Date 4 th September 2015 Dr Ruth Charlton, Joint Medical Director / Jill Down, Associate Director of Quality Laura Rowe, Compliance Manager

Transcription

1 TB 099/15 Meeting title Report title Trust Board Risk Management Strategy Date 4 th September 2015 Lead director Report author FOI status Dr Ruth Charlton, Joint Medical Director / Jill Down, Associate Director of Quality Laura Rowe, Compliance Manager Disclosable Report summary Purpose Recommendation Strategic objective links CQC standard Identified risks and risk management actions Resource implications Legal implications Equality impact assessment Report history Considered by other committees Appendices The Risk Management Strategy was due for review in August This has been re-written in its entirety and the Terms of Reference removed for the high level risk committees, as these now form part of the Governance Framework. Approval. The board is asked to approve the strategy. Our patients, our services, our people. Safe, effective, caring, responsive, well-led. None noted. None noted. None noted. None noted. Not applicable. No. Appendix 1 Risk Management Strategy 1

2 Risk Management Strategy Version: Version 2.0 Ratified by: Date ratified: August 2011 Name/title of originator/policy author(s): Name of responsible committee/individual: Lead Executive(s): Trust Executive Jill Down, Associate Director of Quality Laura Rowe, Compliance Manager Trust Executive Ruth Charlton, Joint Medical Director Date issued: August 2015 Review date: August 2017 Target audience: All staff AMENDMENTS (No more than three per policy version) DATE 1

3 Contents Section Page 1. INTRODUCTION 3 2. STRATEGIC OBJECTIVES 3 3. DEFINITIONS 4 4. BOARD ASSURANCE FRAMEWORK Risk Appetite (Tolerance) 6 5. RISK MANAGEMENT ORGANISATIONAL STRUCTURE Risk Management Structure Terms of Reference Process for High Level Review of the Risk Register 7 6. DUTIES OF KEY INDIVIDUALS 8 7. RISK MANAGEMENT CO-ORDINATION AND SUPPORT RISK ASSESSMENT PROCESS Risk Assessment and Scoring Action Planning Monitoring and Closure MANAGEMENT RESPONSIBILITY FOR DIFFERENT LEVELS OF RISK All Managers PROCESS FOR MANAGING COMPLIANCE PERFORMANCE MONITORING AND KPIs (IN RELATION TO RISK) TRAINING COMMUNICATIONS REFERENCES 16 APPENDICES Appendix A Trust Board and Structure 17 Appendix B Board s Responsible for Risk 18 Appendix C Directorate Governance Group Terms of Reference 19 Appendix D Directorate Governance/Risk Group Suggested Agenda 22 Appendix F Policy Monitoring Table 23 Appendix G Equality Impact Assessment 28 Page 2 of 30

4 1. INTRODUCTION Epsom and St Helier University Hospitals NHS Trust (the trust) is committed to providing great care to patients every day and to the delivery of its corporate objectives and strategic plan. The trust recognises that to support the achievement of these objectives, and to provide safe, quality services an effective risk management structure must be in place. The trust s corporate objectives reflect the commitment to: Deliver safe and effective care; Create a positive patient experience; Provide responsive care; Be financially sustainable; and, Work in partnership with our Clinical Commissioning Groups (CCGs) and other stakeholders. Risk management is the recognition and effective management of all threats and opportunities that may have an impact on the trust s reputation, its ability to deliver services and the achievement of its objectives and values. The trust recognises that some risks will always exist and never be eliminated, but is committed to identifying, evaluating and controlling risks to ensure that they are reduced to an acceptable level, or eliminated, in accordance with the trust s documented risk appetite, as far as is reasonably practicable. This strategy and policy applies to all areas and activities of the trust and to all individuals employed or engaged by the trust, including contractors, volunteers, students, locum and agency staff and staff employed on honorary contracts. 2. STRATEGIC OBJECTIVES The trust s overarching strategy is to manage all types of risk effectively in order to deliver safe, effective and responsive care, and to create a positive patient experience, within a well-led organisation. The trust aims to reduce risk over time by ensuring there is effective organisational learning arising from the investigation and trend analysis of incidents, complaints and claims, and by ensuring that risks are effectively assessed, recorded, escalated and managed and that risk management becomes a part of everyday management practice. The trust s risk management objectives (and the objectives of this Risk Management Strategy and Policy) are: To outline the trust s strategic framework in relation to risk management; To inform policy and operational decisions by identifying risks and their likely impact; To minimise the potential for harm to patients, all staff and visitors to as low a level as is reasonable practicable; To protect high standards of patient care, staff safety, reputation and assets; To support on-going compliance with relevant statutory, mandatory and professional requirements, including legal requirements; Page 3 of 30

5 To support effective engagement of staff and patients in managing risk; To support the development of a learning culture; and, To support the integration of risk management into all clinical and non-clinical processes to support achievement of the trust s corporate objectives. These objectives will be achieved by: 3. DEFINITIONS Hazard Clearly defining the roles, responsibilities and reporting lines within the trust for risk management; Reinforcing the importance of risk management as part of the everyday work of all staff employed or engaged by the trust; Maintaining a comprehensive Risk Register containing both clinical and non-clinical risks and reviewing this on a regular basis; Ensuring controls are in place to mitigate risks and that these are understood by those expected to apply them; Ensuring that gaps in controls are identified and rectified in a timely manner; Maintaining documented procedures for the control of risk and providing suitable information, training and supervision; Preparing contingency plans to secure business continuity; and, Monitoring all arrangements in order to seek continuous improvement. A hazard is something (e.g. an object, a property of a substance, an activity, etc.) with the potential to cause harm. Risk Risk is defined as the likelihood of a hazard resulting in an incident, set against the severity of the incident, were it to occur. Controls Controls are the mitigating actions put in place to reduce or eliminate the risk. Risk Appetite Risk appetite is defined as the amount of risk and organisation is prepared to tolerate in pursuit of its strategic objectives. Risk Management and Assessment Page 4 of 30

6 Risk management is the identification, measurement, analysis, prioritisation and control of risk. Identified risks can be corporate (organisation-wide impact), clinical, non-clinical, financial or related to business planning, statutory compliance and/or service change. 4. BOARD ASSURANCE FRAMEWORK (BAF) The Board Assurance Framework (BAF) identifies those risks which impact on the trust being able to achieve its corporate objectives and seeks to provide assurances to the Board of the mitigating controls in place. The Risk Register is distinct from the BAF in that risks are identified at department and directorate level and reported up to the Board depending on the level of severity. The Board reviews the BAF quarterly as part of the assurance that all high level risks to the achievement of the corporate objectives are being managed appropriately. The Trust Board agrees the corporate objectives as part of the business planning cycle at the start of each financial year. An Executive Director is assigned to each strategic objective and takes responsibility for: Agreeing the principal risks that may threatened the achievement of the objectives; Agreeing the trust risk appetite and monitoring progress against this; Identifying and evaluating the mitigating controls in place to manage the risks; Scoring the risks, both before and after mitigating controls have been put in place; Evaluating the assurances provided to the Board that the trust is managing the risks to an acceptable level of tolerance; Identifying where there are gaps in controls and assurances and establishing action plans to address these; and, Achieving the objective. The Trust Board has agreed the following arrangements for managing the risks identified on the BAF: The BAF and associated action plans are submitted to the TEC, the PSQC and Trust Board three times per year alongside a summary report highlighting any new risks or changes to existing risks; Members of the trust executive team are the nominated leaders for risks on the BAF and have authority to add and amend risks in relation to the achievement of trust corporate objectives. The trust executive will ensure that progress is being made to eliminate or reduce the impact of the risk; and, The Audit, as a sub-committee of the Trust Board, has oversight of the underlying assurance processes that indicate the degree of achievement of corporate objectives through which the Board gains assurance in relation to the management of the BAF. 4.1 Risk Appetite (Tolerance) The Board of Directors determine and record the level of risk appetite that is deemed acceptable to the trust related to each of the corporate objectives, and monitor progress against this. This is reviewed, as required. Page 5 of 30

7 Any risk deemed to be above the acceptable level will be considered for escalation in accordance with the table in paragraph 10 below. All risks rated as extreme must be presented to the Chief Executive s Team Meeting (CTM) which meets weekly, for approval and action, before being placed on the Risk Register. Extreme risks should also be considered for inclusion on the BAF against the relevant objective. 5. RISK MANAGEMENT ORGANISATIONAL STRUCTURE 5.1 Risk Management Structure The trust s organisational structure in relation to risk management is detailed at Appendices A and B. Individual members of committees have key responsibilities for taking risk issues to appropriate forums at all levels in the organisation and to ensure that actions are planned and implemented by the relevant groups. They are also responsible for ensuring feedback is received by the identifying committee or group. The clinical and corporate Directorate Governance Groups report to the CQAC and the Health, Safety and Risk but are accountable to the Operational Management Group (OMG). The main committees with responsibility for risk management have been summarised below: Trust Board The Trust Board receives and reviews the Board Assurance Framework (BAF) on a quarterly basis and reviews mitigating actions to ensure that there are assurances in place which address all significant risks. Audit The Audit meets quarterly and is responsible for ensuring that there are sound systems of internal control within the trust. It receives information from a number of sources including internal and external audits in key risk areas. The Audit also receives reports from the Patient Safety and Quality. Patient Safety and Quality (PSQC) The PSQC is a committee of the Board and has delegated responsibility for risk management. It assures the Board that there are mitigating controls in place to address all significant risks and reviews the Risk Register on a quarterly basis. The PSQC also reviews the BAF on a quarterly basis in advance of the Board. Trust Executive (TEC) The TEC is an Executive only committee and meets monthly. The main purpose of this committee is to: Page 6 of 30

8 Manage the clinical and non-clinical services on behalf of the Trust Board; Resolve operational performance issues to ensure that the trust operates safely, effectively and efficiently in a patient focussed way; Resolve financial performance issues; Make the major operational and strategic decisions not reserved to the Board; Make recommendations on matters reserved to the Board; and, Ensure that there is an effective business planning process in place. Clinical Quality Assurance (CQAC) The CQAC meets monthly. The purpose of the committee is to ensure clinical excellence from the review of clinical outcomes and patient experience with specific emphasis on improving patient safety. Health, Safety and Risk This committee meets monthly and seeks clarifications from directorates with regards to their Risk Registers, specifically in relation to non-clinical risk. Directorate Governance Groups Each clinical directorate within the trust has Governance Group, with a standardised agenda and terms of reference (see Appendices C and D). The Group reviews directorate level risks and other governance issues. Each Directorate provides a quarterly report to TEC and a periodic, scheduled report to the Health, Safety and Risk which highlights key areas of concern. Maternity risks are reviewed at the Maternity Board meeting held every two months. Following this meeting, the Trust Executive and the Trust Board receive a Maternity Report which identifies the latest performance standards and key risks within the maternity service. 5.2 Terms of Reference Terms of reference for the following high level committees with overarching responsibility for risk are included in the trust s Governance Framework, available on the trust intranet. 5.3 Process for High Level Review of the Risk Register The majority of risks on the trust Risk Register are managed at a local level within the appropriate directorates with all extreme risks reviewed at Executive Director level for approval and action, prior to their inclusion on the Risk Register. The Compliance Manager, within the Quality Directorate, produces a monthly report of all extreme risks, and a quarterly report summarising all risks within the organisation by directorate, to both the Trust Executive and the PSQC. These reports are also reviewed by the CQAC and the Health, Safety and Risk. Page 7 of 30

9 Minutes of the PSQC are reviewed by the Trust Board. As mentioned above, each clinical directorate also provides a detailed quarterly report of all local risk issues to the CQAC and a scheduled report to the Health, Safety and Risk. 6. DUTIES OF KEY INDIVIDUALS The Trust Board The Trust Board are collectively responsible for ensuring the trust: Has effective risk management systems in place; and, Has an effective reporting structure in place to allow scrutiny of key governance and risk issues. Chief Executive As Accountable Officer the Chief Executive has the responsibility for maintaining a sound system of internal control that supports the achievement of the organisation s objectives. This includes ensuring that there are systems in place to identify and manage risk. Joint Medical Director The Joint Medical Director is the Executive lead for risk and is accountable for ensuring there are suitable arrangements, systems and processes in place for supporting risk management and clinical governance, thereby ensuring that patient safety is paramount within the trust. Director of Estates and Capital Projects The Director of Estates and Capital Projects is the lead Executive responsible for nonclinical risk and reports to the Trust Board through the PSQC. The role includes ensuring that there are robust arrangements, systems and processes in place for supporting nonclinical risk. Chief Nurse The Chief Nurse is accountable for:- Professional leadership and clinical practice risks relating to nursing, midwifery and allied health professionals and ensures that issues concerning risk management can be escalated immediately to the Trust Board; Infection control; and, Trust Board representative for the Maternity Service. Page 8 of 30

10 Director of Finance and Performance The Director of Finance and Performance is accountable for Financial and Information risks, and ensuring that the trust carries out its business within sound financial governance arrangements. Director of Strategy and Business Development The Director of Strategy and Business Development is also the Senior Information Risk Owner (SIRO) and is responsible for the medium and long term development and implementation of strategies to improve the care we provide to patients and to improve the overall financial position of the trust, both internally and in partnership with the trust s commissioners and other stakeholders. Chief Operating Officer The Chief Operating Officer has responsibility for overseeing the day to day delivery of clinical and non-clinical services and the effective implementation of the strategy within the organisations directorates. Trust Secretary The Trust Secretary is responsible for the administration of the BAF and for offering guidance to the Trust Board on matters of compliance and regulation. Associate Director of Quality The Associate Director of Quality is responsible for leading the Quality team, which includes the operational processes for clinical governance and the management of clinical risk. Individual Executive Directors Each risk on the BAF is allocated to a specific Executive Director who is responsible for managing that risk. Non-Executive Directors (NEDs) The Non-Executive Directors (NEDs) are responsible for ensuring that risks are managed appropriately in the trust. The NED role is to chair or be a member of the Board and its committees, including the Audit and the PSQC. Directorate Responsibilities Each clinical and corporate director is ultimately responsible for clinical governance and risk management within their directorates. Page 9 of 30

11 Each directorate will have a designated risk lead/quality Manager responsible for instigating and co-ordinating the clinical governance and risk management processes within the various areas of their directorate. This will include overseeing the reporting and management of incidents (including investigation, being open, learning and action plans), the risk identification and assessment process and maintenance and review of the directorate risk register. Responsibilities of Trust Staff All staff have a duty to themselves and others to take reasonable care of health and safety at work, and to co-operate with employers to ensure compliance with health and safety requirements. All trust employees have an individual responsibility for good governance and risk management within the remit of their job and this is outlined in their job description and job plan (DoH, 2015). All trust staff must: Embrace and promote the trust values; Work in accordance with trust policies and procedures; Attend trust induction and mandatory training; Demonstrate compliance with the CQC fundamental standards; and, Report incidents, near misses and risks. Additionally, all clinical staff must practice in accordance with the standards of their professional bodies. 7. RISK MANAGEMENT CO-ORDINATION AND SUPPORT Risk management support is provided by the Quality Directorate, which includes the Associate Director of Quality, the Clinical Risk Manager, the Legal Services Manager, the directorate Quality Managers and the Compliance Manager. The Compliance Manager is responsible for overseeing the management of the Risk Register, producing quarterly reports to the Health, Safety and Risk and the Trust Executive and for updating the trust policies in relation to risk management. The Non-Clinical Risk Manager, within the Estates and Capital Projects Directorate, provides non-clinical/health and Safety risk support and provides Risk Management and Risk Assessment training for the trust. The Quality Team will co-ordinate and support risk management activity within the trust by ensuring: Trust policies relating to risk management are reviewed, disseminated, developed and initiated, as appropriate; Information on risk management is readily available within the trust for staff, patients and stakeholders; Page 10 of 30

12 The risk management database (incident reporting, risk register, complaints management, PALS and claims management) is maintained and developed when necessary as local or national changes occur; The development of aides to support the risk management process (e.g. specific investigation training, template letters, workshops, etc.); Each directorate evaluates their risks so as to maintain a live, up to date risk register, giving any necessary assistance as required; The collation of evidence for external bodies is efficiently co-ordinated; and, Regular and ad hoc reports on risk management activities are produced for the Trust Board and other high level risk committees. 8. RISK ASSESSMENT PROCESS Full details of the risk assessment process, including the scoring matrices are included in the Risk Assessment and Risk Register Procedure, available on the trust intranet. Risk assessments must be carried out whenever a risk is identified regardless of the area e.g. clinical, corporate, operational or financial, and the process is made up of three key stages; risk identification; risk analysis and risk control. All risk assessments are entered onto the trust risk management database (DatixWeb) risk register module which enables them to be linked to the trust s overarching corporate objectives. The risk identification process needs to be comprehensive to ensure the Risk Register can be used as the central source of evidence supporting the overall system of internal control. Staff must have received the trust training before completing risk assessments. Further information can be found in the trust Training Programme Manual, which is refreshed annually. There are a number of sources through which risks will be identified and they are divided into internal sources and external sources. This includes, but is not limited to: Internal Sources Business planning and objective setting; Complaints; Health and safety reports; Incident reporting and review; Information analysis; Inquests; Internal audit reports; Legal claims; and, General observations. External sources Benchmarking data; Care Quality Commission guidance and reports; Page 11 of 30

13 Confidential enquiry reports; External audit reports; External reviews and accreditations; Health and safety legislation; Health Service Ombudsman reports; NICE Guidance; External stakeholders, including patient groups; Overview and scrutiny committees; and, Safety alert bulletins. These sources can be both reactive (where the risk has already had an impact on the person or organisation) or proactive (carrying out a risk assessment for determining what potential harm might incur and then implementing an appropriate control measure to prevent that harm from occurring). All risks will have an identified Risk Owner and will have action plans identified, where relevant. The risk needs to be described clearly to ensure that there is a common understanding by all stakeholders. As a minimum a Risk Register must contain: The Risk Reference (automatically generated by Datix); A link to the relevant corporate objective; The risk description; The current controls in place; The Risk Owner; Rating of likelihood and consequence both initially (before controls), current (with controls) and target (residual risk); Action plans (where applicable); and, A review date. 8.1 Risk Assessment and Scoring It is vital that all risks are scored in an objective and consistent manner if they are to support the trust in the achievement of its objectives. Issues raised are firstly assessed on the most probable consequence and the likelihood of the consequence occurring as a result of the issue before any controls are put in place ( initial score). The risk is then reassessed against the current controls ( current score) and the target level of risk indicated, once all action plans have been completed to address any gaps in controls identified. When assessing how likely it is that the risk will be realised, the assessor should consider the adequacy of the current controls in place and the number of incidents that have occurred in percentage terms, associated with the risk. Page 12 of 30

14 The trust uses the National Patient Safety Agency (2008) Risk Matrix for Managers to calculate a risk score. These matrices can be found in the Risk Assessment and Risk Register Procedure. 8.2 Action Planning Following completion of a Risk Assessment, consideration must be given as to whether the risk requires further management (i.e. treating rather than tolerating the risk) in order to reduce or eliminate the risk. Where this is the case, an action plan must be formulated and included within the Risk Register on Datix. 8.3 Monitoring and Closure The Risk Register, including the implementation of action plans and the levels of risk must be kept under regular review via the appropriate Directorate Governance Group, which meets monthly. Future review dates indicated against the risk must be adhered to. Once the risk has been eliminated or the event has passed it can be moved to the closed Risk Register for audit purposes. 9. MANAGEMENT RESPONSIBILITY FOR DIFFERENT LEVELS OF RISKS The following levels of escalation and action apply to risks in the risk score ranges shown below: Risk Score Extreme 8-12 High 4-6 Moderate 1-3 Low Report to and monitoring of actions: Chief Executive and/or Executive Director via CTM; Directorate Management Team (Clinical Director; General Manager; Head of Nursing; Quality Manager). Directorate Management Team (Clinical Director; General Manager; Head of Nursing; Quality Manager). Directorate Management Team (Clinical Director; General Manager; Head of Nursing; Quality Manager). Directorate Management Team (Clinical Director; General Manager; Head of Nursing; Quality Manager). Risks must be responded to with actions plans/control plans in place in the following timeframes (risk proximity): Risk Score Targets Times for Initial Action: Within 48 hours (may also require an incident form to be completed) Page 13 of 30

15 8-12 Between 48 hours - 3 weeks weeks weeks 9.1. All Managers All Managers must ensure that the risk management practices are upheld. It is their responsibility to identify, record, report and manage appropriately any risks in connection with their directorate using the risk management processes described in this document. Where a Manager identifies a lack of compliance with this policy and its procedures, it is their responsibility to challenge practices. Managers are responsible for ensuring that their staff have undertaken the necessary risk management training applicable to their job and are aware of their own responsibilities with respect to risk management. The severity of risks will determine where they are to be reported, in addition to regular review at the local Directorate Governance Group. The following table sets out the hierarchy: Risk Level Risk Score Reported to: Extreme Chief Executives Team Meeting (CTM) before inclusion on the Risk Register/PSQC, TEC and Health Safety and Risk, Directorate Governance Group High 8-12 PSQC, TEC, Health Safety and Risk and Moderate 4-6 PSQC, TEC and Health Safety and Risk Low 1-3 PSQC, TEC and Health Safety and Risk All risks that cannot be adequately controlled will have gaps in controls (additional controls required) identified and action plans developed, which will be monitored locally through the Directorate Governance Groups. Trust-wide risks associated with the BAF will be monitored through the PSQC. The relevant manager is responsible for ensuring that all employees are aware of the risks within their area and their personal responsibilities in relation to these. Each Directorate has an identified Risk Lead who has overall management responsibility for the Risk Register and who will ensure that the appropriate risks are disseminated to all staff. 10. PROCESS FOR MONITORING COMPLIANCE The monitoring table has been included at Appendix E. Page 14 of 30

16 11. PERFORMANCE MONITORING AND KPIs (IN RELATION TO RISK) This strategy is monitored for its effectiveness by the Audit, which meets quarterly. The Audit approves the Internal Audit Annual Plan to ensure systems of control are in place and are effective. A range of Key Performance Indicators (KPIs) are audited to ensure minimum requirements are being met. The efficacy of the clinical risk component of the Risk Management Strategy is monitored via sub-committees through monitoring of clinical audit, incident reports, patient experience information and KPIs. Improvements in risk management performance are measured through the following: 12. TRAINING Monitoring compliance with national standards; Monitoring actions within the Quality Strategy; review of the Risk Register and the BAF; and, Monitoring the quality of services through targets detailed in the NHS Operating Framework. Training associated with risk management is set out in the trust s Statutory and Mandatory Training Policy and the associated Training Needs Analysis. Risk Management training for all staff, including Trust Board members and senior managers is formally monitored and recorded on the centralised Electronic Staff Record database. Trust Board members and senior managers receive a Risk Management Awareness Training programme which is updated annually taking into account any new legislation and guidance. All new staff receive basic risk management training at their induction and this is continued and developed through statutory and mandatory training throughout employment with the trust. The trust's annual Training Programme Manual is available via the trust intranet and contains all course information. Other risk related training is provided either at induction or at the local induction, including, but not limited to: Blood handling; Child Protection; Fire Safety; Infection control; Health and safety; Manual handling; Resuscitation; and, Information Governance. Page 15 of 30

17 Compliance with the training requirements, including recording of attendance and followup of non-attendance is set out in the Statutory and Mandatory Training Compliance Policy. 13. COMMUNICATIONS This strategy will be communicated to all staff via e-update. It will also be available for all staff to view via the trust intranet. Learning from the risk management processes (e.g. incident investigations etc.) is cascaded to all staff via the Directorate Governance Groups, multi-disciplinary meetings (MDT) and via specific periodic bulletins (e.g. Risky Business, etc.). 14. REFERENCES Department of Health (2008). High quality care for all: NHS Next Stage Review final report. London: Department of Health. Available at: Department of Health (2015). The NHS Constitution for England. London: Department of Health. Available at: Health and Safety Executive (HSE). (2010). Leading Health and Safety at Work: Leadership Actions for Directors and Board Members. London: HSE. Available at: Monitor. (2015). Risk Assessment Framework. London: Monitor. Available at: National Patient Safety Agency (2008) A risk matrix for managers. Available at: Steering Group on behalf of Dr Foster Intelligence. (2006). The Intelligent Board. London: NHS Appointments Commission. Available at: Steering Group on behalf of Dr Foster Intelligence. (2006). The Intelligent Commissioning Board: Understanding the information needs of SHA and PCT boards. London: NHS Appointments Commission. Available at: Page 16 of 30

18 Trust Board and Structure APPENDIX A Page 17 of 30

19 Appendix B Board s responsible for Risk Page 18 of 30

20 Appendix C EPSOM AND ST HELIER UNIVERSITY HOSPITALS NHS TRUST DIRECTORATE GOVERNANCE/ RISK GROUP TERMS OF REFERENCE Title: Date approved and approving body: Purpose: Directorate Governance/ Risk Group Clinical Governance The Directorate Governance/ Risk Group is responsible for instigating and co-ordinating all risk management processes (Clinical and Non Clinical) within the Directorate, including incident reporting, risk assessments, complaints, responses to relevant National Patient Safety Alerts and other alerts. The Directorate Governance/ Risk Group is responsible for ensuring any necessary actions or changes arising from lessons learnt from incidents, complaint and claims. The group is also responsible for co-ordinating and reviewing progress against National standards, such as CQC and NHSLA. Approach: Membership: Inputs: Incident and SI summary and progress reports, complaints and claims reports, national standards progress reports, risk assessments for ratification and risk register reports. Outputs: Minutes, exception reports to the Clinical Governance, Trust Health and Safety and Risk (and Maternity Board for Women and Children s Health). Clinical Director Head of Nursing General Manager Quality Co-ordinator Matrons Consultant physicians Representatives at Ward level may be invited as required. If a member of the group is unable to attend, they must Page 19 of 30

21 send a representative who is able to make decision on their behalf. Chair: Head of Nursing Secretary: Quorum: Frequency of Meetings: Attendance: Agenda and Paper: Minutes: Duties decision making: Duties advisory: Duties monitoring: Sub-groups: Head of Nursing Matrons Quality Co-ordinator Consultant physician Monthly At least 5 members to be present. The agenda and papers will be distributed at least 5 days prior to the meeting to allow for the due consideration of members of the group. Minutes will be produced and a report submitted for approval by the Risk on a rotational basis (usually twice per year) and to the Clinical Governance every two months. 1. To ratify all new risk assessment. 2. To review existing risks on the Risk Register. 3. To agree actions in response to incidents, complaints and claims. 4. To agree local strategy to ensure compliance with National standards. To provide exception reports every two months to the Clinical Governance. 1. To ensure that all national standards are being applied. 2. To ensure that incidents reported are being monitored for Trends and the completion of investigation reports. 3. To monitor the progress of action plans arising from incident investigations. 4. To disseminate lessons learnt from incidents, complaints and claims. 5. To monitor the Directorate Risk Register. Not relevant. Page 20 of 30

22 Accountability: Authority: Reporting responsibilities: Performance: The Group is accountable to the Health and Safety, Risk and the Clinical Governance. The group is authorised to ratify risk assessments and to monitor adherence to Trust Risk Management strategy, including the reporting and investigation of incidents. Minutes will be produced and a report submitted for approval by the Risk on a rotational basis (usually twice per year) and to the Clinical Governance every two months. The Group shall review its own performance against these Terms of Reference. Page 21 of 30

23 Appendix D Directorate Governance/ Risk Group Suggested Agenda 1. Minutes of the previous meeting 2. Matters arising 3. Directorate scorecard Agenda Item 4. Health & Safety issues. Risk Advisors Report, Annual Health & Safety Plan, Ward/Department Progress Reports 5. Report (s) on incidents broken down by level and by trends, and including the monitoring of action plans 6. Sis including dissemination of learning 7. Complaints & litigation lessons learned 8. Risk assessments for ratification 9. Risk register review 10. MDA/NPSA/CAS alerts and actions 11. Safeguarding Adults Children 12. NHSLA progress report 13. CQC progress report 14. External standards monitoring and action planning 15. Statutory and Mandatory Training 16. Sickness Absence 17. Any Other Business Page 22 of 30

24 APPENDIX E - MONITORING AND REVIEW POLICY NAME: RISK MANAGEMENT STRATEGY (1) ELEMENT Item being monitored (2) LEAD Lead for monitoring this aspect (3) TOOL Tool to be used for monitoring this aspect of the policy (4) FREQUENCY Frequency of reporting (5) REPORTING ARRANGEMENTS Monitoring to be reported to: (6) ACTION LEADS or lead individual who will take responsibility for implementing actions (7) CHANGE IN PRACTICE How system or practice changes will be implemented (8) LESSONS TO BE SHARED How lessons learned will be shared Risk Management Strategy and Policy The Risk Management structure, detailing all those committees and groups which have some responsibility for risk. How the Board or high level risk committees review the organisationwide risk register. Duties of the key individuals for risk management. Trust Secretary for Board committees; plus Chairs of each Board sub committee Associate Director of Quality/ Compliance Manager Trust Secretary for Board committees; plus Chairs of each TOR s template document available on intranet will stipulate Board reporting arrangements Report of risks scoring 15 or greater Summary of the Risk Register by directorate TOR s template document available on intranet will stipulate Board reporting TOR s reviewed annually or when reporting changes are implemented Monthly Quarterly TOR s reviewed annually or when reporting changes are implemented Trust Board for committees of the Board Patient Safety and Quality Health Safety and Risk Clinical Quality Assurance Information Governance committee Health, Safety and Risk Trust Executive Patient Safety and Quality Trust Board for committees of the Board Patient Safety and Quality Board/Chair chair Sub-committee chairs As appropriate Not relevant Chairs As appropriate Compliance Manager to liaise within individual directorate risk leads Board/Chair chair As appropriate Not relevant Page 23 of 30

25 (1) ELEMENT Item being monitored Process for the management of risk locally to reflect the organisation wide risk management strategy (2) LEAD Lead for monitoring this aspect Board sub committee Directorate risk leads (3) TOOL Tool to be used for monitoring this aspect of the policy arrangements Directorate Risk Management reports; Minutes of Directorate Governance Group meetings. (4) FREQUENCY Frequency of reporting Periodically Quarterly (5) REPORTING ARRANGEMENTS Monitoring to be reported to: Health Safety and Risk Clinical Quality Assurance Information Governance committee Reports and minutes scrutinised by the Health, Safety and Risk Areas of concern will be reported back to the appropriate directorate, and reported up to the Patient Safety and Quality (6) ACTION LEADS or lead individual who will take responsibility for implementing actions Subcommittee chairs Health, Safety and Risk Chair of the Health, Safety and Risk (7) CHANGE IN PRACTICE How system or practice changes will be implemented Good practice used in other directorates will be shared where local teams are unable to adopt good risk management processes. (8) LESSONS TO BE SHARED How lessons learned will be shared Lessons learnt will be reported back at Health, Safety and Risk. Risk Management s(s) TOR s will include reporting arrangements to the Board Trust Secretary for Board committees; plus Chairs of each Board sub committee TOR s template document available on intranet will stipulate Board reporting arrangements TOR s reviewed annually or when reporting changes are implemented Trust Board for committees of the Board Patient Safety and Quality Health Safety and Risk Clinical Quality Assurance Information Governance committee Board/Chair chair Sub-committee chairs As appropriate Page 24 of 30

26 (1) ELEMENT Item being monitored Reporting arrangements into the high level committees (2) LEAD Lead for monitoring this aspect Trust Secretary and committee chairs (3) TOOL Tool to be used for monitoring this aspect of the policy Review of approved TOR documents (4) FREQUENCY Frequency of reporting Annually or when committee structural changes are made (5) REPORTING ARRANGEMENTS Monitoring to be reported to: Trust Board Patient Safety and Quality (6) ACTION LEADS or lead individual who will take responsibility for implementing actions Trust Secretary and committee chairs (7) CHANGE IN PRACTICE How system or practice changes will be implemented As appropriate (8) LESSONS TO BE SHARED How lessons learned will be shared Risk Awareness Training for Senior Management Process for ensuring that all Board members and senior managers receive relevant risk management awareness training Process for follow-up of nonattendance at risk awareness training Trust Secretary for Board members; Corporate Training dept. for Senior Managers Trust Secretary for Board members; Corporate Training dept. for Senior Managers Board agenda s and minutes Statutory and Mandatory HR training records Board attendance minutes Statutory and Mandatory HR training records Annually Annually Chief Executive and Trust Chair for Board members; Patient Safety and Quality and Health, Safety and Risk for Senior Managers. Chief Executive and Trust Chair for Board members; Patient Safety and Quality and Health, Safety and Risk for Senior Managers. Executive lead for risk management Executive lead for risk management Follow-up through HR Statutory and mandatory training records Follow-up through HR Statutory and mandatory training records Risk Management Process Process for assessing all types of risk Directorate Risk Leads Minutes of meetings Quarterly/periodically Reports to: Health, Safety and Risk Directorate risk leads Include in committee terms of reference Page 25 of 30

27 (1) ELEMENT Item being monitored Authority levels for managing different levels of risk within the organisation. How risks are escalated throughout the organisation. Process for ensuring a continual, systematic approach to all risk assessments is followed throughout the (2) LEAD Lead for monitoring this aspect Chairs of Health, Safety and Risk and Directorate Governance Groups. Chairs of Risk s and Directorate Governance Groups. Chair of Health, Safety and Risk / Associate Director of Quality (3) TOOL Tool to be used for monitoring this aspect of the policy Directorate Risk Register Reports Report of risks scoring 15 or greater Directorate Risk Register Reports Report of risks scoring 15 or greater Risk Register summary report, by directorate Directorate Risk Management meeting minutes; (4) FREQUENCY Frequency of reporting Periodically Monthly Periodically Monthly Quarterly Monthly (5) REPORTING ARRANGEMENTS Monitoring to be reported to: Clinical Quality Assurance Information Governance Reports to Directorate Risk Group Health, Safety and Risk Trust Executive Patient Safety and Quality Reports to Directorate Risk Group Health, Safety and Risk Trust Executive Patient Safety and Quality Reports to Directorate Risk Group Reports to Health, Safety and Risk (6) ACTION LEADS or lead individual who will take responsibility for implementing actions Chairs Chairs Directorate risk leads; Chair of Health, Safety and Risk (7) CHANGE IN PRACTICE How system or practice changes will be implemented As appropriate As appropriate Requirement stated in directorate risk committee TOR s (8) LESSONS TO BE SHARED How lessons learned will be shared Page 26 of 30

28 (1) ELEMENT Item being monitored organisation (2) LEAD Lead for monitoring this aspect (3) TOOL Tool to be used for monitoring this aspect of the policy (4) FREQUENCY Frequency of reporting (5) REPORTING ARRANGEMENTS Monitoring to be reported to: (6) ACTION LEADS or lead individual who will take responsibility for implementing actions (7) CHANGE IN PRACTICE How system or practice changes will be implemented (8) LESSONS TO BE SHARED How lessons learned will be shared Risk Register Source of risks included on the risk register Chair of Health, Safety and Risk Chair of Patient Safety and Quality Incident reports Risk assessments Local risk registers Complaints Claims Coroners reports Periodically Quarterly Reports to Health, Safety and Risk and Patient Safety and Quality Directorate risk leads; Reviewed at Health, Safety and Risk Briefings at local directorate Governance Groups; Audits. Page 27 of 30

29 APPENDIX G EQUALITY IMPACT ASSESSMENT FORM In order to carry out an effective impact assessment it is important to examine all available data and research so that any adverse impact on disability can be properly assessed. 1. Name of function, strategy, project or policy 2. Name, job title, department, and the telephone number of staff completing the assessment form 3. What is the main purpose and outcomes of the function, strategy, project or policy. 4. List the main activities of the function, project/policy (for strategies list the main policy areas) Risk Management Strategy Laura Rowe, Compliance Manager Quality Directorate Tel: This policy sets out the trusts strategic framework in relation to risk management, describes the processes for managing risk, and outlines the responsibilities of staff to minimise risk and reduce harm. Compliance with relevant statutory, mandatory and professional requirements; The development of consistent and effective risk management structures Effective engagement of staff and patients in managing risk; Development of a learning culture to support improvements to the safety of services; Integration of risk management into all clinical and nonclinical processes to support the achievement of the trust s corporate objectives. 5. Who would benefit from the strategy/project/policy 6. Is it relevant to: - Race Relations Act - Sex Discrimination Act - Disability Discrimination Act - Employment Equality Regulations - Religion or Belief - Sexual Orientation - Age 7. Do you think that the function/strategy/project/ policy could have a negative or positive impact on : Race Disability Gender Religion Sexual Orientation All trust staff, patients, carers and volunteers. Yes Positive: (Give Reason) No Negative: (Give Reason) This policy has a neutral positive/negative effect on these criteria. Page 28 of 30

30 Age 8. How could you minimise or improve any negative impact? Explain how. 9. What consultation with relevant users on this project has taken place? 10. If there are gaps in your consultation and research, are there any experts/relevant groups that can be contacted to get further views or evidence on the issues. Please list them and explain how you will obtain their views. 11 a) Have you involved your staff in taking forward this impact assessment? 11 b) How have you involved the staff 12. In the light of all the information detailed in this form what practical actions would you take to reduce or remove any adverse/negative impact. N/A The policy has been reviewed with a number of advisers in the process of it being updated and reviewed. See paper front sheet. N/A N/A N/A Note: Any consultation detailed in the impact assessment must be undertaken within a 3 month period so that your action plan can address this specific function/ policy. Also it is your responsibility to ensure that feedback is provided to individuals/groups you have consulted with and update them on any actions which you may take to address the negative impact. If there is a negative impact that cannot be resolved you will need to complete a Trust Risk Assessment Form assessing the risks involved. To be signed by the Manager completing this form. Signed Date: Page 29 of 30