Board Assurance in the NHS. Rich Hewes KPMG 13 November 2015

Size: px

Start display at page:

Download "Board Assurance in the NHS. Rich Hewes KPMG 13 November 2015"

Randell Thornton
5 years ago
Views:

1 Board Assurance in the NHS Rich Hewes KPMG 13 November 2015

2 Contents Introduction Discussion session one Current practice Alternatives Interim survey results Discussion session two Next steps 1

3 Introduction The context increasing complexity and financial challenge Our aims and objectives What are the current approaches to Board assurance? What is the current best practice and areas of weakness? What can the NHS learn from other sectors and international practice? 2

Does your Board get sufficient assurance that strategic risks are

4 Discussion session one a show of hands Do you have concerns about how well your organisation is managing its strategic risks? Does your Board get sufficient assurance that strategic risks are being managed? Are any gaps in assurance clear, well known and reported? 3

5 Discussion session one table discussion How is your Board assured that the organisation is managing its strategic risks? What tools do your Board use to do this? What are the barriers to doing this effectively? Would a regulator be able to see this happening effectively? 4

6 Current practice Board Assurance Framework (BAF) Enhanced and Augmented Performance Reporting Other models 5

7 Current Practice Weak Assurance Mapping 6

8 Current Practice Average Assurance Mapping Below is an example of an average assurance framework used by an NHS organisation. Delivering the highest quality, safest and best experience for patients and their families by providing reliable care by: Achieving a cumulative average patient derived friends and family test net promoter score of 92 or more by March 2015 Achieving a cumulative average family derived friends and family test net promoter score of 85 or more by March 2015 Reducing avoidable harm by 10% by March 2015 Principal risks preventing the Trust achieving strategic goals Key Controls Internal Board Assurance External Gaps in Control/Assurance Board Evaluation (impact x likelihood) 1 Inability to declare full compliance against Monitor s corporate governance statements as a result of gaps or weaknesses in the Trust s governance arrangements. This could lead to the Trust being subject to enforcement action by Monitor. Constitution Organisational Structure Board Committee Risk Management Strategy Corporate governance statements evidence pack Annual Governance Statement Self certification report Internal Audit Governance Review Internal Audit BAF Review External audit opinion Independent review of governance arrangements Risk management strategy review Data quality strategy Terms of reference review Board skills audit Succession planning Evidence gaps GREEN 2 x 1 =2 Standard tabular format Broad coverage of common risk areas Limited detail on key controls Limited level of detail on sources of assurance No consideration of a target risk score 7

9 Current Practice Strong Assurance Mapping Below is an example of a strong assurance framework used by an NHS organisation. Strategic Objective: AIM 1: Best quality within available resources (incorporating safety, effectiveness and patient experience) AIM 2: System sustainability through service integration and community provision RISK: There is a risk that CCG elements of the system transformation plans are not delivered. Committee: Governing Body Risk Owner: Chief Officer Date last reviewed: 22/08/2014 Current Risk Rating: 3 x 5 = RED Residual Risk = 3 x 3 (November 2014) Rationale for current score: Impact of not delivering the system transformation is an unsustainable health economy; Medium-high risk appetite for transformation, as system change to confer long-term population benefits inevitably carries risk; Mitigating actions and controls maintain transformation risks below risk appetite levels at which corrective action would need to be taken. Controls/Influences: (What are we currently doing about the risk?) Commissioning committee approved as a formal sub-committee by both CCGs with remit to monitor detailed deliver plans; Managed process to determine most capable provider solution has been developed; Programme Board established to ensure delivery of the programme through stakeholder engagement. Gaps in controls/influences: Milestone review underway currently; Detailed milestone plans to be shared with wider health community and linked to operational/tactical responses to system pressures. Clear linking of strategic objectives to risks Clear format; not necessarily tabular Long term trend of risk outlined; graphical output aids clarity Appropriate level of detail Rationale for inclusion and current score 8

Analysis of current practice Presentation Our analysis of assurance frameworks used in the NHS has identified the following common presentational features: Tabular format, although a handful of

10 Analysis of current practice Presentation Our analysis of assurance frameworks used in the NHS has identified the following common presentational features: Tabular format, although a handful of frameworks present a strategic objective per page for clarity (example on previous slide); Current risk scores calculated using likelihood x consequence/impact; Inherent and target risk scores; RAG rating utilised to illustrate level of risk; Link between strategic objectives and key risks; Controls and assurance over those controls; and Required actions going forward and responsible individuals. Common categories shown in both tabular and free-form formats are outlined below: 9

11 Analysis of current practice Content Our analysis of assurance frameworks used in the NHS identified the following common risk areas: Finance in particular QIPP and budget pressures; Capacity and the use of resources; Recruitment and retention; Quality and safety of services and care to patients; Public, patient and member engagement; Collaboration with external organisations; Transformation of services; Health inequalities; Better care fund implementation; Meeting performance targets; Sustainability; Statutory governance duties. Our review also identified some key risks which were included on very few BAFs: Brand management, marketing and communications; Physical infrastructure; Maintaining/developing key clinical specialities; Commercial business development; Research capabilities; Fundraising; Data security. 10

12 Alternatives The Corporate World.there generally isn t anything directly comparable BUT there are elements which can be learned from:? financial services (regulatory content and responses)? aerospace and defence (long contracts, needing to understand WIP)? military (risk management processes). 11

13 Alternatives The International Perspective Canada: Similar to UK but tighter to clinical strategy / money USA: Sox style confirmations / scorecards Australia: Similar to UK for governance and risk South Africa: ISO style provider accreditation 12

14 Interim survey results Introduction Results and key themes so far 13

15 Interim survey results Context Questions covered: assurance within organisations the quality of information sources of assurance the board assurance framework Responses are predominately from providers - 24% NHS trusts, 40% NHS FTs, 33% CCGs, 3% other. Covering executives and non-executives - 22% board secretary, 19% audit committee chair, 18% CEO, 13% head of governance, 10% other NED, 4% chair, 14% other. 14

16 Assurance in your organisation How confident are you that... you receive sufficient assurance about your organisation's performance on its key objectives?... you receive sufficient assurance about your organisation's performance on key strategic risks? 60% 50% 45% 40% 35% 30% 25% 20% 15% 10% 50% 40% 30% 20% 10% 5% 0% Very confident Somewhat confident Neither confident or unconfident Somewhat unconfident Very unconfident 0% Very confident Somewhat confident Neither confident or unconfident Somewhat unconfident Very unconfident 15

17 Assurance in your organisation How confident are you that... all of the risks to meeting your strategic objectives have been identified? 70%... there are controls and mitigating actions in place to address the risks identified? 70% 60% 60% 50% 50% 40% 40% 30% 30% 20% 20% 10% 10% 0% Very confident Somewhat confident Neither confident or unconfident Somewhat unconfident Very unconfident 0% Very confident Somewhat confident Neither confident or unconfident Somewhat unconfident Very unconfident 16

18 Information to be able to provide challenge about controls and mitigating actions in place to address risks to strategic objectives 70% 60% 50% 40% 30% 20% 10% 0% Yes To some degree No Yes To some degree No Yes To some degree No Do you receive suffcient information? Do you receive information in a timely manner? Are you happy wih the way the information is presented? 17

19 Which types of information received could be improved to allow better understanding and challenge % 30 Yes To some degree No Performance outcomes Financial position Risk Management/Register Board Assurance Framework Strategic update reports 18

20 Performance reporting Board Assurance Framework Risk management info Strategic update reports Finance reporting Patient stories Reports from regulators Workforce reporting Verbal updates at Cttees Incident reporting Clincial audit Internal audit External audit The single most important source of information and assurance when considering risks to strategic objectives 40% 35% 30% 25% 20% 15% 10% 5% 0% 19

21 The Board Assurance Framework (BAF) All organisations in the sample have a BAF It is considered at the full board at 97% of organisations and at the audit committee at 76% of organisations 49% of organisations consider the BAF quarterly; 4% consider it annually! 55% of respondents said that the quality of discussions about the BAF were good or excellent 34% of respondents do not use the BAF as a strategic management tool outside of formal meetings 20

22 Do you think the Board Assurance Framework % Yes To some degree No 10 0 lists all of the key threats to your organisation achieving your SOs? effectively identifies the controls and systems relevant to the delivery of your SOs? identifies gaps in the controls and systems relevant to the delivery of your SOs? effectively identifies all the sources of assurance you have on activities to mitigate the risks to your SOs? picks up all the key operational processes at your organisation? 21

23 Do you think the Board Assurance Framework Do you think the BAF is a tick box exercise? 60 If you were given the option what would you do with your organisation's BAF? % 30 % Yes To some degree No 0 Scrap it Revise it No change Not if you do it properly Only the board secretary is interested and she doesn t understand it We adhere to the guidance Make it more user friendly, a live document, more forward-looking further integration of clinical and non-clinical risks 22

24 Discussion session two a show of hands Are you surprised by these survey results? Do you think the BAF is a tick box exercise? 23

25 Discussion session two a table discussion Do you think the current common approaches seen across the NHS are working? What is the alternative? What is the one thing you would change? 24

26 Next steps 25

27 2015 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International.