, near miss, identification of a service failure or identification of a failure to meet a service or Trust objective and discussed with the team manager to identify whether the risk is valid. Team Manger inputs details of risk into Datix including initial and target risk ratings and current controls in place. Risk details are to be kept to a brief overview of the risk in a If then format with any further information being added to the background field. Governance Team and Service Managers are notified of the risk via automatic email. Risk is presented to relevant governance meeting for discussion and risk gradings confirmed. Any additional controls and further actions are discussed and the risk is updated. Risk Rated High (red)/ Moderate (amber) ie. cannot be managed wholly by division Risk Rated low (yellow)/ very low (green) i.e. can be managed by division Risk is rejected. Team Manager is notified of reasons for rejection and risk is set to Rejected in Datix and closed by Divisional Governance Team Risk set to Awaiting final approval Risk is updated by appropriate manager (usually service manager). Relevant Sub Committee (as detailed page 3) is assigned as responsible committee (Monitoring). Relevant monthly Divisional Committee / is assigned as committee providing assurance. Risk is updated by Team Manager. Relevant Sub Committee (as detailed page 3) is assigned as responsible committee (monitoring). Relevant monthly Divisional Committee / is assigned as committee providing assurance. Risk is set to Finally approved. Risk is discussed at responsible committee as necessary/ mandated by review dates. Updates are provided on any actions, controls and the current level of risk. If risk is being presented for the first time, risk is set to finally approved. If risk is to be rejected or closed, the process for rejection/ closure is followed (highlighted red). Risk is updated to Trust Wide if necessary Risk is discussed at committee providing assurance as necessary/ mandated by review dates. Updates are provided on any actions, controls and the current level of risk. If risk is to be rejected or closed, the process for rejection/ closure is followed (highlighted red). Risk will also be visible at the responsible committee (monitoring) for information, however, responsible committee (monitoring) are able to update the risk as necessary. Feedback is given to GAU to update Datix Team manager updates Datix to reflect discussion outcomes, last review date and next review date. Risk is reported to committee providing assurance for information and implementation of actions as necessary If risk is no longer applicable or has been effectively mitigated, the reasons for this are updated in Datix and risk can be closed. High/Moderate- Discussion required at bot committees to inform of reasons for closure prior to risk being closed Low/Very low- Discussion needs to be held at committee providing assurance to inform of reasons for closure prior to risk being closed If risk grading changes, risk is updated and follows the process as per the new grading. All risks identified as High(16+) are reported to the Trust Board in the High Level Risk Register (HLRR) for information and monitoring. The Board have the right to update and therefore downgrade any High level risk the same way any other committee can upgrade or downgrade risks. The mitigation for any changes to risk score will be noted in Datix. All risks identified with a link to strategic objectives are reported to the Trust Board in the Board Assurance Framework (BAF). Version 1.0 November 2015 Page 2 of 5 Risk Assessment and Risk Register
What do these terms mean? Datix - Trusts electronic risk management system used for incident reporting, collating of risk assessments and generation of risk registers Risk - An uncertain event or set of events which should it occur, would have an impact on the objectives and/or values of the Trust Incident - Any event or circumstance arising from or during, Trust activities that could have, or did lead to, unintended or unexpected harm, injury, distress, loss or damage to a person or property. This includes suspected suicides, homicides, (both victim and assailant) involving current patients of the Trust and of individuals who were patients of the Trust within 6 months prior to the incident Board Assurance Framework (BAF) - Document to provide assurance to the board that risks with the potential to impact on strategic objectives are being managed appropriately High Level Risk Register (HLRR) - A high level document that outlines all risks graded 16 and above. The HLRR is presented to the Trust Board for monitoring, assurance and action Responsible Committee (Monitoring) - Committee with overall responsibility for the risk. This committee will be responsible for ensuring any actions are being managed appropriately. See below for list of responsible committees: Responsible Committee Responsible For Example of Risks Equality and Diversity Implementation and Breaches of Equality and monitoring of the Equality Diversity Legislation Health and Safety Committee IT Management Board Children s and Adult s Safeguarding Steering Business and Performance Committee Medicines Management Committee Strategy Providing strategic and operational direction on issues relating to health and safety Overseeing all aspects of IT within the organisation Providing strategic and operational direction in relation to safeguarding Developing and implementing the business strategy and associated plans Safe, secure and effective use of medicines within the Trust Environmental issues/ Fire risks/ Issues that may impact upon the health and safety of staff IT failures/ IT procurement/ System issues Safeguarding issues/ Safeguarding training requirements Organisational structure changes/ Business and performance policy development issues Prescribing, dispensing and administration of medication Version 1.0 November 2015 Page 3 of 5 Risk Assessment and Risk Register
Responsible Committee Responsible For Example of Risks Professional Advisory Information Governance Investment Committee Workforce Development Quality and Safety Ensuring high quality care, clinical effectiveness, patient safety and patient experience Implementation and monitoring of Information Governance requirements Financial and commercial investments Implementation and monitoring of the Workforce Strategy Ensuring the quality governance arrangements within the Trust are fit for purpose against regulatory frameworks Patient safety issues/ Clinical care issues/ Changes in professional practice Record keeping/ IG and Data protection breaches Business cases/ Tender submissions/ Financial risks Staffing/ Workforce KPIs/ Learning and development plans Clinical processes/ Failures to comply with regulatory frameworks Committee providing Assurance- Committee with responsibility for assuring the risk and actions are underway and being completed. This Committee has responsibility for updating the risk and ensuring the risk is appropriately escalated. The committees providing assurance should consist of one or more of the following depending on the nature of the risk: Management Board Risk Quality and Safety Where do I go for further advice or information? Your Governance Team /Clinical Directors (Lead) Governance Assurance Unit Training Staff may receive training in relation to this procedure, where it is identified in their appraisal as part of the specific development need. Please refer to the Trust s Mandatory and Risk Management Training Needs Analysis for further details on training requirements, target audiences and update frequencies Monitoring / Review of this Procedure This SOP will be reviewed and revised as necessary to maintain its accuracy and effectiveness. Equality Impact Assessment Please refer to overarching policy Version 1.0 November 2015 Page 4 of 5 Risk Assessment and Risk Register
Data Protection Act and Freedom of Information Act Please refer to overarching policy Standard Operating Procedure Details Unique Identifier for this SOP is State if SOP is New or Revised BCPFT-GOV-SOP-05-1 New Policy Category Executive Director whose portfolio this SOP comes under Policy Lead/Author Job titles only Committee/ Responsible for Approval of this SOP Month/year consultation process completed Governance Executive Director of Nursing, AHPs and Governance Patient Safety Lead Quality and Safety October 2015 Month/year SOP was approved November 2015 Next review due November 2018 Disclosure Status Key words relating to this SOP B can be disclosed to patients and the public Risk, Datix, Risk Management, Risk Register, SOP, Responsible committee, Risk Register Module, High Level Risk Register Review and Amendment History Version Date Description of Change New Procedure established to supplement Risk V1.0 Nov 2015 Management Policy Version 1.0 November 2015 Page 5 of 5 Risk Assessment and Risk Register