Risk Management Strategy

Transcription

1 Risk Management Strategy Risk Management Strategy Janet Young Governance & Risk Manager June 2016 Executive Lead Jane Meggitt, Director of Communications & Corporate Affairs

2 Index Foreword Statement of Intent Purpose Who this Strategy applies to Our risk management principles Our risk management Aims Our risk management process Management arrangements Why is risk management important? Monitoring the effectiveness of risk management Creating a culture to support risk management Training How we will manage risk across organisational boundaries.... What we expect from our commissioned services Measuring the effectiveness of our Strategy Reporting Framework Our appetite for risk What we are working to achieve

3 Foreword Bedfordshire Clinical Commissioning Group is a clinically led organisation responsible for commissioning healthcare for 441,000 people resident in Bedfordshire. We are working with patients and partners, such as our local councils, public health teams, hospitals and community services, to understand local health needs. BCCG is a membership organisation that comprises all 55 GP practices in Bedford Borough and Central Bedfordshire. We are responsible for a budget of approximately 539.5m and are committed to operating to the highest standards of governance and stewardship. The CCG recognises it has a responsibility to manage both internal and external risks as a key component of good governance and is committed to embedding risk management into the daily operations of the CCG from the setting of objectives, to service and financial planning through to departmental processes. This strategy articulates how we manage risk. It reflects the development of our approach and takes into account the principles of the ISO 31000:2009 Risk Management Standard and also embedding the Management of Risk (M_O_R) framework. We believe that effective risk management will help the CCG achieve its objectives and provide better services. In particular it will help deliver improved: Care which is equitable, safe, patient centered, effective, and timely; Strategic management and decision making; Operational management; and Financial management. This Strategy should be read in conjunction with the Risk Management Policy and Framework which provides the necessary guidance on the foundations and arrangements for managing risk across the CCG and outlines how the CCG can ensure that it manages risks effectively and efficiently. 1. Statement of Intent Bedfordshire CCG s vision for risk management is for all decision makers to be fully informed of risk and that risks are effectively managed in the achievement of our objectives. Risk Management benefits the CCG and our Stakeholders by enabling new ideas to be explored and potential risks to be managed to minimise their impact. The CCG is committed to continuing to improve its operational efficiency and find innovative ways of delivering services to the population of Bedfordshire 3

4 without compromising quality or lifting risks beyond a level that we are willing to accept. Risk management plays a critical role in helping the CCG understand the impacts and manage the risks associated with these priorities. It helps us determine an appropriate control environment and balance of strategies to address the risk so that we are using resources efficiently and effectively. It involves making decisions and establishing governance systems that embed and support effective risks processes, as well as building an organisational culture that supports integrity, accountability, honesty, openness and responsiveness to change. This Strategy sets out the key principles that guide how risk management is embedded at all levels and how the CCG will ensure that risk is managed effectively and efficiently. Every member of staff needs to be committed to continue to improve governance arrangements through strong leadership, responsible and ethical decision making, management and accountability, and performance improvement. As an employee of Bedfordshire Clinical Commissioning Group, we have a duty to carry out activities according to required practice and to do so with the objectives of our patients, our population and stakeholders in mind. There is clear responsibility of the CCG Governing Body in response to the Francis Inquiry into Mid-Staffordshire NHS Foundation Trust (2013) and the subsequent Berwick Report (2013), to provide assurance that patient safety is at the top of the agenda. Lessons learned from the Francis Inquiry, both on a national and local level, demonstrate the importance of an overarching assessment of risk to the CCG. The CCG aims to ensure that patient safety and quality risk assessment continue to follow the consistent risk management process outlined within the strategy. We acknowledge the need for all of our commissioned services to have in place rigorous risk management systems and processes as described in the Francis Report. 2. Purpose The purpose of the Risk Management Strategy is to promote a consistent and integrated approach across all parts of the CCG embracing clinical, organisational and financial risks. It aims to do this through a robust governance structure, sound processes and systems of working. It provides the necessary foundations and arrangements for managing risk across the CCG and outlines how the CCG ensures that it manages risks effectively and efficiently. This Risk Management Strategy will assist the organisation in ensuring risks are either eliminated or reduced to an acceptable level to protect the CCG s patients and employees and its services (assets and finances). The CCG is 4

5 aware that some risks will always exist and will not be totally eliminated and recognises the importance of managing these risks effectively. The document describes the key principles, elements and processes to guide all staff in effectively managing risk, making it part of our day-to-day decision making and business practices. The CCG aims to apply risk management across the entire organisation all Directorates and Localities, as well as specific functions, programmes, projects and activities. Implementation of the framework will contribute to the strengthening of management practices, decision making and resource allocation, whilst at the same time maintaining trust and confidence. 3. Who this Strategy applies to This strategy is intended for use by all directly employed and temporary staff and contractors engaged on Bedfordshire Clinical Commissioning Group work in respect of any aspect of that work. Although the key strategic risks are identified and monitored by the CCG Governing Body, operational risks are managed on a day-to-day basis by staff throughout the organisation. In order that progress in managing all risks can be acknowledged, the CCG has in place a process for managing risk registers proportionate to the level of risk. This process enables provision of a record of all risks to the organisation. 4. Our Risk Management Principles At Bedfordshire CCG we are committed to ensuring risk management is embedded across the whole organisation. To do this, we need to ensure we adhere to the following principles which underpin this Strategy and guide how the CCG aspires to effectively and efficiently manage risk at all levels. 4.1 Creating and Protecting Value Risk Management contributes to the achievement of our objectives and improves performance in areas such as financial control, governance, programme and project management and health and safety of patients and staff. 4.2 An integral part of all organisational processes Risk Management is not a stand-alone activity performed in isolation. Rather it is an integral part of our governance and accountability arrangements, performance management, planning and reporting processes. 4.3 Part of decision making Risk Management aids decision makers to make informed choices, prioritise activities and identify the most effective and efficient course of action. 5

6 4.4 Explicitly addressing uncertainty Risk Management identifies the nature of uncertainty and how it can be addressed through a range of mechanisms, such as sourcing risk assessment information and implementing risk controls. 4.5 Systemic, structured and timely Risk Management contributes to efficiency and to consistent, comparable and reliable results. 4.6 Based on the best available information Risk Management should draw on diverse sources of historical data, expert judgment and stakeholder feedback to make evidence-based decisions. 4.7 Tailored Risk Management aligns with the internal and external environment within which we operate and in the context of the CCG s risk profile. 4.8 Human and cultural factors Risk Management recognises that the capabilities, perceptions and aims of people can aid or hinder the achievement of objectives. 4.9 Transparent and inclusive Risk Management requires appropriate and timely involvement of stakeholders to ensure that it stays relevant and up to date. Involving stakeholders in decision making processes enables diverse views to be taken into account when determining risk criteria Dynamic, iterative and responsive to change Risk Management responds swiftly to both internal and external events, changes in the environmental context and knowledge, results of monitoring and reviewing activities, new risks that emerge and others that change or disappear Continual improvement of the organisation Risk Management facilitates continuous improvement of our operations by developing and implementing strategies to improve risk management maturity. 6

7 5. Our Risk Management Aims Our key aims are: 1. To support the delivery of the CCG s strategic objectives and directorate objectives for 16/17 and beyond by developing a more dynamic approach to risk management. This will be achieved by embedding risk management systems and processes within the organisation and promoting the ethos that risk management is everyone s business by clearly defining roles, responsibilities and reporting lines within the CCG and reinforcing the importance of effective risk management as part of the everyday work of all staff. 2. To ensure the CCG discharges its responsibility to maintain and monitor a Board Assurance Framework each financial year and report annually on its principle risks. This will be achieved by the audit & governance committee and the governing body s on-going monitoring of the BAF as the key source of evidence that links strategic objectives to risks and assurances and the main tool that the governing body should use in discharging its overall responsibility for maintaining a sound system of internal control. 3. To increase staff knowledge and understanding of risk management by developing a more structured risk management training programme by the summer of We will use an organisation-wide programme to help to embed a consistent language of risk management, including concepts such as controls, mitigations, assurances, inherent and residual risk. This will enhance the quality of conversation and consistency of approach and ensure staff and management gain confidence around the value of risk management 4. Throughout the year we will actively involve patients and the wider community in the development of the risk management processes through enabling patients and the public to provide feedback on their experiences through a variety of ways including: Patient and public engagement events Representatives at our sub-committees Seeking patient and public views during consultations Provider information in relation to comments/complaints Provider information in relation to serious incidents 5. To further develop the organisational risk management culture over the next two years, enabling risk management to be a natural part of dayto-day activity. This will be measurable through the extent and degree to which risks are being assessed, treated and monitored across the organisation and the CCG s capability to respond quickly to risks as they emerge and develop. 7

8 6. Our Risk Management Process The term risk management refers to the systematic application of procedures to the task of identifying and assessing risks, and then planning and implementing risk responses. This provides a disciplined environment for proactive decision making. Effective risk management can only be achieved through an environment of honesty and openness that helps embed the recognition that whilst risk can never be eliminated, it can be managed. It is accepted that given the nature of the service provided by the NHS, some risks may never be totally eliminated. It is essential that CCGs have in place good risk management systems and practices which eliminate risk wherever possible and reduce the impact of those risks which cannot be eliminated to an acceptable or tolerable level. However, it is also understood that risk is also about taking opportunities to maximise benefits. The CCG observes an objective led approach to risk management. This is a continuous, forward looking process that ensures that issues endangering the achievement of critical objectives are addressed. Risk Management is about everyone in the CCG working together to prevent risks happening and taking the right action to reduce their impact. 7. Management Arrangements Risk management is a part of Directorate and corporate management and accordingly should be integrated as far as possible within normal management processes. The responsibility for the management of risk within a Directorate or Locality lies with the Executive Director or Locality Chair who are responsible for ensuring that proper arrangements are in place to manage risk, and that effective monitoring is carried out. Such arrangements should include the establishment of risk management processes at all levels within the respective Directorates so that risks identified at team/service level are recorded and transferred to the Directorate/Locality risk register, or further to the Corporate Risk Register. Appropriate arrangements should include the following: 8 A risk register updated on a continuous basis and reviewed formally every month Action plans to address the risks raised in the risk register reviewed and updated monthly Assurance that controls are effectively mitigating the risk sought Inherent risk scores evaluated

9 Escalation of risks evaluated at 15 or above escalated to the corporate risk register. The Governance & Risk Group should be attended by at least one representative from each Directorate and one from the Localities. 8. Why is Risk Management important? Some risk taking is inevitable within the CCG if we are to achieve our objectives. Organisations that are more risk aware appreciate that actively managing threats but also potential opportunities provides them with a competitive advantage. Taking and managing risk is the very essence of business survival and growth. Effective risk management is likely to improve performance against objectives by contributing to:- Fewer sudden shocks and unwelcome surprises More efficient use of resources Reduced waste Reduced fraud Better service delivery Reduction in management time spent fire-fighting Better management of contingent and maintenance activities Lower costs of capital Improved innovation Increased likelihood of change initiatives being achieved More focus internally on doing the right things properly More focus externally to shape effective strategies. It is also recognised that inadequately managed risks within commissioned services have the potential to prevent BCCG from achieving its objectives and may directly or indirectly cause harm to those it cares for, employs or otherwise affects as well as incurring loss relating to assets, finance, reputation, goodwill, partnership working or public confidence. Risk Management is not only about identifying threats. During the CCG s business planning processes the organisation will frequently give consideration to innovative, developmental opportunities which are inherently risky. The Risk Management Strategy is not exclusively about the mitigation and control of risks but also the calculated encouragement to explore potentially more risky opportunities. 9. Monitoring the effectiveness of Risk Management Through a structured reporting process Bedfordshire Clinical Commissioning Group will monitor the effectiveness of its Risk Management arrangements through: 9 Clinical Commissioning Group Annual Report

10 Annual Governance Statement Governing Body Assurance Framework Risk Management Reports Corporate Risk Register Internal and External Audit Reports Minutes from related committees and groups Performance Reports To ensure the risk management framework remains fit for purpose, the CCG continually seeks to review and improve its risk management methodology and embrace new initiatives and practices that suit the needs of our organisation. 10. Creating a culture to support Risk Management A key component of an effective and mature risk management framework is having a culture of knowledge and understanding of risk management, and leadership. This means that roles and responsibilities need to be clearly defined so that risk management is owned by appropriate members of staff and that staff are encouraged to be more risk aware by promoting openness and supporting them to manage risks locally where possible. It also means visible and effective leadership from the Governing Body in ensuring effective systems and processes for the management and escalation of risks. The CCG has Governing Body level leadership for risk management and a clear committee structure that supports the aggregation and escalation of risk. As well as structure, a mature risk management framework requires risk management to be at the heart of governing body level discussion. To enhance the maturity of existing conversations at governing body level, one of the aims of this strategy is to create a clear link between assurance, risk management, corporate governance and regulation. Using an agreed risk appetite matrix, the Governing Body can set out a framework within which all risk should be considered, linking objectives, business planning and risk appetite. This will also help to develop an approach that engenders risk forecasting. The CCG ensures there is clearly defined accountability and responsibility within its structure. This is equally important for risk management so we will ensure that roles and responsibilities for risk management are defined in this Strategy with implementation supported by an OD programme. We will also create local ownership of risk management through involvement of staff in designing the tools to manage risk and training programme 10

11 11. Training In order to develop the requisite culture for risk management and to ensure successful implementation of this strategy, there needs to be a structured, organisation-wide training programme for staff. Risk management training and awareness already occurs in a number of different guises. The Governing Body currently have a session on risk management once a year as part of the governing body development programme and risk and governance features in a number of leadership development programmes as well as ad hoc training provided. 12. How we will manage risk across organisational boundaries It is often at the interface between organisations that the highest risks exist and clarity about responsibilities and accountabilities for those risks is most difficult to ascertain. Only by working closely and collaboratively with a wide range of partner organisations can these risk areas be identified and properly managed and be afforded an appropriate priority within the risk action plan. 13. What we expect from our commissioned services We expect risk management to be a priority for all those organisations from whom we commissions services and will require evidence of robust risk management systems. The Governing Body must be informed of and where necessary, consulted on all significant risks that arise from the commissioning of services. Risks associated with commissioned services must be systematically identified, assessed and analysed in the same way as other risks to the organisation. Risks relating to commissioned services assessed as scoring 15 or over will be reported on the Corporate Risk Register to provide a complete risk profile of the organisation. 14. Measuring the effectiveness of our Strategy There is a need to measure the impact of this strategy to measure its effectiveness in developing the maturity of the CCG s risk management framework. We will therefore:- 11 Complete an annual risk maturity assessment, using an adaption of the HM Treasury Risk Management Assessment Framework. Risk maturity refers to where the CCG is on its risk management journey and how well established risk management is as a discipline across the organisation. The maturity assessment provides a flexible tool to assist in evaluating performance and progress in developing and maintaining effective risk management capability and assessing the impact on delivering effective risk handling and required/planned outcomes.

12 Undertake regular reviews of other CCGs and NHS Trust models and standards to ensure our risk management framework continues to reflect best practice. Gain assurance from our internal auditors on whether the CCG s risk management, control and governance processes are adequate and operating effectively. e 15. Reporting Framework Governing Body Board Assurance Framework (3 times per annum) Corporate Risk Register (3 times per annum) Audit & Governance Committee Board Assurance Framework (Bi-monthly) Corporate Risk Register (Bi-monthly) Finance & Performance Committee Finance Directorate risk register Co-commissioning Committee Integrated Commissioning and Quality Committee Executive Management Group Co-commissioning risk register Patient Safety & Quality Directorate risk register Acute Commissioning risk register Corporate Risk Register (monthly) Board Assurance Framework (monthly) Governance & Risk Group All risk registers at least twice annually Corporate risk register monthly QIPP Board Combined QIPP Risk Register 12

13 16. Our appetite for risk The CCG cannot achieve its objectives without taking risk. The question is how much risk does it need to take? Risk appetite can be seen as a series of boundaries authorised by the Governing Body which guide staff on the limits of risk they can take. If risk exists, it cannot usually be fully mitigated, so if we can be clear of the target residual risk we are prepared to carry we can arrive at an appropriate balance between uncontrolled innovation and excessive caution. By adopting the risk appetite statement the CCG can decide when considering its core objectives what threats it can accept before action is deemed necessary to reduce the risk. A defined acceptable level of risk means that resources are not spent on further reducing risks that are already at an acceptable level. However, the Governing Body should be willing to deploy the resources required to meet a zero appetite. There should be a range of appetites for different risks. Some strategic decisions will be made, even though they are perceived as higher risk, because the opportunities they bring are important to the CCG. For example, a change of direction that improves service delivery but that involves working with a new partner. As a Public Body, there are risks we must steward on behalf of the public where our appetite needs to be very low. There are other risks where we can bear more risk. It is understood and acceptable that the appetite may change over time as the CCG manages its objectives within the operational plan. The appetite will be considered annually unless circumstances arise where a review is judged appropriate. Our 2015/16 Risk Appetite Statement is:- Patient safety Zero Risk Appetite We will continue to hold patient safety in the highest regard and will not accept any risk that may jeopardise it. This key value driver directly supports our core objective to improve the safety of our services to patients. Maximising innovation Moderate Risk Appetite We will continue to encourage a culture of innovation within the organisation and are willing to accept risks associated with this approach. This key value driver directly supports our value to foster innovation and high quality. High quality services and meeting constitutional standards Low Risk Appetite We will continue to provide high quality services to our patients and will rarely accept risks that could limit our ability to fulfil this objective. This key value driver directly supports our core objective to meet our constitutional standards and improve our patients experience by providing personalised and responsive services making us the provider of choice for patients and their carers. 13

14 Maximising staff potential Low Risk Appetite We will continue to hire and retain staff that meet the high quality standards of the organisation and provide on-going training to ensure all staff reach their full potential. In certain circumstances we will accept risks associated with the delivery of this aim. This key value driver directly supports our value to maximise the potential of our staff. Achieving the financial plan Low Risk Appetite We will strive to deliver our services within the contracted income as laid out in the financial plan and will not accept risks that if realised might cause us to exceed the financial plan. This key value driver directly supports our value to maximise our use of resources and deliver cost effectiveness. Reputation Low Risk Appetite We will continue to maintain high standards of conduct and patient care and will only accept risks in exceptional circumstances that if realised could cause reputational damage to the organisation. Compliance with legislation Zero Risk Appetite We will continue to comply with all legislation relevant to the organisation and will never accept risks that if realised could result in us being non-compliant with legislation. Working with others Moderate Risk Appetite We will continue to work with other organisations to ensure we are delivering the best possible service to our patients and are willing to accept risks associated with this collaborative approach. This key value driver directly supports our core objective to strengthen and deepen our partnerships to ensure our patients receive seamless care from all health and social care services. Organisational capacity and capability Low Risk Appetite We will continue to ensure that everyone s roles, responsibilities and objectives are aligned to the achievement of our plan and will only accept risks in exceptional circumstances that if realised would stop our management and staff working together effectively to deliver our vision. The key value driver directly supports our value to ensure the right people are making decisions and they are appropriately accountable for them. 14

15 What are we working to achieve? Theme 2016/ /18 Strategy and policy Approval & Implementation of Risk Management Strategy Approval & Implementation of Risk Management Policy and Framework Strategy and Policy review Assurance Framework Governing Body to set annual strategic objectives Adopt New Assurance Framework Monitor effectiveness of BAF Risk Registers [Guidance document issued Number of risk registers reduced Monitor quality and effectiveness registers Review and refine registers at Directorate level Review effectiveness of CRR Communication Communication plan developed and implemented to raise the profile of CCG risk services Extranet improvements Tools Review of existing tools. Develop new tools and guidance in line with framework Fit for purpose review of all tools Ensure risks are continuously identified, assessed and appropriately managed Reporting Review of reporting in line with new committee structure and implement Review and monitor action plan Review corporate ownership and accountabil8ty Developing culture Develop the organisational risk management culture Monitor how risks are being assessed, treated and monitored Risk appetite statement revision Risk appetite statement revision Risk maturity assessment Risk maturity assessment 15

16 Training Risk Awareness video produced to cover general knowledge. Focus on how risk management applies to everyday work for senior staff Risk registers and risk identification session for risk leads On-going training on hot topics Development sessions for Governing Body Systems Monitor impact of training Automate risk management processes Resources Availability of Governance & Risk Manager Directorate & Locality Risk Leads in place 16

17 Risk Management detailed action plan. As at June 2016 Ref Area Comments Status Target Date 1 Risk Appetite 1.1 Discussed at GB development session. Current appetite statement described by GGI as exemplary and CCG commended. 1.2 Guidance for devising a well-defined risk appetite statement 1.3 Revision of risk appetite statement - paper to Executive meeting to set key business driver and assessment levels May/June 1.4 Proposed risk appetite statement circulated to Exec for sign-off before recommending adoption by governing Body 2 Risk Management Training and Development 2.1 Risk awareness sessions to cover general knowledge of risk management for all staff. June/July GGI commissioned to produce corporate video Launch in May/June 2.2 Risk register sessions for risk leads CSU developing June/July 2.3 Sessions focussed on informing senior staff on key CSU developing TBA aspects of the CCG risk management framework 2.4 Focus on how risk management applies to everyday work for senior staff CSU developing 2.5 Seminars for governing body on their role in risk CSU developing management process 2.6 On-going training of "hot topics" Consideration being given to re-instatement of monthly/quarterly risk briefings 3 Project Risk Management 3.1 Separate procedure for managing and reviewing project risks. Project risk registers amalgamated into one which is taken monthly to QIPP Board TBA TBA May 3.2 Significant risks emerging from project delivery which may have operational impacts escalating to corporate risk register Process agreed with PMO where QIPP Board makes decision on which high risks are escalated to CRR. PMO regularly reporting into Risk Manager

18 3.3 Work with PMO to embed awareness of risk identification and maintenance of project risk register. 4 Risk Registers 4.1 Standard format of risk registers to be followed. Current risk register reflects best practice following recommendation from 15/16 risk management internal audit. 4.2 Risk scores to be shown numerically to allow for prioritisation of risks within the highest category Corporate risks register now shows numerical value of risks used on the 5 x 5 matrix. 4.3 Number of risk registers to be reduced Now grouped by Directorate 4.4 Risk Registers of service areas under SLA arrangements Decision made by JM at Risk Management Group that IM&T, Workforce and H&S risks should be monitored at SLA meetings and responsibility to escalate risk will lie with appropriate Executive Director. 4.5 Locality Risk Registers Locality risk registers amalgamated into one. Corporate Risk Register. Ensure register continues to remain fit for purpose. 4.6 Regular 1:1 deep dive sessions where risk leads are challenged on content of risk registers 4.7 Mechanism for feedback from Risk Manager to Risk Leads to be formalised 4.8 review of the CRR should be a fixed item on the Audit Committee agenda in addition to regular review of BAF 4.9 Process of aggregating operational risks again strategic objectives should be agreed. Current version fit for purpose and reflects the risk profile of the CCG Risk registers challenged on regular basis by governance & risk Group to ensure risks are accurately recorded and reviewed on a regular basis. JY has re-instated monthly 1:1s with risk leads to support this process. This best practice has now been adopted Agreed that CRR should reflect which strategic objective the risk is related to On-going On-going 5 Risk Management Group Meeting 5.1 Establishment of new membership 5.2 New Terms of Reference on-going on-going 18

19 6 Dashboard 6.1 Consideration of purpose of existing dashboard The use of the dashboard has been suspended as the CCG are in agreement that the production of the dashboard did not lead to any tangible improvement. 7 Board Assurance Framework 7.1 BAF to be developed once the CCG's strategic objectives have been agreed. 7.2 Guidance document Produced and circulated to GB members 8 Risk Management Strategy, Policy and Framework 8.1 Draft documents Draft documents produced to ensure they reflects and incorporates current thinking and best practice. Clear lines of accountability defined. 8.2 Consultation Key staff consulted during strategy and policy development 8.3 approval by Executive Team Approved by EMT 26 May Approval by Governance & Risk Group Approved 6 June 2016 Approved by Audit & Governance Committee Approved 9 June Ratification by Governing Body Ratified July 9 Risk Management Action Plan 9.1 Monitoring Action Plan to be monitored at Gov & Risk Group Year End 9.2 High level version incorporated into Risk Management Strategy Year End 10 Patient/Public Involvement and engagement 10.1 Patients and public represented at sub-committees The Patient Engagement Forum will report in to the new Integrated Commissioning and Quality Committee 10.1 Provider information in relation to serious incidents The Quality Team monitor serious incidents reported via our commissioned providers and lessons learned enable new ideas to be explored and a more risk aware approach adopted. on-going on-going 19

20 10.2 Seeking patient and public views during consultations/engagement event. Working closely and collaboratively with a wide range of patient and public organisations so that areas of risk can be identified and properly managemnent and afforded an appropriate priority within any risk action plan. On-going on-going 11 Strategic 11.1 Ensure staff understand how strategic objectives link to their individual service areas Year End 11.2 Ensure staff understand how the strategic objectives link to their personal objectives Year End 11.3 Ensure risk is regarded as an opportunity as well as a threat by the CCG in the achievement of its objectives Year End 20