Trust Assurance Framework Reviews. (Structure, Engagement and Alignment 2017/18)

Similar documents
What keeps Trust Boards awake at night? (2015 Edition) Foundation and NHS Trust Assurance Framework Benchmarking

PST Board Assurance Framework

Fraud Investigations NHS Trusts & Foundation Trusts

BOARD ASSURANCE FRAMEWORK & SIGNIFICANT RISK REGISTER Trust Board in public

Risk Management Procedure. Version Number: 6.0 Controlled Document Sponsor: Controlled Document Lead:

Risk Management Policy

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

Nagement. Revenue Scotland. Risk Management Framework

Fraud Investigations NHS Clinical Commissioning Groups

Effective Assurance Frameworks

Governing Body Assurance Framework and Risk Register

Risk Management Policy and Strategy

Performance Report. Quarter /14 (July to October 2013) Database-cut: 25 October 2013 Issued: 4 December 2013

RISK MANAGEMENT STRATEGY Version 3

APPENDIX 1. Transport for the North. Risk Management Strategy

Perpetual s Risk Management Framework

MEETING: Governing Body AGENDA ITEM: 6 DATE: 13 December 2018 TITLE: Governing Body Assurance Framework December 2018 AUTHOR:

OPERATING POLICIES AND PROCEDURES Chapter 12 Due Diligence Policy and Procedures. Effective from 28 November 2016

RISK MANAGEMENT POLICY AND STRATEGY

NLG(18)407. DATE OF MEETING 27 November Trust Board of Directors Public. Wendy Booth, Trust Secretary

FOR PUBLICATION RISK MANAGEMENT STRATEGY & ANNUAL REVIEW

Risk Management Strategy

Risk Management & Assurance Strategy. Audit Committee. See reference page 38

RISK REGISTER POLICY AND PROCEDURE

Risk Management Framework

Integrated Risk Management Framework Sept Page 1 of 17

Financial Governance Audits

NHS North Somerset Clinical Commissioning Group Risk Management Strategy and Framework

Integrated Risk Management Framework

UNIVERSITY OF ABERDEEN RISK MANAGEMENT FRAMEWORK

COST IMPROVEMENT PROGRAMME 2011/12 MONTH 6 REPORT

Bournemouth Primary MAT Risk Management Policy

The Annual Audit Letter for Staffordshire and Stoke on Trent Partnership NHS Trust

Discussion. Information

RISK MANAGEMENT ANNUAL REPORT 2016/2017

Risk Management Strategy

Version: th November 2010 RISK MANAGEMENT POLICY

Themed Audit Schools Budget Setting, Management and Control

Worcestershire County Council: Use of External Consultants

Risk Management Strategy

Lloyd s Minimum Standards MS11 Conduct Risk

Board/Committee Prompts Does the Board require any additional information reported in future papers?

The Annual Audit Letter for West Hertfordshire Hospitals NHS Trust

Risk Management Strategy and Standard Operating Procedure

tiaa FINAL Head of Internal Audit Annual Opinion 2013/14 Wandsworth CCG May /14

RISK MANAGEMENT FRAMEWORK OVERVIEW

Thirty-Second Board Meeting Risk Management Policy

A Housing Association Internal Audit Annual Report 2014/15

The Annual Audit Letter for Chorley and South Ribble Clinical Commissioning Group

Risk Management Policy and Framework

Banking Business Themed Examination Programme 2014/15: Governance. Summary findings

Godalming Masonic Hall, Godalming. No Commissioning, Finance and Performance Committee on 17 October Author considers that no exemption applies:

Risk Management Strategy

2.2 For Board Members to approve the five high risks the Trust is facing:

Board Paper summary sheet

CONTACT(S) Marie Claire Tabone +44 (0) Matt Chapman +44 (0)

OFFICE OF THE POLICE AND CRIME COMMISSIONER S PERFORMANCE REPORT

Risk Management Policy

TRUST COMPANY BUSINESS

UNIVERSITY HOSPITAL SOUTHAMPTON NHS FOUNDATION TRUST. Activity Management Monitoring

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Annual Audit Letter. Buckinghamshire Hospitals NHS Trust Audit 2008/09 September 2009

Internal Audit. Income and Receivables. April 2017

George Eliot Hospital NHS Trust - Securing a sustainable future Project. Annex A

Day 2: Session 2 Tax governance, risk and control

SOUTH EAST LOCAL ENTERPRISE PARTNERSHIP ASSURANCE FRAMEWORK

APPENDIX I: Corporate Risk Register

Refreshing TCP Financial Plans for 2018/19

NHS Operating Framework Key point summary, Page 1

GRINDROD SOUTH AFRICA//Policy Risk and opportunity governance framework

Risk Management. Policy and Procedures

Date: 21 August 2018 Report Title: Finance monitoring report ( ) to 30 June 2018 Reference Number: Board Paper 2018/19/30

To: Date of Meeting: Legal Services Board. 26 November 2015 Item: Paper (15) 65. Title: Workstream(s):

Financial Services Authority. With-profits regime review report

Midlothian Integration Joint Board

The Annual Audit Letter for the Royal National Orthopaedic Hospital NHS Trust

Risk Management Strategy

UNIVERSITY COLLEGE LONDON HOSPITALS NHS FOUNDATION TRUST AUDIT COMMITTEE ANNUAL REPORT 2011/2012

Meeting of Bristol Clinical Commissioning Group Governing Body

RISK MANAGEMENT PROCEDURE GUIDANCE

STRATEGIC PLANNING PROCESS (2017) 1.1 The Association s strategic planning framework consists of the preparation of the following documents;

CO14: Risk Management Policy

Internal Audit. Budget Management & Financial Recovery Plan Monitoring. June 2017

Peer & Independent review Feedback and additional guidance paper august 2009

The Annual Audit Letter for Chorley and South Ribble Clinical Commissioning Group

LONDON BOROUGH OF ENFIELD RISK MANAGEMENT STRATEGY

Annual Audit Report 2017 Welsh Ambulance Services NHS Trust

ANNUAL GOVERNANCE STATEMENT FOR THE POLICE AND CRIME COMMISSIONER FOR NORFOLK AND THE CHIEF CONSTABLE FOR NORFOLK

Risk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY

Peer & Independent review Feedback and additional guidance paper august 2009

SHEFFIELD TEACHING HOSPITALS NHS FOUNDATION TRUST EXECUTIVE SUMMARY REPORT TO THE BOARD OF DIRECTORS 21 FEBRUARY 2018

The Greater Manchester Story Steve Wilson Executive Lead Finance & Investment

Bespoke services. Browse our menu of bespoke services to see how we can support your alternative investment fund with our expertise.

Trust Board Meeting 01 October 2015

CENTRAL MANCHESTER UNIVERSITY HOSPITALS NHS FOUNDATION TRUST

Held in the Meeting Room at Henley Campus

INTEGRATED RISK MANAGEMENT FRAMEWORK (STRATEGY AND POLICY)

AUDIT & RISK COMMITTEE CHARTER

Board s corporate objectives for outline a requirement to provide best value for resources and deliver financial balance.

East of England Ambulance Service NHS Trust

Transcription:

Trust Assurance Framework Reviews (Structure, Engagement and Alignment 217/18)

The overall purpose of the insight is to summarise the results of the 217/18 Assurance Framework reviews, highlight good practice examples and key areas for enhancement. 1. Context All government bodies, including the NHS, are required to have processes in place to provide a full annual governance statement (AGS) each year. The Assurance Framework is a key piece of evidence to support the Board in reaching their conclusions on the effectiveness of their internal control systems. The regulatory frameworks for NHS organisations have also increasingly re-emphasised the importance of organisations determining and managing the nature and extent of their strategic risks. Whilst the principles of assurance frameworks have been in place for a number of years, there has been a continued focus on ensuring the embeddedness of these processes and the extent they are used by the Board. The context of assurance rather than reassurance is one that has been played out in a number of organisations, and more than ever, there is a need to demonstrate that the Assurance Framework is at the heart of Board reporting supporting the Board in ensuring the required assurances are sought and received. This paper summarises the results from the detailed individual reviews of the Assurance Frameworks across the trusts (acute, foundation, mental health and ambulance) in MIAA s client base which were undertaken in support of the 217/18 Director of Audit Opinions. The review assessed distinct areas: - The structure of the Assurance Framework; - Board engagement in the review and use of the Assurance Framework; - The quality of the content of the Assurance Framework and whether it demonstrates clear connectivity with the Board agenda and external environment. Each of the criteria above was tested for each Trust and the results were RAG rated as follows: KEY: GREEN Fully meets AMBER Partially meets RED Does not meet We also compared the results to our 216/17 benchmarking exercise in this area to show the differences in the number of Trusts which are now fully compliant with each criteria. Our review of the 216/17 Assurance Frameworks had found all to be at least partially compliant with each criteria.

2. Summary of Good Practice From our review of the Assurance Frameworks across the client base, the best examples demonstrated the following: - Each risk has been linked to one or more of the strategic objectives of the organisation and to any associate corporate risk register risks. Each risk would assign a lead director and any responsible committee whom are charged with reducing gaps in control and receiving assurance. - Increasingly, organisations are using dashboards and graphs to provide an overview of the Assurance Framework risks, including movement in the risk profile (new risks, and increasing/ decreasing scores). - The controls and assurances that are in place to mitigate the risks are listed and a distinction is made between internal and external sources of assurance. - Some organisations have a wider focus across organisation boundaries with an increase in external risks to reflect the environment within which organisations are operating. - Positive assurances that are gained are included within the Assurance Framework and signposted back to the report that provided the assurance and the date when it was reviewed by a committee of the board. - There is a clear section dedicated to list any identified gaps in control and assurance that are used to drive the action plan. - An action plan is included against each risk in the Assurance Framework and includes timescales for completion and a responsible officer is assigned to highlight whom is accountable for the implementation of an action. Some organisations have developed their Assurance Framework to track the delivery of actions and reflect this in the AF update. - The Assurance Framework is regularly presented to the Board (at least quarterly) - The Board minutes demonstrate regular discussion and update of the Assurance Framework. - Discussion and update of the Assurance Framework is embedded into the work programme of the Board committees, with an increasing expectation that other committees ensure oversight of risks within their terms of reference. - There is a clear link between Board agenda items and the Assurance Framework (this can be made through more explicit reference to the Assurance Framework and clear identification of the Assurance Framework risks on agenda item cover sheets).

. Review Results The following provides an overview of the findings from the detailed assessments..1 Structure: Testing Criteria Red Amber Green The structure of the Assurance Framework meets the NHS requirements in respect of defining objectives, risks, controls, assurances and gaps 1 2 97 The objectives within the Assurance Framework align with those in the strategic plan. 7 21 26 79 The format of the Assurance Framework provides an action plan/ place to address the gaps 2 6 1 94 Almost all Assurance Framework formats (97) included the NHS requirements of defining the objectives, risks to achieving objectives, controls in place and gaps in control, and assurances. Our 216/17 benchmarking exercise found 1 to be fully compliant with NHS requirements in respect of structure, demonstrating a small drop during the year. Most Trusts included risk scoring and the AF included current risks, target risks and initial risk. Those containing the least detail in this respect, indicated the initial risk score and the residual risk score, with regard to the current controls in place. However, there were instances of Assurance Frameworks including details of the risk score/ categorisation (high/ moderate/ low) in previous periods (usually quarters) and/or a visual representation of the direction of travel eg arrows or lines indicating increase, decrease or unchanged risk rating. There was a decrease in the number of Trusts who linked the risks on their assurance frameworks to their strategic objectives. (87 in 216/17 to 79 in 217/18). 94 of Assurance Frameworks provided an action plan, this compares to 9 against 216/17 benchmarking. In a number of Trusts, the organisation s Assurance Framework included reference to the movement of risks/ risk profile and the organisation s progress against actions. Good practice evidenced in a number of Trusts show target risk scores had been set and included in the Assurance Frameworks, but a lesser number included the proposed date for achievement of this target score. There was a large variation in the level of detail contained therein within Assurance Frameworks. The most detailed assurances referenced specific reports demonstrating where actual assurances had been provided, although in some documents the assurances were more

general e.g. listing the committees which should provide assurance. Frameworks set out with one risk per page rather than in a tabular format enabled more detailed recording within the Assurance Framework document, including a list of actions in respect of the risk, ownership, timescales, status and updates on progress against each action. Others, whilst identifying actions, were in some cases limited to this, with omissions including timescales, ownership of the action (although risk owners were documented) and updates on progress against actions. Some Trusts had included a summary within the Assurance Framework, particularly where the format was set out to show one objective or risk per page, rather than a shorter document with all risks included in a table. Examples of these summaries were heat maps, indicating where risks sit on the risk matrix, or summary sheets. For example one summary listed the key risk against each objective, the initial and current risk score and key changes since the last update..2 Engagement: Testing Criteria Red Amber Green The Assurance Framework is regularly presented to the Board. 1 The minutes of the Board clearly demonstrate discussion, review and update of the Assurance Framework 9 91 The minutes of Board Committees clearly demonstrate 6 27 consideration of the Assurance Framework and associated risks 2 8 The number of Trusts regularly presenting the Assurance Framework to the Board was 1 (216/17 97). There was variation in the manner Assurance Framework was presented and discussed at Trust Boards, in order to test this we reviewed Board and committee minutes for evidence that the organisation demonstrates the use of the Assurance Framework as one of its tools in achieving its strategic objectives. The majority 91 (an improvement for the 74 benchmark position to 216/17) of Trusts were rated as Green, Trusts were rated as Amber typically because either: o The Board minutes demonstrated that there could be greater visibility of the use of the Assurance Framework by the Board. For example the Assurance Framework is to be

o presented bi-monthly to the Trust Board, as the Trust Board meets bi-monthly this should be a standing item, it was not presented at the required meeting. Whilst the Assurance Framework presented is detailed in its content, the minutes did not reflect a full discussion, limited challenge on risk status and risk mitigation activities or assurances received. With regard to the evidence that the Board minutes clearly demonstrate consideration of the Assurance Framework and associated risks 27 (8) Trusts demonstrate good practice and have clear oversight of the risks within their terms of reference. Sub-committees provide assurances to the Board with regard to the risks within the Assurance Framework and therefore reporting and minutes should clearly reflect discussions surrounding these. We noted that in some cases the sub-committee minutes presented to the Board demonstrated discussions surrounding the Assurance Framework risk topics but the minutes did not link these discussions to the Assurance Framework, which could indicate limited use of the Assurance Framework document at committee level. Where the Board does not receive full sub-committee minutes from all committees there is a need to demonstrate discussion of the Assurance Framework at committee level. This is particularly relevant where there is reporting by exception or highlight reports which do not include detail of the full discussion surrounding the risks. We recommended that Trusts considered developments in this area including ensuring that minutes of the Board are more detailed in respect of the discussion around the Assurance Framework and clearly reflect the links to the Assurance Framework and that the reporting format from sub-committees into the Board is appropriate to provide the assurances expected and is clear to assist the Board in identifying the relevant information. Trusts should also ensure greater visibility of the Assurance Framework at committee level to ensure collective ownership of the document.. Quality and Alignment: Testing Criteria Red Amber Green The risks within the Assurance Framework are visible on the Board agenda. 1 The risks identified within the Board minutes are reflected in the Assurance Framework. 1

Board assurances are clearly identified within the Assurance Framework. 1 1 9 19 58 Controls are clearly defined within the Assurance Framework. 1 2 97 Gaps are clearly identified within the Assurance Framework and actions detailed. 1 2 6 91 There was a high level of compliance with these criteria demonstrating that for many Trusts the Board agenda is focused upon the key strategic risks of the organisation and the Assurance Framework is maintained and updated to ensure that it reflects the strategic risks identified by the Board. In particular, the visibility of the risks within the Board agenda has improved since 216/17, when 97 of Trusts fully met the criteria compared to 1 for 217/18. For 217/18 1 of Trusts adequately evidenced that the Board agenda is driven by the full Assurance Framework, to facilitate discussion on all key risks of the organisation. For 217/18 58 of Trusts evidenced clear identified assurance within the Assurance Framework with clearly defined controls in place as part of the organisation Assurance Framework for 97 of Trusts. For 91 of Trusts gaps are clearly defined as part of the Assurance Framework action plan (or equivalent). Best practice considerations also included greater clarity within papers and documents of the link to the Assurance Framework risks and executive leads ensuring that they highlight key discussions within the meetings, and the risks which are being addressed, and that this connection is recorded in the minutes. 4. Risks The table below shows the top 1 risk themes identified from a wider benchmarking exercise undertaken by MIAA in 217. A similar review was undertaken in 216 which provides a comparison of the changes in the prominence of risk themes. TOP 1 Trust AF Risk Themes 217 TOP 1 Trust AF Risk Themes 216 1. Financial Duties, Continuity of Services & CIP 1. Quality of Services & Patient Safety 2. Staff Capacity & Capability (incl. leadership) 2. Staff Capacity & Capability (incl. leadership). Quality of Services and Patient Safety. Financial Duties, Continuity of Services & CIP

TOP 1 Trust AF Risk Themes 217 TOP 1 Trust AF Risk Themes 216 4. IMT, Data Quality & New System 4. Transformation & Service Redesign Implementation 5. Transformation & Service Redesign 5. Regulatory Standards 6. Performance targets 6. IMT, Data Quality & New System Implementation 7. Regulatory standards 7. Contracts and Demand 8. Contracts and Demand 8. Performance targets 9. Strategic Partnerships and Partnership 9. Patient Experience, Feedback & Complaints Working 1. Staff Engagement and Culture 1. Staff Engagement and Culture Trusts may wish to review their AF risks to consider whether any risks with regard to the above list should be included. 5. Next Steps The Insight summarises the results of the 217/18 Assurance Framework reviews, highlighting areas of good practice examples and also key areas for enhancement. It provides information to support organisations in understanding how their approach to the Assurance Framework compares to others. It is intended to prompt and inform discussions on this important aspect of Trust governance. Organisations should: Review the outcomes of the benchmarking to establish if there are any learning points for your organisation. Contact MIAA for further information on the issues raised, or please speak to your Senior Audit Manager for information and support. For more information or to request a benchmarking topic please speak to your Senior Audit Manager or contact: Louise Cobain, Assistant Director r&d@miaa.nhs.uk

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback