Add to collection(s) Add to saved
  1. Science
  2. Health Science

risk management policy - Cambridgeshire and Peterborough CCG

advertisement 
RISK MANAGEMENT POLICY
Approval Process
Lead Author:
Wendy Lefort
Quality & Governance Manager
Approved by:
Integrated Quality & Governance Business Committee
Ratified by:
Governance and Compliance Committee
Version:
1
Date ratified:
November 2011
Review date:
November 2013 or earlier if required by local or national
changes.
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 1 of 22
Document Control Sheet
Development
and
Consultation:
Policy developed in consultation with the Quality & Governance and
Corporate Services teams and endorsed by the Governance and
Compliance Committee
Dissemination
This policy will be disseminated to all services within the PCT via the
PCT website
Implementation
Policy implementation involves all staff, managers and will be
monitored by the Governance and Compliance Committee . The
communication requirements are set out in section 11
Training
Training will be provided to the directorate Risk and Safety
coordinators (see section 6)
Audit
The Risk Management system is evaluated through the objectives in
the Quality & Patient Safety Strategy.
Review
The document will be reviewed in November 2013 or earlier
dependent on local or national changes .
The Policy should be read in conjunction with:
 Health and Safety policy
 PCT Claims and Complaints policies
 Risk assessment guide
 Incident and Near Miss Reporting Guidance
 Guidance for Investigation of Incidents
 Procedure for Investigating Concerns about Professional
Performance
 Escalation Policy
 Disciplinary policy
 NPSA Serious Incident framework and PCT SI procedure
 Service Level Agreement for Risk Services with Anglia Support
Partnership
The Quality & Governance team have carried out a Rapid Equality &
Diversity Impact assessment and concluded the policy is compliant
with the PCT Equality and Diversity Policy
Links with other
polices and
procedures
Equality and
Diversity
No negative impacts were found.
Revisions
Version
Page/ Para No
Description of change
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Date approved
Page 2 of 22
TABLE OF CONTENTS
1.
INTRODUCTION ............................................................................................. 4
2.
PURPOSE AND SCOPE OF THE POLICY ..................................................... 4
3.
EXTERNAL REQUIRMENTS .......................................................................... 5
4.
RISK MANAGEMENT RESPONSIBILITIES .................................................... 5
5.
DEFINITION OF RISK ..................................................................................... 9
6.
OPERATIONAL RISK MANAGEMENT FOR THE PCT ORGANISATION .... 10
7.
HEALTH & SAFETY ...................................................................................... 15
8.
MONITORING OF SERIOUS INCIDENTS .................................................... 16
9.
RISK MANAGEMENT IN PCT SYSTEMS ..................................................... 16
10.
RISK MANAGEMENT AS PART OF ESCALATION POLICY .................... 16
11.
COMMUNICATION OF RISK MANAGEMENT POLICY ............................ 17
12.
EVALUATION OF RISK MANAGEMENT SYSTEMS................................. 17
APPENDIX 1 – ELEMENTS OF RISK MANAGEMENT ........................................ 18
APPENDIX 2 - MANAGEMENT OPTIONS FOR DEALING WITH RISKS ............ 19
APPENDIX 3 - RISK MANAGEMENT IN COMMISSIONING ............................... 20
APPENDIX 4 – STRUCTURE FOR MANAGEMENT OF RISK ............................ 22
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 3 of 22
1.
INTRODUCTION
NHS Cambridgeshire (NHSC) and NHS Peterborough (NHSP) (the PCT) are
committed to ensuring that risk management is an integral part of the PCT’s role of
improving the health of the local population and ensuring an outstanding level of
patient safety through commissioning high quality services that meet the needs of
local people.
To this end the PCT must ensure:

Risks within the organisation are identified, assessed, treated and monitored as
part of the corporate and clinical governance of the PCT

All elements of the commissioning process, including needs assessment,
tendering, contract management and evaluation, include robust risk assessment
and monitoring mechanisms
Risk management is a continuously evolving process and engagement of all staff and
partners is essential for its successful implementation. Therefore the PCT will work
with its partners to promote robust risk management systems across the whole health
and social care economy, working towards improving patient safety and learning from
all incidents.
It is not the intention of the PCT to use risk management to stifle risk taking and
innovation. Risk is inherent in all activity. The risk management systems ensure that
risk is identified. In many cases the level of risk will be deemed acceptable as part of
the overall impact of the project or process.
2.
PURPOSE AND SCOPE OF THE POLICY
Effective management of potential risks enables organisations to focus effort on high
quality commissioning and working towards health improvement.
The benefits of proactively and robustly managing risk include:

Improved decision making, planning and prioritisation

Support for efficient resource allocation and delivery of business plan

Anticipation and management of possible areas of financial, corporate and clinical
concern

Identification and action planning for project development
To manage risk effectively, the commitment and participation of all staff and the
support of the Boards is required. The PCT’s policy therefore involves creating an
awareness and responsibility for the principles of risk management both as an
organisation and as part of the commissioning process. The policy is supported at
Board level and aims to complement and support the corporate strategy
In the same way, the PCT requires the organisations it commissions to use effective
risk management within their organisations.
The processes used to manage risks in the PCT are based principally on the process
set out in the AZ/NZS 4360, 1999 Risk Management Standards (appendix 1) of
Identification, Assessment, Treatment and Monitoring.
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 4 of 22
3.
EXTERNAL REQUIRMENTS
In addition to the operational need for good risk management, there are a number of
external drivers which require organisations to develop and implement robust risk
management systems. These include:

Health & Safety legislation - governs statutory responsibilities for all employers
and provider of services to the public

The Care Quality Commission (CQC) – assesses the quality of health and
social care organisations through the requirements for registration

The NHS Litigation Authority Risk Management Standards – ensures that
organisations achieve the requirements for robust risk management in the NHS
This affects the premium paid on PCT CNST (Clinical Negligence Scheme for
Trusts) and RPST (Risk Pooling Scheme for Trusts) scheme contributions.
Commissioning PCTs are not required to show compliance with the NHSLA
standards. However, the PCT use these standards as an exemplar of best
practice for risk management.

Statements of Internal Control - the formal statement published with the annual
accounts, which declares compliance within a framework of controls
4.
RISK MANAGEMENT RESPONSIBILITIES
All staff have responsibilities for risk management within the organisation. Specific
responsibilities are given below.
4.1
PCT Boards
The PCT Boards are responsible for:

Ensuring that a robust strategy is in place for identifying, reviewing and managing
all types of significant and high level risk as set out in the Board Assurance
Frameworks (BAFs).

Reviewing any significant resource allocations requested for the execution of the
policy, either within the business plan or in ad hoc proposals.

Ensuring that management spreads understanding of the policy throughout the
PCT’s staff and among partners, and itself demonstrates commitment to the
policy and its dissemination.
4.2
The Governance & Compliance Committee (NHSC) / Audit &
Governance Committee (NHSP)
The Governance Committees has responsibility for monitoring the implementation of
the risk management policy and for ensuring that the PCT Boards are assured of the
adequacy and effectiveness of the policy
It ensures robust systems are in place and operating effectively for the identification,
assessment and prioritisation of potential clinical risk, both within the organisation
and in commissioned services and independent contractors.
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 5 of 22
4.3
The Audit Committee (NHSC) / Audit & Governance Committee (NHSP)
The Audit Committees report directly to the PCT Boards and is responsible for:

Maintaining direct oversight of all risks, including generic risks, specific risks
arising from PCT strategic plans, and risks to financial processes and control.

Reviewing the effectiveness of risk management arrangements through the
deployment of audit time and the review of resulting reports.
4.4
The PCT Senior Leadership Team
The Senior Leadership Team (SLT) has the responsibility to review the BAFs and the
directorate risk registers on a regular basis to ensure action plans are progressing
and the BAFs are kept up-to-date so that it can inform decision making within the
PCT. Any high or extreme level risks from the directorate risk registers are escalated
to the BAFs.
4.5
Supporting Committee Structures
Other committees within the PCT also have a role in risk management:

Decision Making Group


Information Governance Steering
Group
HR and Workforce Development
Groups

Medication Governance and Safety
Group

Finance & Performance Committee

Quality & Patient Safety Committee

Emergency Planning Sub-Group

Clinical Quality Reviews (CQRs)
4.6
Lead Officers
The Chief Executive has overall accountability for having an effective Risk
Management system in place within the PCT and for meeting all the statutory
requirements and adhering to the guidance issued by the DH in respect of
Governance.
The Director of Corporate Development and Performance is the executive
director for risk management and the Senior Information Risk Owner (SIRO). The
director is the member with delegated responsibility for leading the organisation in
responding to Risk and Health and Safety, ensuring systems are in place to manage
Health & Safety and that the PCT complies with Health & Safety legislation, including
the legal requirements for fire safety. The director is responsible for all business risks
including commissioning, finances, control of assets, provisions for liabilities, and
general Controls Assurance. The director will report through the Audit Committee on
all non-clinical risk management activities.
The Chair of the Governance and Compliance Committee is the NHSC nonexecutive lead for risk management.
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 6 of 22
The Medical Director is the Caldicott Guardian and the Board member with
delegated responsibility for aspects of clinical risk management, ensuring quality and
governance systems are in place and inclusion of risk management processes in
commissioning mechanisms.
4.7
Directorate Leads
All Directors have delegated responsibility for management of risk within their
directorate as set out below.
Directorate leads have responsibility for:

Ensuring regular risk assessment is carried out within the directorate, with action
plans developed, implemented and monitored specific to the risks of the local
service

Ensuring identified risks are managed using the directorate risk register, and
details of significant and high level risks are added to the BAFs

Implementation of requirements of PCT risk management policies and
procedures, including health and safety, and incident reporting

Identification of risk management training needs for staff and support for staff to
attend the relevant sessions

Appointing a member of staff from the directorate to act as risk co-ordinator to
raise awareness of risk management issues and systems and link with the PCT
risk team.

Promotion of an open culture in which staff feel able to report incidents. The PCT
encourages, and takes a positive and non-punitive approach to reporting. Where
reporting highlights a development area for an individual, the PCT will work with
the individual in a positive way to improve the situation. The exceptions to this are
when malicious, criminal or gross/repeated professional misconduct is involved

Highlighting concerns in commissioned services where there is potential
significant risk that requires assessment and management.
4.8
Line Managers
Risk Management is the responsibility of all staff. Therefore, line managers must
support staff to be proactive in the management of risk by promoting risk assessment
and incident reporting in their area, including identifying, assessing, and dealing with
any risk issues affecting their staff. Line Managers are responsible for taking action
on incidents reported by their staff.
All managers and staff need to acknowledge that the overall level of risk within the
PCT will be reduced if everyone adopts an attitude of openness and honesty. The
overall approach within the PCT will be one of help and support to each other, rather
than recrimination and blame. The PCT Boards are committed to this approach.
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 7 of 22
4.9
Staff Responsibilities
Proactive management of risk is the responsibility of all members of staff. Therefore
each member of staff should:

Be aware of risk issues at all times

Notify managers of any risks
identified

Comply with incident reporting
policies and procedures

Comply with Health & Safety
requirements

Participate in risk assessment
programmes relevant to the
post/specialty

Initiate action, within their sphere of
responsibility, to prevent or reduce
the adverse effects of risk.

Be aware of emergency procedures
4.10
Contractors and External Staff working in the PCT
Contractors and other external staff must be made aware of their responsibilities
under health & safety and PCT risk management procedures by the PCT manager
responsible for their contract.
4.11
PCT Hosted Services
Units that are hosted by the PCT must comply with Health and Safety and PCT Risk
Management requirements. There must be a named lead with responsibility for these
areas. The PCT and its hosted units will work collaborately to ensure robust Health
and Safety and Risk Management systems are in place and there is evidence of
compliance.
4.12
Specialist Support
Anglia Support Partnership (ASP)
Anglia Support Partnership currently provide the risk management support for claims,
complaints, incident reporting, patient safety alert distribution and risk management
training. The PCT also has access to a named approved competent person to
provide risk management advice for general risk issues, health and safety and
security and fraud management.
All support services
Where functions are contracted out to other organisations and support services, that
agency will nominate leads who have direct responsibility for ensuring that they
deliver services which comply with the Health & Safety legislation, CQC requirements
and the NHS Litigation Authority Risk Management Standards as appropriate.
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 8 of 22
5.
DEFINITION OF RISK
This policy is based on the following simple definitions:
Risk is defined as the possibility of loss or injury and is measured using the
likelihood that harm or damage may occur and the consequence / severity of
the outcome.
Risk Management is 'a systematic process to identify and control risks in the
activities of the PCT to the benefit of service users, staff and the public'.
Risk Management is about improving quality and reducing harm. It is not confined to
clinical practice and encompasses health and safety for clients, patients, visitors and
staff, as well as environmental issues. It is not limited to physical injury but includes
financial damage and psychological harm.
Examples of the types of risk the PCT might encounter and needs to protect against
include:

Corporate risks ~ operating within powers, fulfilling responsibilities, accountability
to public

Risks to Reputation ~ associated with quality of services, communication with the
public and staff, patient experience

External risks ~ political, environmental, social, environmental, meteorological

Clinical risks ~ associated with service standards, competencies, complications,
equipment, medicines, staffing, patient information

Health and safety risks ~ ensuring the well being of staff and patients whilst
providing or using our services

Commissioning risks ~ associated with decisions whether to purchase services or
not – to the individual, to financial stability, to opportunities to improve health

Business Risks ~ associated with managing the affairs of the PCT, financial and
investment decisions, human resources, information and IT management, fraud,
internal management, achieving objectives.

Risks to Assets ~ security, protection, optimum use, maintenance, replacement
Appendix 2 sets out the options available to manage the risks, each of which has an
effect on final exposure to risk. Each option has implications for the optimisation of
resources and the availability of assets. In general, the aim is to reduce the
consequences of un-assessed or unmanaged exposure to risk.
Strategic Risks would include such areas as:

The PCT’s vision, its objectives and the risks attached to them

Serious clinical failure in service redesign and commissioning intentions

Finance – failure to achieve financial balance, serious failure of probity

Failure to deliver major targets

Population growth
Business Risks would include any areas which threaten the ongoing business
model of the PCT including the loss of corporate memory, changes in organisational
structures or non-compliance with standards and legislation
Operational risks include risks relating to the day-to-day management of the PCT
necessary for the ongoing service delivery.
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 9 of 22
6.
OPERATIONAL RISK MANAGEMENT FOR THE PCT ORGANISATION
The management of risk involves identification, assessment, treatment and
monitoring of all types of risks (see appendix 1). The following systems are in place
to support these processes.
6.1
Policies, Procedures & Guidelines
The risk management policy is supported by a range of procedures and guides giving
further detail of the operational aspects of risk management issues.
The Governance and Compliance Committee will ensure that these policies and
procedures are up-to-date, issued to those who need to use them, and received,
read and understood by those people and put into action as required.
In addition, audits will be undertaken to ensure staff understanding and compliance.
Supporting documents include:

Health and Safety policy

PCT Claims and Complaints
policies

Risk Assessment guide

Incident and Near Miss Reporting
Guidance

Guidance for Investigation of
Incidents

Procedure for Investigating
Concerns about Professional
Performance

Procedure for Raising concerns

Disciplinary policy

NPSA Serious Incident policy and
PCT SI policy and procedure

PCT Escalation Policy
6.2
Risk Assessment
Any new projects or services need to identify and assess potential risks to ensure
effective management is in place, decisions are made taking account of these risks,
and organisations maintain an optimal balance of risk, benefit and cost. Services
should also carry out risk assessment when major changes are made or incidents
occur. For these assessments only the areas where change is being made need to
be assessed.
It is a legal requirement to carry out certain risk assessments on a regular basis.
Further details are given in the trust Fire and Health & Safety policies.
Risk assessments should also be carried out when an issue has been raised, either
as an incident or near miss, and there concern that the incident may re-occur. A risk
assessment may also be used to support decision making by analysing risks and
benefits of differing courses of action.
The objective of risk assessment is to identify and manage risk. It is not used to
prevent a project or service taking place. Risk is inherent in all activity. Organisations
should not be risk adverse, but risk aware. In many cases the level of risk identified
will be deemed acceptable as part of the overall impact of the project or service.
Risk assessment should be carried out at all levels within the PCT, from Board to
directorate to team. Each risk assessment will feed into the next level to provide a
hierarchy of risks. Risk assessment is the first stage in risk management, and
identifies and assesses actual and potential risks which can then be treated and
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 10 of 22
monitored. All risk assessments should be fully documented and entered onto the
risk register.
The process of risk assessment should involve all directorate or team members.
Training and facilitation to support risk assessment is available from the Quality &
Governance team and from Anglia Support Partnership.
Where a risk rating exceeds a defined threshold (as set out in the Incident Reporting
guide), it will be escalated to the next level within the risk management responsibility
hierarchy. This hierarchy enable the Risk Management decision to occur as near as
practicable to the risk source.
At the identified level, the responsible manager or committee will treat the risk by
taking appropriate action (see appendix 2). Significant and high level risks are
monitored at Board level, using the BAFs.
Further details are given in the trust Risk Assessment Framework (Risk assessment
framework).
6.3
Incident Reporting
Incident Management includes processes for reporting and investigation of any
incidents or near misses that occur in an organisation. Research has shown that the
more incidents that are reported the more information is available about any
problems, and the more action can be taken to make healthcare safer. The benefits
of incident and near miss reporting include:
 Identifying trends across organisations that may not be apparent for one
organisation
 Pre-empting complaints
 Making sure areas of concern are acted on
 Targeting resources more effectively
 Increasing awareness and responsiveness
The PCT requires all its own staff to report incidents and near misses using the
Incident and Near Miss Reporting Guidance. Most incidents relate to system failure
rather than individual mistakes. Incident reporting needs an open and fair culture so
staff feel able to report problems without fear of reprisal and know how to resolve and
learn from incidents.
The PCT is using the DATIX web-based system of reporting, and this is promoted to
all staff. This system ensures action and learning is captured.
Managers at all levels have an important part to play in risk management by ensuring
that they promote the use of the incident reporting systems and they respond quickly
and decisively to any reports of adverse incidents or complaints by staff or service
users. The authority to act on incidents is dependent on the risk score, with
managers having responsibility to act on low or medium risks. Significant or high level
risks are escalated to senior managers and reviewed by the PCT Boards. For further
details, refer to section 5 of the Incident and Near Miss Reporting Guidance.
The person reporting a risk or incident will be given feedback on any action taken,
with some clear indication as to how that particular risk situation has dealt with.
The risk management team review and collate all incidents and learning is discussed
and disseminated in the appropriate fora (for details of supporting risk committees
see section 4.5).
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 11 of 22
The PCT is committed to supporting their staff in exercising their roles and
responsibilities, and re-affirms that where an incident has occurred, no disciplinary
action will be taken against staff who have exercised reasonable judgement and
have followed the appropriate PCT policies and procedures.
6.4
Serious Incidents (Sis)
The National Patient Safety Agency has defined certain incidents as Serious
Incidents (SIs). These include

an accident or incident where a person to whom the PCT owes a duty of care
staff, patients, service users, clients, contractors, visitors) suffers or could
potentially have suffered a serious injury, major permanent harm or unexpected
death that is not part of the disease process or current care delivery.

an incident where there is damage or potential damage to the organisation’s
assets that will cause a significant disruption in services or an enforcement notice
that will result in prosecution.

an incident where there is police involvement or media interest.
There are regional requirements for the reporting and investigation of SIs, including
timescales and requirements for reporting. If a member of staff or directorate thinks
an incident may meet the definition of a SI, they should report this immediately to the
manager on duty, and complete and return a SI form, as set out in the PCT SI
procedure.
6.5
Investigation of Incidents
An incident reporting system is of little use on its own. All incidents need to be
reviewed so that changes can be made to prevent re-occurance if necessary. The
type of investigation is dependent on the grade of the incident and may be at local,
directorate or organisational level. Investigation should include all relevant
stakeholders so a solution that is acceptable and workable across all areas can be
developed. Further details are given in the Guidance for Investigation of incidents
(Incident Investigation Guidance).
The member of staff leading the investigation also have responsibility for following up
relevant action plans to ensure any recommendations have been carried out. Any
learning from the incident investigation should be passed to the PCT Risk team to
ensure this can be shared with all appropriate stakeholders.
6.6
Learning from incidents
The PCT risk team review and collate all incidents and ensure learning is discussed
and disseminated as appropriate.
Information from all risk management systems, including incidents, complaints,
claims and PALS contacts, is presented by providers and reviewed at CQRs.
Analysis covers type and severity of incidents, linking of events occurring in the same
organisation, review of patient and staff feedback, and trends of type and location of
event.
SI intelligence and learning is presented to the Quality & Governance Committee.
The committee is empowered to request investigation or action from members of staff
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 12 of 22
or directorates if individual incidents or analysis of risk data highlights a concern.
Relevant learning from the group is disseminated to the relevant stakeholders in a
variety of methods including website, e-mail and newsletter.
6.7
Directorate Risk Co-ordinators
Each directorate has a nominated Risk co-ordinator who is responsible for:

Reviewing risks reported by directorate staff.

Discussing with managers what investigation will be carried out and who will lead
this (the lead is not responsible for carrying out or reporting on investigations).

Supporting directorate staff in carrying out risk assessments.

Updating the risk register following review of risks at directorate team meetings.

Uodating incidents on the DATIX incident reporting system

Linking with the PCT Quality & Governance team on all directorate risk matters.
All co-ordinators will receive training in risk assessment and review.
6.8
Incidents reported concerning other organisations
Any incidents reported concerning other organisations should be discussed in the
first instance with your manager and the PCT risk team so that a decision about any
action / dissemination can be taken.
6.9
Support for staff
Some types of incident, particularly SIs, may be stressful or traumatic for staff
involved in reporting, investigation or taking action.
A competent, confidential occupational health advice service is available to all staff of
the PCT. Staff may refer themselves for advice or be referred by their line manager.
For further information contact a member of the Human Resources Department.
The PCT provides access to a free helpline counselling service which is independent
and confidential. The helplines are open 24 hours a day every day of the year and
staff are able to speak in confidence to an adviser. Contact HR for further
information.
If a member of staff is experiencing difficulties associated with the incident, managers
should provide support in line with the Stress at Work policy.
6.10
Dissemination of risk management documents
The various documents that support Risk Management in the PCT are available on
the PCT websites and are highlighted at induction. Any changes to policy and
guidance are discussed in the staff newsletter. The Risk Manager also disseminates
risk updates to staff via the directorate risk co-ordinators.
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 13 of 22
6.11
Evaluation
The Qaulity & Governance team present exception reports on risk issues at the
Governance and Complaince Committee. Performance against KPIs in the Risk
Management Policy are monitored by the Quality & Governance Business Meeting.
6.12
Issues concerning colleagues
If a member of staff has a concern about a colleague or other professional, this
should not be raised through the incident reporting system. The principles of the PCT
policy on Raising Issues of Serious Concern at Work should be followed (Raising
Issues of Serious Concern at Work).
6.13
Risk Register
The PCT uses the BAFs and the directorate risk registers to prioritise and manage
risks. The risk registers enables risks to be assessed against each other, and
provides a basis to facilitate decision-making regarding risk control and resource
allocation. Appendix 4 shows the links between BAFs and risk registers and the
structure for development and management of these registers.
The risk registers requires each risk to be analysed in order to assess what is the
likelihood of it recurring and what the likely impact would be, resulting in a score for
that risk. The process is then repeated taking into an account any action taken to
manage the risk.
The risk registers capture data from a variety of sources including:

PCT objectives

Medical records

Incident reports

Fire reviews

Controls assurance baseline
assessments and action plans

Claims and complaints


Task/process analysis
Consultation and observation


Equipment purchase I modification
Surveys, inspections, assessments
and audit

Preventative maintenance Issues

Contingency and major incident
plans, and disaster recovery

National initiatives

Financial information and risks

Benchmarking

Risk assessments
They identify:

Risks that the PCT can control directly and plan to set up control mechanisms to
reduce the possibility of the events occurring.

Risks to which the PCT is exposed but cannot directly influence

Plans to reduce the impact on staff, service users and the organisation
The BAFs and risk registers are structured in such a way as to ensure that legal
requirements are met.
The directorate leads are responsible for keeping the details of their directorate risk
up-to-date in the risk register, with current action plans and risk scores, and in
presenting any high or extreme risks at the SLT.
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 14 of 22
Significant and high level corporate risks from the risk register are reported to and
monitored by the PCT Boards via the BAFs.
6.14
Funding of Risk Management
Risk Management is an integral part of the PCT’s business. PCTs have overall
responsibility for the provision of an effective risk management service. This will be
discharged through a combination of internal provision and buying in through shared
services or similar arrangements.
6.15
Training
All employees will have access to risk management and health & safety information,
instruction and training. The level and nature of the training will vary according to the
local need. Risk management and incident reporting are introduced in the corporate
induction training.
All risk co-ordinators will receive training in basic risk management.
7.
HEALTH & SAFETY
The Health and Safety Commission and Institute of Directors have issued a guide,
Leading Health Safety at Work (INDG417) identifying leadership actions for Directors
and Board members
This describes best practice concerning top-level involvement in, and direction of,
occupational Risk Management. It makes it quite clear that Board members are
collectively responsible; including elected co-opted and non-executive Board
members. The guide advises that one Board member be appointed to have the lead
in this area. The responsibilities of the Boards in regard to Health & Safety are:

The Board should accept formally and publicly its collective role in providing
health and safety leadership within the PCT

Each member of the Board needs to accept his/her individual role in providing
health and safety leadership for the PCT.

The Board needs to ensure that all Board decisions reflect its health and safety
intentions as articulated in the Health and Safety Policy statement

The Board needs to recognise its role in engaging the active participation of
employees in improving health and safety

The Board needs to ensure that it is kept informed of, and alerted to, relevant
health and safety Risk Management issues. The Board should appoint one of
their number to be the 'Health and Safety' Director
All staff have a duty under Health and Safety legislation:

To take reasonable care of their own safety and the safety of others who may be
affected by the PCT’s business

Comply with all PCT rules, regulations and instructions to protect health, safety
and welfare of anyone affected by the PCT’s business

Not to either intentionally or recklessly, interfere with or misuse any equipment
provided for the protection of health and safety
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 15 of 22

Be aware of emergency procedures e.g. resuscitation, fire precaution and
evacuation procedures relevant to your department

To highlight their concerns about any risk issue, either directly to their manager,
or their appointed health and safety representative
The PCT has access to competent advice for Health and Safety (as required by the
Health and Safety at Work Act) via ASP.
8.
MONITORING OF SERIOUS INCIDENTS
The PCT has a responsibilty to montior the management of SIs reported to the
organisation by its provider services, with a particular focus on maximising benefit
from lessons learnt.
The PCT SI policy gives details of the commissioner’s responsibilities for
management of SIs reported to the PCT. These responsibilities are taken from the
NPSA National Framework for Reporting and Learning from Incidents Requiring
Investigation, April 2010 (the NPSA framework). The SI procedure sets out the local
requirements supporting the NPSA framework.
9.
RISK MANAGEMENT IN PCT SYSTEMS
Risk Management is an integral part of all process within the PCT. Documented risk
assessments and risk management plans are required as part of project initiation
documents (PIDs) and business case applications.
This information should also be included in PCT stratgeic documents including the
PCT Business Continuity & Emergency Planning plans, the Information Governance
strategy and Research Governance framework.
Policy development requirements include the need for consideration of risks,
assessment of Equality and Diversity impact, and information about the PCT incident
reporting system.
Details of the processes for risk management in commissioning are given in
appendix 3.
10.
RISK MANAGEMENT AS PART OF ESCALATION POLICY
PCTs are accountable for ensuring and demonstrating high quality services and
ensuring the most effective and efficient use of resources. NHSC and NHSP have a
variety of mechanisms for monitoring performance, quality and safety, and have
information relating to performance collected from these processes. If a concern is
raised within the commissioning PCT or with any provider, it is essential this is
managed within the context of all available information.
The PCT Escalation Policy ensures that when potential and actual non compliance is
identified action is triggered to ensure concerns are addressed at the earliest
opportunity. It provides a structured process to trigger and escalate concerns in a
managed way, and to support both individual staff and the organisation in adopting
the appropriate response dependent on the risk and the context of that risk in the
overall knowledge base.
The assessment and management of risk for concerns raised through the Escalation
Policy is based on the principles set out in this Risk Management Policy.
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 16 of 22
11.
COMMUNICATION OF RISK MANAGEMENT POLICY
This policy will be circulated to all management teams to be cascaded onwards to
individual members of staff. The document will be made available for staff and users
and other stakeholders through the PCT website.
The PCT has mechanisms in place in order to ensure that:

staff can raise issues of concern with their manager(s)

staff are consulted on proposed organisational or other significant changes

managers keep staff informed of progress on relevant issues

service users, their relatives, carers and advocates can identify points of concern
or worry by using the complaints process or PALS service

the media are accurately advised of developments in the PCT
The PCT principles of risk management are communicated to independent
contractors and commissioned organisation through commissioning mechanisms and
contract requirements.
12.
EVALUATION OF RISK MANAGEMENT SYSTEMS
The Quality & Governance team present exception reports on risk issues at the
Governance & Compliance / Audit & Governance Committees. The Corporate
Governance team also report on Health and Safety issues to the Governance
Committees.
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 17 of 22
APPENDIX 1 – ELEMENTS OF RISK MANAGEMENT
Identification, assessment, Treatment & Monitoring of Risk
The following sections describe the stages of risk management within the PCT. The
diagram below (taken from AS/NZS 4360/1999) below summarises the process:
Establish Context





Strategic context
Organisational context
Risk Management context
Develop criteria
Decide the structure
Identify Risk


What can happen
How can it happen
Analyse Risk
Determine
Consequence
Determine
Likelihood
Monitor & Review
Communicate & Consult
Determine existing controls
Estimate level of risk


Process Risk
Compare against criteria
Set risk priorities
Accept
risk
Treat Risk
Assess
 Identify treatment options
Risk
 Evaluate treatment options
 Select treatment options
 Prepare treatment options
 Implement plans
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Yes
Page 18 of 22
RISK ~ Prior to considering the response to a risk (e.g. transfer, retain, accept, etc.) the PCT will need to decide the
level of risk it is willing to accept for a perceived benefit. The degree to which risks are considered acceptable may be
specific, relating to a particular issue or generic, focussing on the total risks which the PCT is prepared to accept.
APPENDIX 2 - MANAGEMENT OPTIONS FOR DEALING WITH RISKS

ACCEPT ~ is the most passive form of Risk
Management. Once chosen the risk requires no further
resource investment.
RETAIN ~ the PCT needs to prepare for the worst of
most likely outcome in its current plans be setting aside
resources to meet the loss or by providing a
contingency within the current resources.
TRANSFER ~ if a risk can be measured in financial terms
it may be possible to insure against it, e.g. through
CNST. In this case the only retained risks are the
premium policy excesses and the uninsured costs.
MITIGATE ~ once damage or a loss event has begun, it
may be possible for the PCT to mitigate or exercise
damage limitation.
CONTROL ~ if the PCT is aware of possible risks or
losses, exposure can be limited through control.
PREVENT ~ knowing that a situation is likely & can be
subject to intervention gives the PCT the option of taking
preventative action.
AVOID ~ halting the line of business or activity can be the
most drastic option in Risk Management, however,
occasionally it may need to be considered.
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 19 of 22
APPENDIX 3 - RISK MANAGEMENT IN COMMISSIONING
The PCT has embedded the principles of improving patient safety and reducing harm
through robust risk management in its commissioning mechanisms.
Risk management in built into service developments, business plans and service
redesign. This includes risk identification and assessment, and planning for
management of risks.
Commissioned services are required to have risk management systems that involve
risk assessment, incident reporting mechanisms, complaints procedures, and risk
trend analysis and learning. Patients must be involved in the review of learning to
support improvements in patient safety.
Risk Assessment
Risk assessment is a vital part of service development and service redesign. Risk
assessment is built in to the business case application and tendering processes.
A risk assessment guide is available for staff developing business cases based on
the principles set out in the PCT Risk Assessment guide. This is based on NPSA
guidance which uses process mapping techniques, together with 3 questions for
assessment: What can go wrong?, How Bad How Often?, Is there a need for action?
Care should be taken when that risk assessment does not stifle risk taking and
innovation. Risk is inherent in all activity and identified risk can be accepted and
managed.
Risk Management in Contracts and Service Level Agreements
Risk management is built into all contracts and service level agreements. This
includes:

Safety elements of CQC

Reporting of Serious Incidents including regular updates and final report with
recommendations and action plan

Reporting of trends of incidents, compliant and claims

Governance requirements, including a CQC assurance framework

Involvement of patients in using learning from incidents to improve patient safety

Compliance with the NHS Litigation Authority Risk management Standards.
Monitoring risk in commissioned organisations
Commissioned organisations are required to report on trends in incident reporting
every three months. These reports are reviewed and interrogated at the Clinical
Quality Reviews for each organisation. Incidents from services not covered by
contract monitoring groups, such as independent contractors and GPSIs, are
reviewed and interrogated at the PCT Incident Learning Group.
Promotion of risk management to Independent Contractors
Independent Contractors have a responsibility to record, review and learn from
significant events within their organisation. They are not currently required to share
this information with the PCT.
Valuable learning is lost when such intelligence is not shared between organisations.
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 20 of 22
The PCT will continue to promote risk management and standardised incident
reporting with Independent Contractors, including incident reporting, risk assessment
and significant event analysis.
Dentists and GPs are required to register with the CQC, by April 2011 and April 2012
respectively. As part of registration they will have to report certain types of incident to
the CQC. This requirement will increase awareness of risk management systems and
provide learning from IC incidents.
Managing professional performance issues
Any reported incidents that give rise to concerns about professional performance are
discussed with the Medical Director and the Professional Performance Manager. The
PCT has a procedure for dealing with such concerns and this would be used if
deemed appropriate.
Risk Management with partner organisations
The PCT has a duty to work with partners to improve the health of the local
population. It will ensure that any work carried out across the health and social care
economy adheres to the PCT principles of robust risk management.
Acting on Incident information
The PCT receives information about incidents and adverse events from a range of
sources. One organisation may details relating to a problem within another
organisation. The PCT must ensure it investigates these incidents in an open and
proportional manner that does not prejudice either organisation.
Unforeseen Risks in the Commissioning Process
The commissioning mechanisms within the PCT are continually developing, and
some incidents may occur that are unforessen or not encounted previously. The PCT
will investigate such events and ensure learning is fed back into the commissioning
process to enable similatr risks to be identified and managed.
Risk Management in Transition
As the changes in commissioning in the NHS come into force, the Clinical
Commissioning Groups should use the same robust risk management principles as
set out in this policy.
There are various tools available to support CCG groups in the use of risk
assessment for decision making, including PCT, DH and NPSA guides. CCG leads
should be given the opportunity to access training and support to ensure risk
assessment is built into their process
NHSC/NHSP Integreated Risk Management Policy Nov11 v 1
Page 21 of 22
APPENDIX 4 – STRUCTURE FOR MANAGEMENT OF RISK (TAKEN FROM BAF V5B JAN 11)
Clinical Quality Reviews
Risks
identified
through
PCT Senior
Leadership
Team Monthly
Review of Risks
and BAF Action
Plan
Directorate Risk Registers
Serious Incidents/ Complaints
/Poor Performance
Soft intelligence e.g. Stakeholder
meetings & Public consultation
Clinical Risks
overseen by
Quality &
Patient Safety
Committee /
Governance &
Compliance
Committee
PCT Board Assurance
Framework
Overview by Audit
Committee Quarterly
Assurance to Board
106753505
Cambridgeshire PCT
Page 22 of 22
v 2.1
Finance &
Performance
Risks
overseen by
Finance &
Performance
SubCommittee
Risks identified by
PCT Boards
Related documents
PCT/WG/6/13
PCT/WG/6/13
Model of communication for GP Practices – Patient Leaflet
Model of communication for GP Practices – Patient Leaflet
Procalcitonin in systemic infection and sepsis: clinical utility and
Procalcitonin in systemic infection and sepsis: clinical utility and
Procalcitonin Update
Procalcitonin Update
Delegation to Unlicensed Assistive Personnel Competency
Delegation to Unlicensed Assistive Personnel Competency
Training Content
Training Content
Download
advertisement