NHS Greater Glasgow & Clyde Risk Management Strategy
Risk Management
Strategy
Lead Manager:
Head of Clinical Governance
Responsible Director:
Chair of RMSG
Approved by:
RMSG
Date approved:
Jan 2010
Date for Review:
3 years
Replaces previous version:
Feb 2007
[if applicable]
1 of 11
NHS Greater Glasgow & Clyde Risk Management Strategy
Contents
Glossary of Terms
1. Why is risk management so important to us?
2. What is the purpose of the Risk Management Strategy?
3. What do we want the strategy to achieve?
4. Organisational Arrangements
5. What is our approach to risk management?
2 of 11
NHS Greater Glasgow & Clyde Risk Management Strategy
Glossary of Terms
Assurance. Stakeholder confidence in our service gained from evidence showing that risk is well
managed.
Corporate Risk Register. A Board level register, which spans all units on a Pan-Board basis.
Healthcare Governance. The system by which NHS Greater Glasgow & Clyde is directed and
internally controlled to achieve objectives and meet the necessary standards of accountability,
probity and openness in all three areas of clinical, corporate and staff governance.
Internal Control. Corporate governance arrangements designed to manage the risk of failure to
meet NHS Greater Glasgow & Clyde’s objectives.
Likelihood. Chance of circumstances in question actually occurring.
Near Miss. An undesirable incident that by chance or design did not result in harm or loss.
Incident. An adverse event which causes or may have caused physical or psychological harm.
Incident Recording. The system of reporting adverse events or near misses.
Partnership. Way of working where staff at all levels and their representatives are involved in
developing and putting into practice the decisions and policies which affect their working lives.
Risk. The likelihood, high or low, that somebody or something will be harmed by an unwanted
event or incident, multiplied by the severity of the potential harm. Risks are measured in terms of
their likelihood and consequences.
Risk Assessment. The systematic process to identifying risk and evaluating their potential
likelihood and consequences.
Risk Control Measure. Something done to minimise risk to an acceptable level either by reducing
the likelihood of an adverse event or the severity of its consequences or both.
Risk Register. A database of risks. Always changing to reflect the dynamic nature of our risks and
our management of them. Its purpose is to help managers prioritise available resources to
minimise risk to best effect and provide assurances that progress is being made.
Risk Escalation. The process of delegating upward, ultimately to the board, responsibility for the
management of a risk deemed to be impossible or impractical to manage locally.
Risk Management Principles. Ideology for the implementation of risk management.
Risk Management. The culture, processes and structures that are directed towards realising
potential opportunities whilst managing adverse effects.
Root Cause Analysis. Structured techniques to establish the true systematic causes of an event
as opposed to its apparent causes.
Significant Risk. Broadly, any risk that could adversely affect achievement of NHS Greater
Glasgow & Clyde's objectives or present a large loss with no clear opportunity for control.
Statement of Internal Control. A statement by the accountable officer within the published Annual
Report, required by HDL(2002)11, on the effectiveness of NHS Greater Glasgow & Clyde's
systems of internal control, for which risk management is a key component.
3 of 11
NHS Greater Glasgow & Clyde Risk Management Strategy
1. Why is Risk Management so important to us?
NHS Greater Glasgow & Clyde aims to provide high quality and safe services to the public it
serves in an environment which is also safe for the staff it employs or contracts with to provide
services.
In fulfilling this aim, NHS Greater Glasgow & Clyde will establish a robust and effective framework
for the management of risk, one that is proactive in understanding risk, builds upon existing good
practice and is integral to all our decision making, planning, performance reporting and delivery
processes.
The framework
is built on the belief that Risk Management is:
An important activity to ensure the health / well being of patients, staff and visitors.
An inclusive and integrative process covering all risks, set against a common set of
principles.
Best implemented where good practice is acknowledged and built upon.
A major corporate responsibility requiring strong leadership and regular review.
We believe that the provision of high standards of health, safety and welfare within a risk
management framework is fundamental to the provision of high standards of health care.
To fulfil this requirement we will:
• Develop a culture, which secures the involvement and participation of all - staff, patients and
the public - in risk assessment and incident reporting.
• Implement measures to systematically identify and control risk as an effective approach to the
prevention of injury, ill health and loss.
• Secure the commitment of management at all levels to promote risk management and provide
the necessary leadership and direction.
• Adopt common standards throughout NHS Greater Glasgow & Clyde to provide and maintain
robust systems to ensure compliance with relevant statutory requirements.
• Monitor and review risk management performance at all levels against agreed standards to
ensure that corrective action is taken where necessary.
• Ensure that there are processes to facilitate the systematic recording and reporting of
incidents and 'near misses' to minimise the risk of recurrence. The reporting mechanism will
focus on systems more than individuals and cover clinical and non-clinical incidents.
• Recognise the contribution of all key stakeholders, including patients and the public, to ensure
their involvement and participation in the overall risk management process.
• Have in place effective systems of communication to ensure the dissemination of information
on risk management matters across NHS Greater Glasgow & Clyde.
• Secure the provision of resources, facilities, information, training, instruction and supervision to
meet these objectives.
4 of 11
NHS Greater Glasgow & Clyde Risk Management Strategy
2. What is the Purpose of the Risk Management Strategy?
NHSGG&C’s strategy affirms the Board’s commitment to improve its capability to manage risk in a
systematic way. By doing this
we can drive continuous improvement and have a positive impact
on the quality of care, our staff and the efficiency of NHS Greater Glasgow & Clyde.
The
strategy formalises risk management responsibilities and sets out how the public can be
assured that our risks are managed effectively and accordingly represents a major element of NHS
Greater Glasgow & Clyde 's healthcare governance arrangements.
The following principles underpin NHS Greater Glasgow & Clyde’s risk management strategy.
Table 1: Guiding Risk Management Principles
1. Founded on adopting a pan Health Board approach
2. Incorporates clinical and non clinical risk
3. Is comprehensive and integrated
4. Supported by clear processes for escalation of risk
5. Only exceptional risks advance to the Corporate Register
6. Integral to the business agenda and informs performance
7. Provides assurance that effective systems are in place
3. What do we want the Strategy to Achieve?
The overall goal of risk management is to create an environment where we analyse and
understand the risks we face and eliminate or control them to an acceptable level, by creating a
culture founded upon assessment and prevention of risk. The strategy seeks to achieve the
following objectives.
Table 2: Key Strategic Risk Management Objectives
1. Be integral to all our decision making, planning, performance reporting and delivery processes.
2. Be devolved to Division/Directorates/Partnerships within a supportive common framework.
3. Improve the quality of patient care by preventing or reducing harm or potential harm to patients.
4. Minimise liabilities in the event of harm to a patient, visitor or member of staff.
5. Improve the safety and quality of the working environment for the benefit of all staff
6. Ensure stakeholders are kept informed of the developing Risk Management process.
5 of 11
NHS Greater Glasgow & Clyde Risk Management Strategy
4. Organisational Arrangements
4.1 Overview
Governance
The Board is a board of governance and is corporately responsible for NHS Greater Glasgow
& Clyde’s risk management strategy and for ensuring that significant risks are adequately
controlled. To support the Board a number of formal committees have been established and
carry specific responsibilities for overseeing
risk management in NHS Greater Glasgow &
Clyde– principally these are the Performance Review, Audit, Staff and Clinical Governance
Committees. Their respective risk management roles are described in the diagram in section
4.5 below. A Risk Management Steering Group (RMSG) – for role and remit, see section 4.5
below – exists to ensure a co-ordinated approach to Risk Management reporting to the
Planning Policy Performance Group.
In addition each Division, Directorates, Partnerships and other significant service groups within
NHS GG&C organisational structure will, individually and through their support to the Risk
Management Steering Group, regularly review the Risk Management arrangements to give
assurance/status reports to the Board and the aforementioned formal committees.
The combination of these arrangements ensures that there is a clear focus on both the
corporate and risk management processes within
the Acute Services Division and Partnership
organisations.
Executive and Divisional Management
While the Chief Executive has overall accountability for risk management across NHS Greater
Glasgow & Clyde, general management have been
delegated leadership responsibility to co-
ordinate, integrate, oversee and support the risk management agenda and provide assurances
to the Board (and its Committees) that all significant risks are adequately managed and the
risk management principles are embedded across NHS Greater Glasgow & Clyde.
It will be the responsibility of each Director, and their senior Management Team, to implement
local arrangements, which accord with the principles, and objectives set out within
this
strategy.
The RMSG supports general managers in the development of risk management arrangements
within NHS Greater Glasgow & Clyde, by providing technical and professional advice. The
Chair of the RMSG reports to the Chief Executive.
4.2 Roles and Responsibilities
All
managers have risk management responsibilities defined in their job descriptions and
personal objectives. This will include the identification, assessment and analysis of risks and
action plans to eliminate or minimise the impact of known risks.
Within each Management Team individuals may also be nominated to lead and co-ordinate
particular elements of the risk management process and to work with colleagues and the local
risk management advisors to develop and implement agreed actions.
All managers across NHS Greater Glasgow & Clyde have a responsibility to ensure that their
staff are familiar with the latest risk management arrangements,
guidance and controls.
6 of 11
NHS Greater Glasgow & Clyde Risk Management Strategy
4.2 Roles and Responsibilities (continued)
All staff have a part to play in identifying and assessing risk. Staff are
actively encouraged to
report all incidents, including ‘near misses’. In order to ensure full reporting of incidents, a ‘just
culture’ will be operated within which staff are free to report on incidents and concerns in the
knowledge that they will be supported.
The delivery of NHS Greater Glasgow & Clyde's objectives increasingly relies upon effective
co-operation, partnerships and joint working with partner agencies such as Local Authorities,
Universities and the Voluntary Sector and independent contractors such as GP's, Dentists,
Community Pharmacists and Opticians. NHS Greater Glasgow & Clyde seeks to minimise risk
by ensuring where necessary that:
All areas manage risk in partnership with partner agencies and contractors;
An adequate risk management framework is incorporated as part of the governance
arrangements for joint management and partnership agreements;
Common objectives are agreed with partner agencies, contractors and the voluntary
sector.
4.3 Learning and Development
Implementation of the strategy is underpinned by focused and effective learning and
development interventions aimed at achieving:
A workforce with the competence and capacity to manage risk and handle risk judgements
with confidence
An organisational focus on identifying malfunctioning systems rather than people
Organisational learning from adverse events.
Learning and development plans are subject to continuous development to ensure that they
continue to be effective in supporting the achievement of these objectives.
4.4 Provision of Support and Information
The availability of timely and accurate risk information is necessary for the implementation of
this strategy. Accordingly, NHS Greater Glasgow & Clyde will:
Support the development of systems to support risk assessment, identification and the
sharing of lessons as an integral part of performance monitoring;
Develop relevant policy and guidance and ensure that it is kept up to date and remains
easily accessible;
Put in place effective systems of communication to make sure everyone in the
organisation is sufficiently informed about risk management;
Promote continuous improvement and the sharing of good practice.
7 of 11
NHS Greater Glasgow & Clyde Risk Management Strategy
4.5 Schematic of Reporting Structure and Responsibilities
NHS Board
Responsible for ensuring that all significant risks are adequately managed
Performance Review
Chief Executive
Audit
Group
/Headquarters
Committee
Review Board operational and
Scrutinise effectiveness of Financial
financial performance including risk
Governance and risk management
management activities,
arrangements
communicate to CEO, the Board and
other Board Committees
Responsible for leading
Clinical
implementation, resourcing
Governance
and performance
Risk Management
management of risk
Scrutinise effectiveness of clinical risk
Steering Group
management system.
and patient safety matters
Provision of technical and
Staff
operational advice to Chief
Governance
Executive and Management Teams.
Maintaining Corporate Risk register
and dealing with escalated risks.
Review staff matters, occupational safety,
Ensuring governance standards met
H&S, environmental matters
Development and consultation of
NHSGG risk management strategy
and practice and corporate risk
register
ACUTE
MENTAL
COMMUNITY
BOARD HQ
HEALTH
HEALTH
Operational
SERVICES
PARTNERSHIP
PARTNERSHIP
Functions
DIVISION
(10)
Locally
Locally
Locally
Locally
determined
determined
determined
determined
arrangements
arrangements
arrangements
arrangements
in line with
in line with
in line with
in line with
Risk
Risk
Risk
Risk
Management
Management
Management
Management
Strategy
Strategy
Strategy
Strategy
Line
Line
Line
Line
Management
Management
Management
Management
Default responsibility for implementation of the risk management framework and application of risk
management principles. I.e. risk assessment, incident recording and investigation, implementing risk
registers and ensuring risk competencies
8 of 11
NHS Greater Glasgow & Clyde Risk Management Strategy
5. What is our Approach to Risk Management?
NHS Greater Glasgow & Clyde is
Risk
Risk
Risk
a large, diverse and complex
Identification
Assessment
Registers
organisation where our
Management Teams and staff
already manage risk as an
integral part of what they do
Risk Action
Plans
Risk
Assurance on
every day. A universal
Escalation
Internal control
prescriptive method to manage
risk would therefore be
inappropriate. Instead, Divisional Management Teams managing risk in a way that best suits their
existing style and arrangements should be able to demonstrate that they are managing risk in a
consistent manner through the adoption of the guiding principles and general approach described
in this strategy. This will ensure that common standards for the management of risk apply across
NHS Greater Glasgow & Clyde and support the assurance and business requirements of the NHS
Greater Glasgow & Clyde Board and its corporate management. The key components of the risk
management framework are noted below:
5.1 Risk Identification
NHS Greater Glasgow & Clyde aims to minimise the likelihood
Risk
and severity of risk events by the recording of all incidents or
identification
near misses through Incident Recording systems. It is the
responsibility of management to encourage staff to report
incidents that could pose a hazard or threat to people or the
provision of services and thus enable improvements to be identified, prioritised and implemented.
Recording and analysis processes will be available to support local data entry, with the overall aim
of shared learning across NHS Greater Glasgow & Clyde. In addition to risks identified through the
Incident Recording systems the Directors and the Management Teams will also be required to
regularly ‘horizon scan’ to identify risks by looking forward to tomorrow’s threats as part of the
development of their Risk Register.
5.2 Risk Assessment
All risks shall be assessed using a standard classification matrix
Risk
which will be applied consistently across NHS Greater Glasgow &
Assessment
Clyde (See NHS GG&C Risk Register Policy). This will involve the
assessment of risk in terms of the consequences and the likelihood
of occurrence.
9 of 11
NHS Greater Glasgow & Clyde Risk Management Strategy
5.3
Risk Registers
Each Division, Directorate or Partnership will be responsible for
Risk
maintaining its own
Risk Register. The risk register will be used by
Registers
each Management Team to inform priorities for the local implementation
and monitoring of agreed mitigating controls. Each risk will be allocated
a risk owner(s) who will be responsible for taking appropriate action to
minimise its impact. Review of the risk register will be a standing
Management Team agenda item that will help inform planning,
management decisions and priorities. Management Teams will be expected to regularly review
and update their risk registers.
The NHS Greater Glasgow & Clyde corporate management will be responsible for maintaining a
Corporate Risk Register which
will record and report on action being taken to manage the
strategic risks facing NHS Greater Glasgow & Clyde. The risks included on the Corporate Risk
Register will be informed by the escalation procedures noted below, as well the collective input of
Headquarters and the NHS Greater Glasgow & Clyde Board.
5.4
Risk Action Plans
All risks identified and prioritised for action within the Risk Register will
require a supporting action plan, which will ensure that the risk is managed
Risk
to an acceptable level. It will be the responsibility of the Management
Action
Teams and Headquarters to determine the most appropriate form of action
Plans
and to allocate responsibility for implementation to an appropriate
individual(s).
5.5
Risk escalation
If significant risks have been identified that are deemed impossible
or impractical to manage at a local Management Team level, then
they should be reported for review by the Director, or COO, for
Risk
Escalation
reporting to Headquarters. Assessment and improvement should
then be monitored through inclusion in the NHS Greater Glasgow &
Clyde Corporate Risk register.
In the absence of such escalation, the responsibility for the management of risks remains with the
Management Teams. Within Directorates or Partnerships similar escalation arrangements will be
implemented to ensure that significant risks are highlighted for inclusion within local Risk Registers
where this is deemed appropriate.
Table 3: Nature of Risks which may need to be Escalated
•
Significant threat to achievement of health plan objectives or targets
•
Assessed to be a substantial or intolerable risk
•
Widespread beyond local area
•
Significant cost of control far beyond the scope of budget holders
•
Potential for significant adverse publicity
10 of 11
NHS Greater Glasgow & Clyde Risk Management Strategy
5.6 Assurance on the Effectiveness of Key Controls
As a result of the devolved accountability for all operational matters
within NHS Greater Glasgow & Clyde, the Board requires assurance
that local systems are capable of identifying their objectives and
Assurance on
internal control
managing the risk to their achievement. To assist the Board meet its
governance requirements in respect of the management of risk, the
Management Team’s will assess the effectiveness of the risk
management processes and link to the Risk Management Steering Group to provide assurance
to the NHS Greater Glasgow & Clyde Audit, Staff and Clinical Governance Committees.
The Chief Executive and the Performance Review Group will evaluate assurances for the most
significant and widespread risks contained within the NHS Greater Glasgow & Clyde corporate
risk register and regularly report their findings to the Board. This would include a view on NHS
Greater Glasgow's ability to meet its objectives. This will ensure that risk management
becomes firmly embedded as a Board responsibility and that assurances can be provided at all
levels on the overall effectiveness of the risk management processes across NHS Greater
Glasgow.
To provide confidence to patients, staff and the public that this is the case, NHS Greater
Glasgow & Clyde will publish within it’s annual financial accounts a Statement of Internal Control
commenting on the effectiveness of the risk management arrangements.
.
11 of 11
Document Outline