Risk Management Strategy inc Policy Statement

Transcription

1 Title Risk Management Strategy inc Policy Statement Summary This strategy will establish a consistent and integrated approach to the management of risk throughout the BSO. Purpose The control and management of risk to achieve organisational objectives Operational date April 2010 Review date December 2015 Version Number V 1.03 Supersedes V 1.02 previous Director responsible Director of Finance / Director of Customer Care & Performance Lead author Patricia Maginnis Lead author, Governance and Risk Officer position Additional authors Department Customer Care & Performance Contact details patricia.maginnis@hscni.net Tel: Equality Screened November 2015

2 Reference number Supersedes Version 3 Version Control Date Version Author Comments May 10 1 Fiona Moore Dec Fiona Moore March 1.02 Jill Jackson 2013 December Patricia Maginnis Policy Record Author(s) Directors responsible G&R Officer DoF/DoCCP Approval Process Senior Management Team Governance & Audit Committee Date 2

3 1. Scope 1.1 This strategy applies to all BSO employees, contractors and other third parties working within the BSO. Risk Management is the responsibility of all staff, in particular managers at all levels are expected to take an active lead to ensure that risk management is a fundamental part of their operational remit. 2. Rationale and Policy Statement 2.1 HSC Organisations are required to ensure that an independently-assured risk management system is in place that conforms to the principles contained in AS/NZS 4360:2004, and which meets HSC and other requirements in respect of managing risks, hazards, incidents, complaints and claims. 2.2 The BSO is required to have a Board-approved process for managing risk that identifies accountability arrangements, resources available and contains guidance on what may be regarded as acceptable risk within the organisation. The BSO Risk Management Process was approved by the Board in August 2009; an extract from this document has been collated to specifically outline the BSO Policy Statement on Risk. 2.3 The Business Services Organisation Policy Statement on Risk is: The BSO will ensure that the management of risk is an integral element of its work in relation to customers, staff and the public (where relevant). 3

4 Risk management is recognised within the Business Services Organisation as an integral part of good management practice and should be part of its culture. It will be integrated into its philosophy, practices and business plans, and not be viewed or practised as a separate programme. When this is achieved, risk management becomes the business of everyone in the BSO. The design of a risk management system will be influenced by and tailored to the structures of the Business Services Organisation, the services provided and the processes and specific practices followed. The BSO risk management process will give particular cognisance to Audit recommendations made for emerging risks and the various Controls Assurance Standards. Reflecting the core principle that risk management should be embedded in the organisational management processes, the Board and SMT propose that the reporting arrangements should emerge from those processes, rather than be seen as a separate reporting tier. The aim of the Board and SMT is to implement a risk management process for identifying and evaluating risks associated with the various activities of the Business Services Organisation, assessing and addressing their impact and providing for appropriate disclosure of the progress made in managing the identified risks. 4

5 It does not want to create a bureaucratic or mechanistic process but a culture whereby management and staff are aware that events or circumstances can / may occur which can prevent or adversely effect the management of planned outcomes and as such need to be carefully managed. 2.4 In order to meet this aim, the BSO has developed and updated this strategy which provides the structured approach to the management of risk as required by the DHSSPS NI. 2.5 The strategy defines the BSO approach to risk management, documents the key aspects of the risk management process and outlines the roles and responsibilities of the BSO Board, Chief Executive, Governance and Audit Committee, management and staff. 3 Principles 3.1 The BSO is committed to implementing the principles of governance, defined as the system by which an organisation is directed and controlled, at its most senior levels, in order to achieve its objectives and meet the necessary standards of accountability, probity and openness The BSO recognises that the principles of governance must be supported by an effective risk management system that is designed to deliver improvements in services as well as the safety of its staff and the public. 1 Governance Standard, Department of Health, April

6 3.3 Risk is uncertainty of outcome, and good risk management allows an organisation to: have increased confidence in achieving its desired outcomes; effectively constrains threats to acceptable levels; and take informed decisions about exploiting outcomes. 3.4 Good risk management also allows stakeholders to have increased confidence in the organisation s corporate governance and ability to deliver. 2 4 Strategy Objectives 4.1 This strategy will establish a consistent and integrated approach to the management of risk throughout the BSO. 4.2 The key objectives of this strategy are to provide the framework for achieving: Robust governance arrangements, encompassing financial, information and performance governance systems; The control and management of risk to achieve organisational objectives; To achieve Substantive Compliance on the Risk Management Standard; 2 The Orange Book Management of Risk Principles and Concepts, October

7 To provide assurance to the Board that risk management arrangements are effective and to support the annual Governance Statement; The integration of risk management within the BSO strategic aims and objectives; The generation of a culture in which risk management can be effective. 5 Duties and Responsibilities for Managing Risk BSO Board 5.1 The Board is responsible for ensuring that there is an effective system of internal control and ensuring that the system is effective in managing risks so as to assist in the achievement of the BSO objectives. The Board is similarly responsible for ensuring that the BSO has effective systems for identifying and managing all risks, financial and organisational. The Board has established a risk management structure to help deliver its responsibility for implementing risk management systems throughout the BSO. The BSO Risk Management process is outlined in Appendix 1. The programme of risk identification, assessment, management and quality improvement processes and procedures is approved and monitored by the Governance and Audit Committee on behalf of the Business Services Organisation. 7

8 Chief Executive 5.2 The Chief Executive as Accountable Officer has overall responsibility to the BSO Board for Risk Management. Operationally, the Chief Executive has delegated responsibility for implementation as outlined below: Director of Finance 5.3 The Director of Finance is the designated officer on behalf of the Chief Executive and has corporate responsibility for Risk Management. The Director of Customer Care & Performance 5.4 The Director of Customer Care & Performance is responsible for risk reporting and risk training, and for ensuring that service areas are maintaining service risk registers. Directors 5.5 Directors are responsible for following the BSO s risk management policy, the management of corporate risks and for operational risks within their own portfolios. Governance & Risk Officer 5.6 The Governance & Risk Officer will be responsible for the maintenance of the BSO Corporate Risk Register, and will monitor performance against risk action plans and report 8

9 progress to the Senior Management Team. In conjunction with SMT the Governance & Risk Officer will produce an Annual Risk Report and will be responsible for the preparation of the Risk Management and Governance Controls Assurance Standards. In addition the Governance & Risk Officer will act as catalyst at all levels of the organisation to ensure that the management of risk is addressed at all levels of the organisation. In fulfilling this role they will advise staff and management at all levels in the organisation as to best ways to manage risk, and support staff with training and development in this area. Responsibility of all Employees, Agency and Contractors ( Staff ) 5.7 Everyone has a role to play; all staff are encouraged to use the risk management process to highlight areas they believe need to be improved. However it is important to emphasise that each member of staff have a responsibility to safeguard their own health, safety and welfare and that of others that may be affected by service activity. 6 Committees/Groups which have Responsibility for Risk 6.1 Responsibility for monitoring specific risk management areas has been delegated as follows: 9

10 6.2 Governance and Audit Committee The Governance and Audit Committee acts as the body responsible for reviewing the arrangements and systems in place for risk management activity and reports directly to the BSO Board. The Governance and Audit Committee remit is to review the structures, processes and responsibilities for identifying and managing key risks facing the organisation, and receive periodic reports and assurance on risk which contribute to the assurances required for the Board. The programme of risk identification, assessment, management and quality improvement processes and procedures is approved and monitored by the Governance and Audit Committee on behalf of the Business Services Organisation. 6.3 Senior Management Team SMT is charged with supporting the Chief Executive in his responsibilities for risk, control and governance by: Gaining assurance that risk and change in risk is being monitored; Receiving the various assurances which are available about risk management and consequently delivering an overall opinion about risk management; Commenting on the appropriateness of the risk management and assurance processes which are in place. 10

11 SMT is responsible for: Promoting and leading the implementation of the BSO Risk Management Process; Ensuring that objectives have been established at Corporate and Directorate level and that the risks to the achievement of those objectives are identified by developing both Corporate and Directorate or Service Area Risk Registers; Directing the annual programme for risk management activities and monitoring progress; Assessing the need for staff awareness and training with regard to Risk Management and Assurance; Reviewing and monitoring compliance with the Controls Assurance Standards and the development of action plans to drive improvement and the monitoring thereof; Monitoring and reviewing Complaints and Incidents Reports; Reporting to the Governance & Audit Committee and Board so that the Board can assess the effectiveness of the controls and assurance given for the management of Risks throughout the Business Services Organisation. 6.4 Directors and their Senior Management Teams Directors are responsible for coordinating the operational elements of risk management within their Directorate/ Service Area. They will be responsible for: Identifying risks to service delivery through engagement with staff and service users; 11

12 Ensuring that appropriate and effective risk management processes are in place within their designated area and scope of responsibility, and that all staff are made aware of the risks within their work environment and of their personal responsibilities; Appropriate population of their risk register in line with the Risk Management Strategy, and validating all risk scores attributed; Monitoring the implementation of risk action plans; Reviewing all risks on their risk register on at least a quarterly basis; Escalating risks, where appropriate for discussion at SMT; Ensuring records are kept to demonstrate that risk management is embedded throughout the service area, will meet internal audit requirements, and are available to support the annual Risk Management Standard assessment; Providing the Governance and Risk Officer with evidence that these responsibilities have been met. 6.5 Controls Assurance Standards The BSO has assigned responsibility for each applicable Controls Assurance Standard to a Director. In this way, it is assured that the entire risk management agenda is placed at the highest level within the organisation. An organisational chart that sets out these arrangements is outlined in Appendix 2. 12

13 6.6 Health & Safety & Environmental Management Group The Director of Human Resources & Corporate Services will be responsible for the operation of the Health, Safety & Environment Management Group, which will commission, monitor and review a programme of Health & Safety Risk Assessments throughout the organisation. On the basis of the assessment outcomes, the Group devises and implements an Action Plan aimed at mitigating or reducing risks which have been identified. Membership of the Management Group includes the Director of Human Resources & Corporate Services and representatives from Directorates / Service Areas and Trade Unions. Relevant Health & Safety issues are reported to the Senior Management Team. 6.7 The Board seeks assurances from the aforementioned parties via regular reports, including quarterly Corporate Services Report to Board, from which it determines that the Board is aware of the nature and extent of the risks the organisation faces. Furthermore, it requires assurances that the risks are actively managed so as to promote a culture of continual improvement. 13

14 7 BSO Risk Appetite 7.1 The risk appetite will be expressed as a series of boundaries authorised by the Board and Senior Management Team, which gives each level of the Business Services Organisation clear guidance on the limits of the risk that is acceptable. Strategic Programme Operational A. Define Risk Appetite Set and communicate general tolerances for risk B Identify responses to manage risks C. Report risks outside tolerance level D. Agree responses potentially including reviewing risk appetite Figure Realistically it is never possible to eliminate all risks and there will be a range of risks identified that would require the organisation to go beyond reasonable action in order to eliminate or reduce them, i.e. the cost in time or resources required to reduce the risks may outweigh the potential for harm. These risks would be considered acceptable by the BSO. Examples are frequent, low consequence events such as minor property loss or damage, injuries requiring first aid only or potentially serious events that are unlikely to occur and for which reasonable preventative measures are already in place. 3 Figure 1 reproduced from The Orange Management of Risk Principles and Concepts, October

15 7.3 The Board and SMT propose that the BSO Risk Appetite be defined as follows: All risks will be assessed as to their likelihood and impact and classified in accordance with the Australian and New Zealand Standard, AS/NZS 4360 Risk Management, details of which are described in the Procedure for the Maintenance of Risk Registers. All risks outlined in the Corporate Risk and Assurance Profile are recorded in the Corporate Risk Register. SMT will manage and review these risks on a monthly basis. Where appropriate, separate registers are established for specific programmes. Any Directorate/ Service Area Risks (Operational) classified as Extreme or High will be brought by the Director to SMT. SMT will decide whether to include these in the Corporate Risk Register. Action Plans will be developed for all risks classified as Extreme, High or Medium and progress monitored by SMT / Directors. All Service Area Risks will be assessed on a quarterly basis and risks transferred to/from respective registers. 15

16 8 Shared Risks Premises 8.1 While the majority of BSO staff are located in its premises in Franklin Street and Boucher Crescent, a significant proportion share accommodation in a landlord/tenant arrangement with other HSC organisations. In particular, various Directorates are based in Linenhall Street for which the Health & Social Care Board (HSCB) has primary responsibility. 8.2 With regard to Linenhall Street, the BSO manages the shared risks by means of: A shared estates service, including Planned Preventative Maintenance for plant and equipment; Common systems (fire safety, security) supplemented by joint operational procedures; and Representation on the HSCB Health & Safety Committee. 8.3 With regard to BSO Locations at other HSCB, HSC Trusts, Civil Service and Commercial premises, the BSO manages the shared risks by: Promoting staff adherence to local operational policies; Engagement with the other Organisations to maintain facilities and IT infrastructure locally. 8.4 The Fire Safety Regulations (NI) 2010 state that all nondomestic premises are required to hold a valid fire safety risk assessment. For all rented accommodation, landlords will be required to provide documentation of their fire safety risk 16

17 assessment to BSO Corporate Services who have corporate responsibility for Fire Safety. 9 Shared Risks Service & Supply Contracts 9.1 The BSO plans, coordinates and monitors the activities for service and supply contract companies to effectively minimise the risk, so far as is reasonable practicable, to staff, visitors and other persons including contractors staff. 9.2 All service and supply contracts will have a nominated BSO Officer who will monitor the work to ensure that it has been carried out in accordance with the contract and in full compliance with impacting Health & Safety Legislation. All Service & Supply Contracts include an Equality of Opportunity Contract Condition and the nominated Officer will outline to the contractor the expected Code of Conduct while on BSO premises, and any health & safety issues pertinent to the work being undertaken. Where required, the nominated Officer will obtain Method Statements and Permits to Work from the contractor before work commences, in accordance with the Health & Safety at Work Act. He/she will then ensure that Directors are fully aware of any work being undertaken, the risks being introduced and how the work may affect the working environment and their staff, visitors and any other person in their place of work. 9.3 If an incident occurs, the nominated Officer will ensure that an Adverse Incident Report is completed and/or obtained from the 17

18 contractor, and processed in accordance with the Adverse Incident Reporting Policy. 10 Process for the Assessment and Management of Risk 10.1 The BSO employs a number of mechanisms to systematically assess and manage its risks, all of which combined provide the Board with the required assurance that risks to objectives are being appropriately managed. These processes broadly fall into proactive and reactive risk processes Proactive risk processes: Strategies, Policies and Procedures in addition to this Risk Management Policy, there are a range of other policies that support the management of risk in the BSO. Related Risk policies are listed at Section 14 and once approved will be made available on the BSO Intranet. Resilience Management the BSO has in place a range of plans e.g. Joint Response Emergency Plan, H1N1 Plans, Business Continuity Plans, that are designed to ensure the resilience of the BSO in a range of scenarios that could limit the operating capacity of services provided by the BSO. Standards and Accreditations the BSO ensures that it meets (and aims to exceed) a range of standards and accreditations. 18

19 Audit Activity there is an annual programme of Audit (Internal and External) covering a range of issues. Findings from Audit Reviews are reported to respective Directors and reports made available to the Governance and Audit Committee and Board. Horizon scanning and learning from others helps identify potential risks to the BSO Objectives at Strategic and Operational levels. Customer engagement such as BSO Customer Partnerships Forums, BSO Customer Surveys and the wider HSC Network are invaluable sources. BSO Board Assurance Framework the BSO Corporate Risk & Assurance Profile is reviewed annually and provides the Board with a simple but comprehensive method for the effective and focused management of the principal risks to meeting the BSO Strategic Objectives 4. The quarterly Corporate Risk report to the Board provides progress on action plans to close gaps in controls and/or assurance. Reports to SMT, Governance & Audit Committee and Board regular reports are made on corporate risks including principal risks outlined in the Corporate Risk and Assurance Report; quarterly progress reports on service risk register actions are presented to SMT and the Governance & Audit Committee. 4 An Assurance Framework: a Practical Guide for Boards of DHSSPS Arm s Length Bodies, March

20 Report to Directors regular reports are made on service risks, including principal risks outlined in Directorate/Service risk registers Reactive risk processes: The BSO also identifies potential risks from events that have already occurred. The main sources of this come from: Complaints the BSO has a complaints process in accordance with departmental policy that ensures that all concerns are responded to within the approved timescale. The BSO Complaints handling process is described in detail in the Complaints Policy. Adverse Incidents the BSO has a system for reporting adverse incidents and incidents are graded in accordance with departmental policy. All serious incidents will be subject to a full root cause analysis. The BSO Adverse Incident process is described in detail in the Adverse Incident Policy. Claims Management the BSO has a claims process whereby potential legal claims (such claims usually relate to employers/occupiers liability and Industrial Tribunal issues) are raised with the Chief Legal Advisor. The BSO Claims Management process is described in detail in the Claims Management Policy. 20

21 Zero Tolerance the BSO operates a Zero Tolerance approach and is committed to the creation of a culture and environment where employees may undertake their duties without fear or abuse of violence. Any instance of abuse or violence is reported using the Adverse Incident reporting process. The BSO Zero Tolerance approach is described in details in the Zero Tolerance Policy. Post Event Analysis when something happens within the BSO that impacts on services, potential risks are identified and appropriate management action put in place to reduce or eliminate the possibility of a similar occurrence. It is imperative that the lessons learned must be shared throughout the BSO. Monitoring of Employment Practices and Root Cause Analysis are examples of Post Event Analysis. 11 BSO Risk Register 11.1 The BSO s Risk Register is an integral part of the Assurance Process and is used as a mechanism for the Board, Governance & Audit Committee and SMT to assess the effectiveness of controls and assurances which have been identified to manage risks to the achievement of BSO objectives The Risk Register is operationally managed at two levels: 21

22 Corporate Risk Register which quantifies strategic risks and outlines controls / assurances and action plans approved by the Board to ensure the focused and effective management of these risks. It is comprised of risks that have been identified to the achievement of the BSO Strategic Objectives and other significant risks that have arisen. The Corporate Risk Register is operationally managed by SMT who review the risks on a monthly basis. A Corporate Risk & Assurance report is presented quarterly to the Board. Directorate / Service Area Risk Register, which quantifies all risks, sets out controls in place and determines the residual risk that remains. It is comprised of all the risks for each service within a Directorate and it is the direct responsibility of the various Directors to manage the risks in their respective areas. Action Plans will be developed for all risks classified as Extreme, High or Medium and progress monitored by Directors. Directorate / Service Area risk Register are operationally managed at local level and Asst Directors /Senior Managers will report quarterly at least quarterly to their Director In accordance with departmental guidance, all risks are scored using the Australian and New Zealand Standard AS/NZS 4360 Risk Management. There is an escalation process in place to allow risks, where relevant, to be escalated to/from Corporate / Directorate Risk Registers. 22

23 12 Risk Management Action Plan 12.1 The BSO will develop an annual Risk Management Action Plan, which will practically demonstrate how the BSO will implement its strategy on risk for the year in question. The BSO Risk Management Action Plan for is described in Appendix Risk Training and Support 13.1 Knowledge of risk management is essential to the successful embedding and maintenance of effective risk management. In general, training will be required as follows: high level awareness of risk management for the Board and senior staff; generic risk assessment training to ensure that existing and new staff are trained in risk identification, assessment and management; this can be delivered either by e-learning or risk awareness sessions; management of risk register for staff involved in risk management; raising general awareness across all staff group will continue to be undertaken through staff briefing and corporate and local induction programmes. The BSO will ensure that the delivery of training will take into account the diverse needs of staff. An initial assessment of training is described in Appendix 4. 23

24 14 Supporting and Related Policies & Procedures 14.1 This strategy is supported by a number of procedures covering specific areas of risk, and is related to a number of other BSO policies that have elements of risk management within them. Titles and scheme of delegation for approval are outlined in the following tables. Table 1 Supporting Documents Document Name (& Link) Approval Owner Risk Management - Procedure for the Management of Risk Registers Risk Management A Guide for Managers & Staff SMT & G&AC SMT & G&AC Dir of Finance/ Dir of CCP Dir of Finance/ Dir of CCP Table 2 Related Documents Document Name (& Link) Approval Owner Complaints Policy Board Dir of HRCS Adverse incident Policy SMTBoard Dir of HRCS Information Assurance Policy Board Dir of HRCS Zero Tolerance Policy Board Dir of HRCS Health & Safety Policy Board Dir of HRCS Fraud Policy and Response Plan Board Dir of Finance Claims Management Policy Board Chief Legal Advisor 24

25 Information Governance Policy Board Dir of HRCS Information Governance Assurance Board Dir of HRCS Framework Information Risk Management Policy Board Dir of HRCS 15 Monitoring and Assurance 15.1 The arrangements for monitoring are outlined in the table below. Additional monitoring may be undertaken where required. Output/ Outcome Measure Review of Assurance Framework Monitoring / Audit Method Frequency Responsibility Reported to Report Annually Governance & Risk Officer Board SMT Corporate Risk Register and report on Action Plans Corporate Risk Register and Report on Action Plans Directorate / Service Risk Register and Report on Action Plans Report Quarterly Governance & Risk Officer Report Monthly Governance & Risk Officer Report Quarterly Assistant Directors/ Senior Managers Board SMT Director Internal Audit of Risk Management Systems Audit Annual Internal Audit G&AC 25

26 Audit of Compliance with Risk Management Controls Assurance Standard Audit Annual Internal Audit G&AC Annual Risk Report Report Annual Governance & Risk Officer G&AC SMT Governance Statement Report Bi-annual Dir Finance Board G&AC 16 Equality Screening This strategy has been screened for equality implications as required by Section 75 of the Northern Ireland Act 1998 and for compliance with human rights and disability legislation. Documentation to evidence the screening has been produced and is publicly available. 17 Strategy Review This strategy is subject to regular revision as the risk management process becomes embedded and will be updated to reflect the changing HSC environment. 26

27 INPUT Board Appendix 1 BSO Risk Management Process OUTPUT Appendix 1 Governance & Audit Committee Monthly Report at SMT Monthly Report at Directorate meetings Monthly Report at Team meetings R I S K O W N E R S SMT Directors Assistant Directors Corporate Risk Register Annual Review Quarterly update of Corporate Risk Register Quarterly Monitoring of Risk Action Plans Controls Assurance Standards CAS Actions Plans / Directorate Risk Register Annual Plan Directorate Risks /Quarterly update of Risk Register Risk Action Plans /Quarterly Monitoring Controls Assurance Standards CAS Action Plans / Team and Individual Performance Review Operational Management of Individual Risks / Review of Controls Risk Documentation 27

28 Appendix 1 Notes At the core of the process are the Risk Owners, and the development of Risk Registers. At Corporate level, via SMT, the Chief Executive and Directors will be responsible for the management of Corporate Risks, which will be recorded in the Corporate Risk Register. Each risk will be classified as to its impact/ likelihood of occurrence, have a risk owner and a risk action plan which will outline the action being taken/ to be undertaken to mitigate the risk. Nominated Risk Owners will report to SMT on progress against risk action plans on a monthly basis. A review of all Corporate Risks will be undertaken on a quarterly basis. SMT has nominated Accountable Directors and lead officers for the applicable Controls Assurance Standards and will monitor progress against action plans. At Directorate level, via Directorate SMT, Directors and Assistant Directors or Heads of Service will be responsible for the management of risks at service level, which will be recorded in the Directorate Risk Register. Each risk will be classified as to its impact/ likelihood of occurrence, have a risk owner and a risk action plan which will outline the action being taken/ to be undertaken to mitigate the risk. Nominated Risk Owners will report to their Director progress against risk action plans on a monthly/quarterly basis. A review of all Directorate Risks will be undertaken on a quarterly basis. 28

29 Appendix 2 Business Services Organisation Controls Assurance Standards Board Chief Executive David Bingham Director of Operations Sam Waide Director of Finance (Acting) Andrea Henderson Director of Human Resources & Corporate Services Hugh McPoland Director of Customer Care & Performance Karen Bailey Fleet & Transport Purchasing & Supply Financial Management Risk Management (jointly) Human Resources Emergency Planning Fire Safety Health & Safety Management Buildings, land etc Environmental Management Waste Management Security Management Information Management Governance ICT Risk Management (jointly) 29 29

30 Risk Management Action Plan 2015/16 Appendix 3 No Description Action By Whom By When 1 Board level responsibility for risk c/f Dir CCP/ Q management, including business continuity, is clearly defined and there are clear lines of individual accountability Revise the BSO Anti-Bribery Policy. Review and update the following policies: G&R Officer Dir CCP/ Q for managing risk throughout the Risk Management Strategy G&R Officer organisation, leading to the Board. BSO Risk Management Guide BSO Management of Risk Registers BSO Approach to Risk and Assurance Organise a Board Workshop to review the Corporate Risk Register. Dir CCP/ G&R Officer End March A committee structure is in place, which supports the risk management accountability arrangements within the organisation and ensures that all significant risks are properly considered and communicated to the Board. Review the Terms of Reference of the Governance & Audit Committee to include delegation of responsibility for risk management from the Board. This will be carried out as part of the review of the BSO SOs/SFIs. Dir CCP/ G&R Officer October Adverse Incidents An agreed process for reporting, managing, analysing and learning from adverse incidents is in place, in accordance with HSC guidance. 4 A risk management process, based on the requirements of AS/NZS 4360:1999 and covering all risks, is embedded throughout the organisation at all levels, including the board, with key indicators being used to demonstrate performance. The whole system of risk management is Ratification of Adverse Incidents policy by Business Committee on behalf of BSO Board. Organise a Board Workshop to review the Corporate Scorecard. DoHRCS / ASM June 2015 Dir CCP/ G&R Officer End March

31 continuously monitored and reviewed by management and the board in order to learn and make improvements to the system. 5 A business continuity management plan, aligned to the British Standard (BS 25999), is in place as part of the organisation s corporate governance arrangements. These plans can be activated in response to an emergency in order to maintain the organisation s essential services, to a pre-defined level, throughout the business disruption. Ensure that Desktop Exercises are completed for the following areas: Legal PaLS ITS Corporate BCP needs to be approved by BSO Board. DoHRCS March 2016 DoHRCS c/f Consideration to be given to develop BCM Awareness Sessions or Training for relevant staff with DHSSPS Business Continuity Forum as a regional initiative. DoHRCS/ ASM March All employees, including members of the board, clinical and social care professionals, managers, bank, locum and agency staff, together with, where relevant, contractors and volunteers are provided with appropriate risk management training and business continuity training. Organise a risk management training session for senior managers and those responsible for maintaining BSO risk registers. G&R Officer December

32 BSO Training Requirements for Risk Management Appendix 4 Participants Training Need Frequency Format Board Directors NED s ED s Dirs BSO Asst Directors/ Senior Managers Risk Awareness Training to include: Identification of Risk, Risk assessment, proactive & reactive risk processes Corporate Risk Register Board Assurance Framework Risk Action Plans and Risk Reporting Process Risk Awareness Training to include: Identification of Risk, Risk assessment, proactive & reactive risk processes Risk Action Plans and Risk Reporting Process One off for all participants, revised policies to be circulated; New appointees to receive training Workshops Sessions E Learning Module Staff involved in risk management Identification of Risk, Risk assessment BSO procedures for the management of risk registers Risk Action Plans 32

33 Participants Training Need Frequency Format Directorate / Service Area Staff Risk Awareness Training review of Directorate Risk Register Workshops E Learning Module New Staff Risk Awareness Training and an understanding of the role of risk management in organisational improvement Part of Corporate Induction Briefing Paper included in Induction Pack / Power point presentation at Corporate Induction. E Learning Module 33