RISK MANAGEMENT STRATEGY

Transcription

1 RISK MANAGEMENT STRATEGY Version 2.0 Page 1 of 9 OCTOBER 2013

2 POLICY DOCUMENT VERSION CONTROL CERTIFICATE TITLE Title: Risk Management Strategy Version: 2.0 SUPERSEDES Supersedes: Risk Management Strategy (CCG) 1.0 Description of Amendments: N/a ORIGINATOR Originator/Author: Mike Taylor Designation: Head of Governance, Planning & Risk Lead Director: Associate Director of Corporate Services & Organisational Development EXECUTIVE APPROVAL Ratified by: Trafford CCG Governing Body Date Ratified: 29 th October 2013 HISTORY ADVISE ON SUB COMMITTEES/GROUPS: Approved by: Audit Committee Date Approved: 15 th October 2013 EQUALITY ANALYSIS Date Completed: 20/11/2013 Link to website: TBC CIRCULATION Issue Date: November 2013 Circulated by: Head of Governance, Planning & Risk Issued To: (as per Circulation List) REVIEW Review Date: October 2015 Responsibility of: Head of Governance, Planning and Risk Version 2.0 Page 2 of 9 OCTOBER 2013

3 CIRCULATION LIST Prior to Approval, this Policy Document was circulated to the following for consultation: Associate Director of Corporate Services & Organisational Development Senior Management Team Following Approval this Policy Document will be circulated to: Trafford CCG (All staff) Version 2.0 Page 3 of 9 OCTOBER 2013

4 CONTENTS Section Page 1 Strategy Statement 5 2 Introduction 5 3 Purpose 5 4 Strategic Intent 5 5 Group Mission, Priorities and Strategic Objectives 6 6 Integrated Risk Management 7 7 Committee Structure 7 8 Assurance Framework 8 9 Monitoring 9 10 References 9 Version 2.0 Page 4 of 9 OCTOBER 2013

5 RISK MANAGEMENT STRATEGY 1.0 STRATEGY STATEMENT NHS Trafford CCG is committed to a strategy that minimises risks to all its stakeholders through a comprehensive system of internal controls whilst providing maximum potential for flexibility, innovation and best practice in delivery of its strategic objectives. 2.0 INTRODUCTION The aim of the risk management process is to provide a systematic and consistent integrated framework through which the Group s strategic objectives are pursued. This involves the identification of risks; threats and opportunities, to achieving these objectives and taking steps to mitigate these risks. Risk management is the responsibility of all staff at the Group, with risk being embedded into operational activity and strategy at all levels of the Group. Risk management underpins the Group s objectives and enables the Group to prioritise its risks so as to direct resources for managing risks effectively. As part of this the Group undertakes to ensure that adequate provision of resources, including financial, personnel and information technology is, as far as is reasonably practicable, made available. 3.0 PURPOSE The purpose of this strategy is to provide a long term plan of action in terms of risk management to achieve the Group s mission, priorities and objectives. This is a high level mission of the expectations of risk management for all stakeholders in the Group and is documented with the intention that risk is the responsibility of all staff in NHS Trafford CCG. This strategy should be read in conjunction with the Risk Management Policy. 4.0 STRATEGIC INTENT The governing body recognises that risk management is an integral part of good management practice, and to be most effective should become part of the organisation s culture. Risk management in the delivery of its strategy should be used as a tool to assist in delivery of the Group s 5 year strategic and annual plans. The governing body is committed, through the Assurance Framework and Committee structure, to ensuring that risk management forms a key element Version 2.0 Page 5 of 9 OCTOBER 2013

6 of its philosophy, practices and business plans, with responsibility for implementation accepted at all levels of the Group. The high level objectives of the risk management strategy are; - To assist in the embedding of an integrated risk management framework in all activities of the Group across Governance, Assessment, Quantification, Monitoring and Reporting and Risk and Control Optimisation - To provide an integrated framework for the identification and management of all types of risk, including but not restricted to clinical, quality, safety, financial (including Quality, Innovation, Productivity and Prevention (QIPP)), patient experience, performance, vulnerable adults and children s safeguarding and reputation - To provide a foundation for the promission of assurance to the Group of its identified risks in the context of its strategic objectives - To provide a basis for the integration of risk, complaints, incidents, claims and litigation data for integrated reporting The strategy will be reviewed and updated annually. 5.0 GROUP MISSION, AIMS AND OBJECTIVES Risk Management in the Group is designed to support the achievement of the Group s mission as follows; The mission of NHS Trafford Clinical Commissioning Group is to ensure that the health services we manage for the people of Trafford are provided at the right place and at the right time, and that services are safe, of a high quality and are value for money. The principles of risk management in the Group are to be delivered in line with the aims of the Group, to; Improve the population s health Improve the care provided, and the health care experience to individuals; and Lower per capita costs of providing the above The Group s strategic objectives are as follows; Constantly achieving local and national quality standards Delivering an increasing proportion of services from primary care and community services in an integrated way Reduce the gap in health outcomes between the most and least deprived communities in Trafford To be a financial sustainable economy The identification and analysis of risks across the organisation will be made in the context of these objectives overall. Risk identification across the different operational levels in the organisation will be measured against specific objectives set at each level. Version 2.0 Page 6 of 9 OCTOBER 2013

7 6.0 INTEGRATED RISK MANAGEMENT Integrated risk management is a process through which the Group will identify, assess, analyse and manage all risks and incidents for every level of the organisation, and aggregate the results at a corporate level. In practice this means: Integrating all risk management functions such as, complaints and compliance including incidents and other risks. Integrating risk management functions with service development and clinical governance activity to unify frameworks and improve outcomes for patients. Integrating all sources of information, both reactive (e.g. incidents) and proactive (e.g. risk assessments). Integrating systems of risk assessment to improve clarity and communication. Implementing a consistent approach to training, management analysis and investigation. Incorporating all risks into the processes for risk register development. Integrating processes and decisions about risk into future operational and strategic plans. The risk management process will be used to; To improve the ability of the Group to meet its strategic aims/objectives, priorities and mission To provide information to the governing body through the Committee structure so that it can make informed decisions To manage the treatment of risk in a systematic way so that the organisation can determine acceptability of residual risks To initiate and monitor actions to prevent or reduce the consequences of risk to within the defined risk appetite of the Group To provide a comprehensive approach to improving patient and staff safety 7.0 COMMITTEE STRUCTURE The management of risk forms part of the Group s overall approach to governance; Governing Body The governing body has the responsibility for ensuring the implementation of the risk management strategy and for the confirming and challenging of the Group s Assurance Framework. Governing Body Committee s Risk will be reported to the appropriate governing body committee s in providing oversight of the significant risks identified and managed in the organisation (i.e. clinical, quality, safety, financial, patient experience, performance, reputation, safeguarding and that included under Quality, Innovation, Productivity and Prevention (QIPP)). Version 2.0 Page 7 of 9 OCTOBER 2013

8 Senior Management Team This is a formal meeting providing an ongoing focus on strategy, performance, finance and risk management with collective planning for the governing body agenda. Audit Committee This is a formal subcommittee of the governing body responsible for reviewing and for oversight of the system of internal control across the Group in providing an independent and objective assurance view to the governing body. External Committees/Joint Committees Risk information will be shared where appropriate with external bodies such as the Local Safeguarding Children s Board and the Safeguarding Adults Board. 8.0 ASSURANCE FRAMEWORK The Group will operate an integrated governance and risk management assurance structure. Board Assurance Framework (BAF) The BAF provides evidence that the Group has systematically identified its objectives both strategically and operationally, and manages its risks to achieving them. The framework systematically provides a vehicle for the identification of assurances and controls to risks and their effectiveness. This is as part of a sound system of Board reporting and supports the Group s Annual Governance Statement. Corporate Risk Register The corporate risk register is a vehicle for high risks to be captured and reported in the context of operational objectives. Risks are captured in the context of causes and consequences with actions mitigating the causes in managing any impact. These are based on documented risk assessments and may be linked to incidents, audits, external assessments or other qualitative information. Each risk added to the Register is supported by a risk treatment or action plan and progress on identified actions is monitored at Directorate/Programme Office workstream level, reported to the appropriate Committee of the governing body. Directorate/Programme Office Workstream Risk Registers Directorate risk registers are used for the capturing of risks within the context of directorate/operational objectives at low and moderate levels. Risks are captured in the context of causes and consequences with actions mitigating the causes in managing any impact with appropriate action plans. Risks are monitored at Directorate team meetings. Version 2.0 Page 8 of 9 OCTOBER 2013

9 Risks are escalated where warranted up the corporate governance committee structure depending on changing risk ratings in order to support a robust risk reporting structure. Specific NHS initiatives such as the Francis and Winterbourne reviews are incorporated into the risk management framework with assurance of delivery provided across the committee structure. 9.0 MONITORING The Risk Management Strategy will be monitored through the implementation of the monitoring actions outlined in the Group s Risk Management Policy REFERENCES Department of Health Building the Assurance Framework: A Practical Guide for NHS Boards Risk Management Policy - Trafford CCG Version 2.0 Page 9 of 9 OCTOBER 2013