RISK MANAGEMENT POLICY
|
|
- Suzan Shelton
- 6 years ago
- Views:
Transcription
1 RISK MANAGEMENT POLICY Clinical Governance & Risk Management Department Warning Document uncontrolled when printed Policy Reference: RM 2.0 Date of Issue: TBC Prepared by: Risk Management Short Life Date of Review: TBC Working Group Lead Reviewer: Director of Finance Version: 1.0 Authorised by: Executive Board Team Date: TBC Distribution Executive Directors Directors of Operations General Managers Clinical Directors Lead Nurses/Lead Midwives Lead AHPs Assistant General Managers Nurse Managers Head of Health & Safety Head of Facilities Management Head of ehealth Head of Learning and Development Method Intranet x Paper x
2 Risk Management Policy 1. Introduction This Risk Management Policy describes the risk management arrangements at NHS Highland, and forms part of the wider framework for corporate governance and internal control. NHS Highland recognises that healthcare provision and the activities associated with caring for patients, employing staff, providing facilities and managing finances are all, by their nature, activities that involve risk. These risks are present on a day-to-day basis throughout the organisation. They cannot be avoided but they can be managed to an acceptable level. 2. Managing uncertainty at NHS Highland NHS Highland faces internal and external factors and influences that make it uncertain whether and when we will achieve our objectives. The effect this uncertainty has on our objectives is risk 1. Risk management is therefore a means of identifying, evaluating and controlling the uncertainties that could affect (either positively or negatively) the achievement of corporate objectives. It is crucial for the successful implementation of the NHS Highland Quality Approach and delivery of our corporate plans. All activities at NHS Highland involve risk. It is important that we proactively manage risk to an acceptable level by embedding processes focussed on assessment and prevention, rather than reaction and remedy. Following a comprehensive, effective risk management approach throughout the organisation will help us achieve strategic and operational objectives, improve service delivery, increase efficiency, support and inform decision making, help provide a safe and secure environment and encourage a culture of quality improvement. This policy applies to all employees of NHS Highland and will require active input from Directors and Managers at all levels to ensure that risk management is a fundamental part of our total approach to quality, corporate and clinical governance. 3. Risk management approach The organisational approach to the management of risk reflects British Standard (BS ISO 31000:2009) Risk management principles and guidelines. When implemented and maintained in accordance with this approach, the management of risk enables an organisation to: increase the likelihood of achieving objectives encourage proactive management be aware of the need to identify and treat risk throughout the organisation improve the identification of opportunities and threats comply with relevant legal and regulatory requirements 1 BS ISO31000:2009
3 improve mandatory and voluntary reporting improve governance improve stakeholder confidence and trust establish a reliable basis for decision making and planning improve controls effectively allocate and use resources for risk treatment improve operational effectiveness and efficiency enhance health and safety performance, as well as environmental protection improve loss prevention and incident management minimise losses improve organisational learning, and improve organisational resilience. The approach demonstrates the relationship between the principles for managing risk, the framework in which it occurs and the risk management process, as set out in Diagram 1 below. Diagram 1: organisational approach to the management of risk a) Creates value b) Integral part of organisational process c) Part of decision making d) Explicitly addresses uncertainty e) Systematic, structured and timely f) Based on the best available information g) Tailored h) Takes human and cultural factors into account i) Transparent and inclusive j) Dynamic, iterative and responsive to change k) Facilitates continual improvement and enhancement of the organisation Continual improvement of the framewor k Mandate and commitment Design of framework for managing risk Monitoring and review of the framework Implementing risk management Principles Framework Process
4 3.1 Principles The principles provide a set of values by which NHS Highland will base its understanding of why and how risk will be managed. 3.2 Framework The framework provides the foundation and arrangements to embed risk throughout the organisation at all levels. The framework ensures that information about risk is taken from the risk management process and is adequately reported and used as a basis for decision making and accountability at all levels. The NHS Highland framework is defined as follows: Understanding the organisation and its context The Board approves Quality Objectives, set within the overall context of the Highland Quality Approach. These, together with the annual Local Delivery Plan set out our strategic and operational objectives and plans. The purpose of risk management is to identify the risks to the achievement of these objectives and plans Accountability and governance Risk is everyone s responsibility. Accountability for risk management is held at all levels of the organisation. NHS Highland Board The Board is responsible for ensuring that there is a clear and appropriate management structure for ensuring that NHS Highland has effective systems which enable risk to be identified and decisions to be taken at an appropriate level. The Board is required to ensure that it conducts a review of its systems of internal control, including in particular its arrangements for risk management, at least annually. The Board is supported in discharging this responsibility through its governance committees. Governance Committees The NHS Highland Board has delegated aspects of risk governance to the Governance Committees. Each committee has a responsibility for providing assurance to the Board in respect of the risks that fall within its specific remit. In some cases the Board itself is the assurance source. This requires each Governance Committee to use the Strategic Risk Register to consider risks that may require further scrutiny (for example, risks evaluated as very high) and seek assurance from individual risk owners regarding the management of these risks, including the adequacy of existing control measures and progress against any actions required for improvement. The Clinical Governance Committee provides assurance to the Board that all key risks in clinical care and patient safety are identified and managed effectively.
5 The Staff Governance Committee provides assurance to the Board that all key risks in occupational safety, health and environment are identified and managed effectively. The Highland Health and Social Care Governance Committee provides assurance to the Board on key risks relating to planning, development and provision of health and social care services in North Highland. Argyll & Bute CHP Committee provides assurance to the Board on the key risks relating to planning, development and provision of health care services in Argyll and Bute. The Audit Committee, through internal audit, external audit and other assurance sources will provide independent objective assurance to the Board on the extent to which the risk management arrangements are in place and are effective Integration into organisational processes Risk management should not be a stand-alone function, but should be integrated into day to day management processes. Each Directorate/ Operational Area (as listed in Appendix 3) will establish a risk register in line with this policy. Each Directorate/ Operational Area will also identify key staff who will assume responsibility for risk within their area, and ensure that roles and responsibilities are clearly understood and adhered to. NHS Highland expects staff to identify and report risk in line with this policy, as appropriate. Line Managers are responsible for ensuring that staff are enabled to identify learning needs and supported to participate in appropriate risk management related activities. The Strategic Risk Register will be reported to the Board annually, demonstrating the changes in the risk profile of NHS Highland External communications and reporting The annual governance statement included within the Annual Accounts summarises the organisational approach to risk management Monitoring, review and continuous improvement The Audit Committee is responsible for reviewing the effectiveness of the risk management approach, which will involve periodic reviews of the strategic risk register and operational risk registers. The Audit Committee may commission internal audit to review the risk management approach to provide assurance to the Board that the risk management system in place is robust and is effective in implementing this policy. 3.3 Process The risk management process is an integral part of how we manage risk, how we embed risk management in our culture and practices and integrate it with our business processes.
6 The remainder of this document describes the process for risk management at NHS Highland. 4. How do we record risk? Maintaining accurate and up to date risk registers is critical to effective risk management. NHS Highland will maintain the following risk registers: Strategic risk register. This covers the most significant risks that impact on the delivery of strategic objectives. Operational risk registers. These cover risks that impact on delivery of the Local Delivery Plan and operational plans. Operational risk registers will be established for each operational unit and directorate, as set out in Appendix 3. Project risk registers. These cover risks that impact on the successful delivery of specific projects. This approach aligns to the approved Performance Management Framework which incorporates risk management. Currently, risk registers are maintained on spreadsheets. However, the Executive Team and the Audit Committee will regularly review the effectiveness of the risk management process to determine whether further investment in automated risk management systems is necessary. 5.0 How do we assess risk? 5.1 How to identify a risk Risk identification can take place at any time by any member of staff and is everyone s responsibility. Identifying risks is the first step in building the overall view of risk (risk profile) across the whole of the organisation. Risks can be identified from a number of sources, including: planning and performance management processes review of significant changes in service internal and external audit changes to guidance / guidelines, laws or regulations horizon scanning incident reporting complaints management health and safety reviews business cases and project plans training needs analysis recruitment / retention / absenteeism data Risk description
7 * Defining a risk should include a description of what the risk is, the possible cause and the impact on objectives. This will allow the risk to be more easily understood and more effectively managed. A useful model for helping to define a risk is: there is a risk of 'x' because of 'y' resulting in 'z' where: x is the risk event y is the cause of the risk (maybe a current issue) z is the impact on objectives. 5.2 How to analyse a risk Risk categories ** The first stage in analysing a risk is deciding what type of risk it is. We have identified five risk categories that are aligned to our Quality Objectives as shown in the table below. Categorising risks in this way will help the Board describe its risk appetite for each risk category. Table 1: Risk categories Risk category Strategic/ Reputational Clinical People Innovation and Transformation Finance and Sustainability Quality Objectives 1. Implementing our vision and strategy 2. Improving population health and reducing inequalities 10. Delivering our targets 3. Creating a caring, person-centred experience 4. Providing safe and effective care 7. Engaging our people 5. Transforming our services 6. Designing integrated care 8. Promoting creativity, innovation and research 9. Ensuring value and sustainability Current mitigation NHS Highland will mitigate either the likelihood or impact of risk, should it occur, by implementing a range of strategies, policies, projects and internal control processes. It is impossible to fully mitigate against all risks. Therefore, before we can consider whether further
8 action is required to address a particular risk, we must first assess what mitigation is already in place. The risk register template at appendix 1 requires the current mitigation for each risk to be defined. This need only be at a high level, but should provide enough information to inform the reader of the key mitigations that are currently in place Risk scoring Risks can be scored at different stages of the risk management process. For simplicity, NHS Highland will focus on Current Risk Exposure, i.e. the net or residual level of risk that the organisation currently faces, based on the extent to which we are currently controlling and managing each risk How to assess likelihood The likelihood of an event occurring should be assessed using the table below (1 to 5). When assessing likelihood you should take account of the controls that are already in place to mitigate likelihood of a risk occurring, e.g. strategies, policies, procedures. Table 2: Likelihood definitions Score Description Chance of occurrence 1 Rare Very little evidence to assume this event would happen will only happen in exceptional circumstances 2 Unlikely Not expected to happen, but definite potential exists unlikely to occur. 3 Possible May occur occasionally, has happened before on occasions reasonable chance of occurring 4 Likely Strong possibility that this could occur likely to occur 5 Almost certain This is expected to occur frequently / in most circumstances How to assess net impact The impact on the organisation of an event happening should be assessed using the table below (1 to 5). When assessing net impact you should take account of the controls that are already in place to mitigate impact, e.g. contingency plans. Table 3: Impact descriptions Score Description 1 Negligible 2 Minor 3 Moderate
9 4 Major 5 Extreme Further definitions for each of the risk descriptions are outlined in Appendix 2. The Current Risk Exposure is then calculated by multiplying together the likelihood and impact scores. The current risk score therefore represents the organisation s current risk exposure taking into account existing controls. 5.3 How to evaluate a risk The purpose of risk evaluation is to assist in making decisions about which risks need further treatment and the priority for treatment. This involves comparing our current risk score with our risk appetite Risk appetite Risk appetite is the amount of risk that the Board is prepared to accept, tolerate or be exposed to at any point in time. The Board may have different appetites for different categories of risk. Periodically (at least annually), the Board will consider its risk appetite for each of the categories of risk set out in Table 1, above. This will reflect the levels and types of risk that the Board is prepared for management to take in delivering each of our Quality Objectives. Below are the classifications that we use to help describe the Board s risk appetite for each risk category. Table 4: Risk appetite (classification) Classification Hungry Open Cautious Minimalist Averse Definition Eager to be innovative and to choose options offering potentially bigger rewards despite greater inherent risk. Willing to consider all options and chose the one that is most likely to result in success, while also providing an acceptable level of reward. Preference for safe delivery options that have a low degree of inherent risk and may only have limited potential for reward. Preference for ultra-safe business delivery options that have a low degree of inherent risk and only have a potential for limited reward. Avoidance of risk and uncertainty is a key organisational objective
10 5.4 How to treat a risk The treatment of an identified risk will be based upon what resources the organisation has at its disposal to effectively manage the risk. Some common examples of how we may treat risk are provided below: avoid the risk by deciding not to start or continue with the activity that gives rise to the risk remove the risk source change the likelihood of the risk occurring change the consequences by developing a contingency plan share the risk with another party retain the risk by informed decision. When a further risk treatment has been agreed, the corrective action should be recorded (refer to 7.4.1) Action required The action required section of the risk register is where the further actions to be taken/adopted to manage/treat the risk within the agreed risk appetite are recorded. The narrative within this section should include eg: the actions to be taken the timescale for implementation and any resource/budget requirements. This section should be regularly updated to provide details of progress against the planned actions. This section should clearly state which actions have been taken to arrive at the current assessment and which actions are still to be implemented. 6 Risk monitoring and review The management of risk should be continuously reviewed to monitor whether or not the organisational risk profile is changing, to gain assurance that risk management is effective and to identify when further action is necessary to deliver assurance on the effectiveness of control. In practice, this will involve the risk registers being discussed at Executive Team, Senior Management Team, Operational Unit Management Teams and Corporate Department meetings etc to ensure that: planned, corrective actions/mitigation are implemented timeously current level of risk is reviewed on a continuous basis identification of any new or emerging risks current risk scores are reduced and/or maintained in line with agreed appetite and tolerances.
11 The role of the Executive Team is crucial. As well as periodically considering the strategic risk register and its content, it will also seek regular assurances from the Senior Management Team, Operational Unit Management Teams and Corporate Department meetings that operational risk registers have been reviewed and are up to date. 6.1 Evaluating progress The monitoring and review of risk will include an evaluation of the progress made in implementing the agreed actions to address gaps in control, or to take advantage of opportunities that have been identified. 6.2 Escalating risk Risks should be managed at the lowest competent level, so long as this is appropriate. Each risk owner, be they within a project team, directorate or operational area, is responsible for the prompt identification of risks that should be escalated to the Leadership Group or the Audit Committee/ Board for consideration. Examples of scenarios where risks should be considered for escalation include, but are not limited to: Risks that may have a wider strategic impact, i.e. it is beyond the scope of the area in which it was originally identified; Risks which can no longer be managed effectively within the resources and authority of the risk owner; or Risks which have a significant risk score that may breach the appetite or tolerance for the particular type of risk, as defined by the Board. The Leadership Group will be responsible for assessing the strategic impact of the risk and determining whether it should be included in the strategic risk register, and therefore reported to the Audit Committee/ Board. 6.3 Reporting progress A report will be provided to the Audit Committee to update on overall progress in managing risk. The report will include, but not be limited to, the following: Updates on key/significant risks and risk exposures A narrative explaining any key movements and trends Details of any new or emerging risks for consideration Reporting on the progress of agreed actions on an exceptions basis An assessment of any risks that should be formally highlighted to the Board and/or a specific governance committee(s).
12 1. This policy is based on British Standards (BS ISO 31000:2009) risk management principles and guidelines. This has been used as a guideline on which NHS Highland has designed and implemented its risk management policy which is specific to our organisation. Permission to reproduce the extracts from British Standards referred to in this document has been granted by BSI Standards Limited (BSI). No other use of this material is permitted. British Standards can be obtained in PDF or hard copy formats from the BSI online shop: or by contacting BSI Customer Services for hard copies only: Tel: +44 (0) , cservices@bsigroup.com
13 Appendix 1 risk register template Risk Register Template Risk Register Risk Register Owner Date of Review Risk Ref & Date Added Risk Owner Executive Lead or appropriate senior manager Risk description There is a risk of x, because of y, resulting in z Risk Category Current Mitigation These are the control systems and processes that are already in place to address this risk. Current Risk Score Likelihood x Impact = Risk Rating Further Action Required Target risk score Likelihood x Impact = Risk Rating Also state: Action Owner and expected L I RR implementation date. L I RR Assurance - Responsible Committee Last review date Movement since last review Acceptable Risk
14 Appendix 2 - Impact definitions Descriptor Negligible (1) Minor (2) Moderate (3) Major (4) Extreme (5) Reputation/ Rumours, no media credibility coverage. Operational (examples) Little effect on staff morale. Barely noticeable reduction in scope, quality or schedule. Interruption in a service which does not impact on day to day business activities. Short term low staffing level temporarily reduces quality (< 1 day). Short term low staffing level (>1 day), where there is no disruption to business services. Small number of recommendations which focus on minor quality improvement issues. Local media coverage short term. Some public embarrassment. Minor effect on staff morale/public attitudes. Minor reduction in scope, quality or schedule. Short term disruption with minor impact on business activities. Ongoing low staffing level reduces quality. Minor error due to ineffective training/implementation of training. Recommendations made which can be addressed by low level of management action. Local media long-term adverse publicity. Significant effect on staff morale and public perception of the organisation. Reduction in scope or quality of project; project objectives or schedule. Some disruption in service with unacceptable impact on business activities. Late delivery of key objective / business activities due to lack of staff. Moderate error due to ineffective training/implementation of training. Ongoing problems with staffing levels. Challenging recommendations that can be addressed with appropriate action plan. National media/adverse publicity, less than 3 days.public confidence in the organisation undermined. Use of services affected. Significant project overrun. Sustained loss of business services which has serious impact on day-to-day activities. Uncertain delivery of key objective/ activity due to lack of staff. Major error due to ineffective training/ implementation of training. Enforcement action. Low rating. Critical report. National/international media/adverse publicity, more than 3 days. MSP/MP concern (Questions in Parliament). Court Enforcement. Public Inquiry/ FAI. Inability to meet project objectives; reputation of the organisation seriously damaged. Permanent loss of core business services or facilities. Disruption to facility leading to significant knock on effect. Non-delivery of key objective/activity due to lack of staff. Loss of key staff. Critical error due to ineffective training/ implementation of training. Prosecution. Zero rating. Severely critical report. Financial/value for money (including damage / loss / fraud) Negligible organisational/ personal financial loss. Minor organisational/personal financial loss. Significant organisational/personal financial loss. Major organisational/personal financial loss. Severe organisational/personal financial loss. Compliance/ regulatory Unlikely to be challenged Could be challenged but defended. Could be challenged and need to be defended. Moderate breach of legislation. Major breach of legislation with extreme impact.
15 Appendix 3 Risk Registers Risk Registers should be in place for each of the following area:- 1. Strategic Risk Register 2. Directorate Risks Registers for :- Public Health Finance (including Facilities, Procurement) HR Medical Directorate Nursing, Midwifery and AHPs (including Infection Control) Infection Control nursing Chief Operational Officers (including ehealth and Pharmacy) 3. Operational Units:- Raigmore South and Mid North and West Argyll and Bute
16
Risk Management Strategy
Risk Management Strategy 2017-2019 Created by: Role Name Title Author / Editor Kevin McMahon Head of Risk Management & Resilience Lead Executive Margo McGurk Director of Finance & Performance Approved
More informationRISK MANAGEMENT STRATEGY
RISK MANAGEMENT STRATEGY 2015-2020 2016 Amendments This is a five-year strategy that is subject to annual review by the Board of Directors. The first review took place on 29 November 2016. At this time
More informationDate Ratified 02/12/2010 Business Service Development Committee Review Date 01/12/2012 Director of Operations Expiry Date 01/12/2013 Withdrawn Date
Policy No: RM66 Version: 2.0 Name of Policy: Business Continuity Planning Policy Effective From: 24/02/2011 Date Ratified 02/12/2010 Ratified Business Service Development Committee Review Date 01/12/2012
More informationRisk Management and Assurance Strategy
Risk Management and Assurance Strategy Version 5.0 Policy number ULHT-MD-GOV-RM-STRAT Document author(s) Head of 2021 Programme Contributor(s) Approved by Policy Approval Group Date approved Date Published
More informationGovernance Institute of Australia Ltd
Governance Institute of Australia Ltd Management Policy 1. Overview management is a key element of effective corporate governance. In view of this, Governance Institute of Australia Ltd (Governance Institute)
More informationActive Essex Risk Management Strategy
Active Essex Risk Management Strategy 2017-2021 November 2017 Contents 1. Policy Statement 2. Statement of Commitment 3. Risk Management Framework 4. Risk Appetite 5. Risk Maturity 6. Risk Management Levels
More informationThis policy establishes the approach to risk management at Sunshine Coast Council (Council) and outlines the guiding principles and framework.
Organisational policy Risk Management Policy Corporate Plan reference: Endorsed by Chief Executive Officer: Manager responsible for policy: A strong community In all our communitites, people are included,
More informationBoard Corporate Governance and Risk Committee
Policy Risk management Authorising Committee / Department: Responsible Committee / Department: Document Code: Board Corporate Governance and Risk Committee POL OPCEO Risk management Introduction The purpose
More informationIdentifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk
Title Description of document The sets out the process by which the Trust identifies, manages, reduces and mitigates risks to achieving the organisational objectives. It sets out the framework required
More informationISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices
INTERNATIONAL STANDARD ISO 31000 First edition 2009-11-15 Risk management Principles and guidelines Management du risque Principes et lignes directrices http://mahdi.hashemitabar.com Reference number ISO
More informationThe Concept of Risk Appetite, and its application in an HE context
The Concept of Risk Appetite, and its application in an HE context Claire McDonald, Durham University John Baker, London South Bank University Rachel Pye, Sheffield Hallam University Session Overview A:
More informationGUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))
GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) Operational Risk Management MARCH 2017 STATUS OF GUIDANCE The Isle of Man Financial Services Authority ( the Authority ) issues guidance for
More informationRisk Management Strategy
NHS Greater Glasgow & Clyde Strategy Strategy NHS GREATER GLASGOW & CLYDE Issue date: April 2007 Version: 1. Custodian: Head of Clinical Governance Status: Approved Review Interval: Two years 1 of 11 NHS
More informationRISK MANAGEMENT FRAMEWORK
RISK MANAGEMENT FRAMEWORK Document Type Policy Document owner Lucinda Parr (Secretary and Registrar) Approved by Council Approval date 05 July 2017 Review date Version 1.0 Amendments Related Policies &
More informationCOMMUNICATIONS STRATEGY
COMMUNICATIONS STRATEGY 2016-2019 Introduction and purpose This strategy details how communications will support the delivery of shaping the future of urgent & emergency care (EEAST strategy 2016-21).
More informationRisk Management Policy and Framework
Risk Management Policy and Framework Introductory Note to User: CompanyLongName There is no requirement in Australia for a non-publicly listed entity (other than a company regulated by APRA) to comply
More informationISO 14001:2015. Control of Environmental Aspects & Impacts.
www.iso-9001-checklist.co.uk Insert your company s name or logo, and address. This procedure is the property of Your Company. It must not be reproduced in whole or in part or otherwise disclosed without
More informationNorthern Ireland Blood Transfusion Service
Northern Ireland Blood Transfusion Service Risk Management Strategy 2018 Northern Ireland Blood Transfusion Service Lisburn Road Belfast BT9 7TS Telephone No. 028 9032 1414 www.nibts.org Page 1 of 13 CONTENTS
More informationStrategic Objectives (SOs) Integrated Finance, Operations and Delivery. Ensuring Quality (Effectiveness, Experience & Safety. Strategic Objective 6
Consequence Appendix A Framework v1.1 as at 19 th January Key notes: The Framework has been developed in accordance with guidelines provided by the Department of Health, Internal Audit and the Strategic
More informationReport by Lesley Anne Smith, Head of Quality on behalf of Elaine Mead, Chief Executive
Highland NHS Board 3 April Item 4.4 NHS HIGHLAND STRATEGIC RISK REGISTER Report by Lesley Anne Smith, Head of Quality on behalf of Elaine Mead, The Board is asked to: Approve the NHS Highland Strategic
More informationDudley & Walsall Mental Health Partnership NHS Trust Board
Dudley & Walsall Mental Health Partnership NHS Trust Board Date of Board Meeting: 27 May 2009 Subject: Trust Board Lead: Presented by: Aim of the report: Risk Management Strategy Rosie Musson Head of Governance
More informationBusiness Continuity Policy
Putting Barnsley People First Business Continuity Policy Version:.0 Approved By: Governing Body Date Approved: August 015 Reviewed October 016 Name of originator / author: Jamie Wike, Head of Planning,
More informationASSURANCE FRAMEWORK. A framework to assure the Board that it is delivering the best possible service for its citizens SEPTEMBER 2010.
ASSURANCE FRAMEWORK A framework to assure the Board that it is delivering the best possible service for its citizens SEPTEMBER 2010 V3 Draft 1 SECTION NO. ASSURANCE FRAMEWORK CONTENTS 1. INTRODUCTION 3
More informationQuality, Safety & Risk Management Framework Policy and Procedure Policy Number 023
Title: Quality Safety Management Document Control Policy Title Quality, Safety & Management Framework Policy Number 023 Owner Quality, Compliance & Training Manager Contributors Quality, Compliance & Training
More informationTitle of Meeting: Governing Body Agenda Item: 7.4
Title of Meeting: Governing Body Agenda Item: 7.4 Date of Meeting: 6 April 2017 Paper Title: HaRD CCG Draft Governing Body Assurance Framework Refresh Responsible Governing Body Member Lead Joanne Crewe,
More informationEQUALITY COMMISSION FOR NORTHERN IRELAND. November 2011 REVIEW OF CORPORATE RISK REGISTER AND RISK MANAGEMENT UPDATE
EQUALITY COMMISSION FOR NORTHERN IRELAND November 2011 REVIEW OF CORPORATE RISK REGISTER AND RISK MANAGEMENT UPDATE Purpose To update Commissioners on changes to the Corporate Risk Register and progress
More informationBusiness Continuity Planning Policy
Business Continuity Planning Policy Policy Number: 186 Supersedes: Version 1.1 Classification Corporate Version Date of Date of Date made Review Approved by: No EqIA: Approval: Active: Date: 2 21/11/2016
More informationStrategic Objectives (SOs) Integrated Finance, Operations and Delivery. Ensuring Quality (Effectiveness, Experience & Safety. Strategic Objective 6
Consequence NHS South Yorkshire and Bassetlaw Framework v1.3 as at Key notes: The Framework has been developed in accordance with guidelines provided by the Department of Health, Internal Audit and the
More informationCorporate Governance and Assurance in NHS Lothian (Version 7-30 January 2017) 1. INTRODUCTION
1. INTRODUCTION Why has this document been prepared? This document has been prepared to help Board members, management and other employees understand how NHS Lothian s system of corporate governance, risk
More informationInternal Audit. Compliance with Policies and Procedures. April 2015
April 2015 Report Assessment A G A Distribution List Chief Executive Director of Finance Director of Human Resources & Organisational Development Executive Nurse Director Chief Officer, NHS Lothian Acute
More informationThe Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector
The Sector Skills Council for the Financial Services Industry National Occupational Standards Risk Management for the Financial Sector Final version approved April 2009 IMPORTANT NOTES These National Occupational
More informationRisk Management Strategy
High Value Health Care Risk Management Strategy (Reference No. GR21 0914) Version: Version 4, September 2014 Version Superseded: Version 3, March 2012 Ratified by: Date ratified: 11 th November 2014 Designation
More informationRISK MANAGEMENT STRATEGY
INSTITUTE of GRUNDSANSIP (IG) RISK ANAGEENT STRATEGY INTRDUCTIN 1.In order for the IG to operate, deliver our services and achieve our objectives some amount of risk taking is necessary. The only way to
More informationSub-section Content. 1 Preliminaries - Post title: Head of Group Risk - Reports to: CRO - Division: xxx - Department: xxx - Location: xxx
Sub-section Content 1 Preliminaries - Post title: Head of Group Risk - Reports to: CRO - Division: xxx - Department: xxx - Location: xxx 2 Job Purpose - To assist in the maintenance and development of
More informationRisk and Resilience Policy
Risk and Resilience Policy Policy Implementation 1 March 2017 Policy Review Date 1 March 2018 Purpose and Scope This policy document has been created to define how our organisation will behave and its
More informationHSE Integrated Risk Management Policy. Part 3. Managing and Monitoring Risk Registers Guidance for Managers
HSE Integrated Management Policy Part 3 Managing and Monitoring Registers Guidance for Managers HSE Integrated Management Policy Part 3 Managing and Monitoring Registers Guidance for Managers Identify
More informationRisk Management Strategy Review. Deloitte recommendations and Implementation Plan
Risk Management Strategy Review Deloitte recommendations and Implementation Plan 1. Purpose 1.1. This paper provides the results of the annual review of the current Risk Management Strategy. The results
More informationIntegrated Governance Strategy
Integrated Governance Strategy Document level: Trustwide (TW) Code: FR1 Issue number: 9 Lead executive Authors details Type of document Target audience Document purpose Medical Director Associate Director
More informationThe Urbis Academy Trust Risk Management Strategy
The Urbis Academy Trust Risk Management Strategy 1.0 Introduction 1.1 Risk management is the process whereby the School/Trust methodically addresses the risks attaching to its objectives and associated
More informationRisk Management Strategy
Risk Management Strategy Risk Management Strategy 2016-2018 Janet Young Governance & Risk Manager June 2016 Executive Lead Jane Meggitt, Director of Communications & Corporate Affairs Index Foreword...............
More informationHSE Integrated Risk Management Policy. Part 1. Managing Risk in Everyday Practice Guidance for Managers
HSE Integrated Risk Management Policy Part 1 Managing Risk in Everyday Practice Guidance for Managers HSE Integrated Risk Management Policy Part 1 Managing Risk in Everyday Practice Guidance for Managers
More informationAUDIT REPORT NOVEMBER
RISK MANAGEMENT AUDIT REPORT NOVEMBER 2009 TABLE OF CONTENTS EXECUTIVE SUMMARY........3 STATEMENT OF ASSURANCE......6 1 INTRODUCTION...7 BACKGROUND......7 AUDIT OBJECTIVES.........9 AUDIT SCOPE AND APPROACH........9
More informationTRUST GOVERNANCE POLICY (formerly referenced as the CMFT Governance Strategy) - UPDATED NOVEMBER
Review Circulation Application Ratification Originator or modifier Supersedes Title CENTRAL MANCHESTER UNIVERSITY HOSPITALS NHS FOUNDATION TRUST TRUST GOVERNANCE POLICY (formerly referenced as the CMFT
More informationPOLICY ON RISK MANAGEMENT
POLICY ON RISK MANAGEMENT This Policy was approved by the Board of Trustees on March 14, 2017. Table of Contents 1. INTRODUCTION... 1 2. OBJECTIVE... 1 3. APPLICATION... 1 4. POLICY... 1 5. ROLES AND RESPONSIBILITIES...
More informationPOLICY DEVELOPMENT FRAMEWORK
POLICY DEVELOPMENT FRAMEWORK Lead Manager: Head of Policy Responsible Director: Director of Corporate Planning and Policy Approved by: Policy Planning and Performance Group Date approved: 17 January 2008
More informationUnited Lincolnshire Hospitals NHS Trust. Governance Statement 2015/16. Scope of responsibility. The governance framework of the organisation
United Lincolnshire Hospitals NHS Trust Governance Statement 2015/16 Scope of responsibility As Accountable Officer, and Chief Executive of this Board, I have responsibility for maintaining a sound system
More informationRole Title: Chief Officer Responsible to: CCG chairs - one employing CCG Job purpose/ Main Responsibilities
Role Title: Chief Officer Responsible to: CCG chairs - one employing CCG Job purpose/ Main Responsibilities Accountable to: All employed staff working within the 3 CCGs Within the 3 CCGs the Chief Officer
More informationPolicies, Procedures, Guidelines and Protocols. Document Details
Policies, Procedures, Guidelines and Protocols Document Details Title Security Management Strategy Trust Ref No 2038-38676 Local Ref (optional) Main points the document The Strategy intends to reinforce
More informationNHS HIGHLAND WORKFORCE PLAN 2008/09 EXECUTIVE SUMMARY
NHS HIGHLAND WORKFORCE PLAN 2008/09 EXECUTIVE SUMMARY The implementation of Better Health, Better Care: Action Plan requires a committed, well prepared, dedicated workforce that is both trained to practise
More informationRISK MANAGEMENT - FRAMEWORK. OBJECTIVE To outline the Bay of Plenty District Health Board (BOPDHB) framework for risk management
OBJECTIVE To outline the Bay of Plenty District Health Board (BOPDHB) framework for risk management STANDARD All employees are responsible for ongoing identification of risk. Risk management at BOPDHB
More informationRisk Management Update ISO Overview and Implications for Managers
Contents - ISO 31000 highlights 1 - Changes to key terms and definitions 2 - Aligning key components of the risk management framework 3 - The risk management process 4 - The principles of risk management
More informationFor: Information Assurance Discussion and input Decision/approval. Ellen Bull, Deputy Director of Quality Author Contact Details: 3531
Trust Board Item: 15 Date: 07/02/2018 Purpose of the Report: Enclosure: K To request ratification from the Trust Board of Directors on the. which was discussed, refined and approved at the Risk Management
More informationIRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards
IRM s Professional Standards in Risk PART 1 Consultation: Functional Standards Setting standards Building capability Championing learning and development Raising the risk profession s profile Supporting
More informationANNUAL PERFORMANCE REPORT DATA ASSURANCE PLAN 2015/2016
ANNUAL PERFORMANCE REPORT DATA ASSURANCE PLAN 2015/2016 1 INTRODUCTION 1.1. Ofwat s shared vision for the water sector in England and Wales is one where customers, the environment and wider society have
More informationHonorary Contracts Procedure
Honorary Contracts Procedure Version: 3.0 Bodies consulted: Approved by: Joint Staff Consultative Committee & WMT Executive Management Team Date Approved: 03 October 2017 Lead Manager: Responsible Director:
More informationAberdeen City Health and Social Care Partnership. Strategic Risk Register 2017/18
Aberdeen City Health and Social Care Partnership Strategic Risk Register 2017/18 Risk Rating Low Medium High Very High Risk Movement Decrease No Change Increase Saved: Executive Group shared drive Key
More informationINTERNAL AUDIT PLAN AND CHARTER 2018/19
INTERNAL AUDIT PLAN AND CHARTER 208/9 PURPOSE OF REPORT. To present the proposed 208/9 audit plan and charter to the Audit Committee for consideration and approval..2 The Internal Audit Plan for 208/9
More informationAberdeen City Health and Social Care Partnership. Strategic Risk Register 2017/18 Approved at Audit & Performance Committee
Aberdeen City Health and Social Care Partnership Strategic Risk Register 2017/18 Approved at Audit & Performance Committee 02.03.2018 Risk Rating Low Medium High Very High Risk Movement Decrease No Change
More informationERM: Risk Maps and Registers. Performing an ISO Risk Assessment
ERM: Risk Maps and Registers Performing an ISO 31000 Risk Assessment Agenda Following a Standard? Framework First Performing a Risk Assessment Assigning Risk Ownership Data Management Questions? Following
More informationRisk appetite and internal audit
30 April 2018 Risk appetite and internal audit Chartered Institute of Internal Auditors This guidance looks at the nature of risk appetite and how it has come to the fore following the financial crisis
More informationJob Description. Operations Manager. Scheduled Care. Band 8A. Centre Manager. Centre Manager
Job Description Job Title: Clinical Group Base Band: Reports To: Accountable To: Key Working Relationships: Operations Manager Scheduled Care The Shrewsbury and Telford Hospital NHS Trust Band 8A Centre
More informationA Risk Practitioners Guide to ISO 31000: 2018
A Risk Practitioners Guide to ISO 31000: 2018 Review of the 2018 version of the ISO 31000 risk management guidelines and commentary on the use of this standard by risk professionals 1 A Risk Practitioners
More informationPASA GUIDANCE. Trustees Administration Governance Checklist. July 2018
PASA GUIDANCE Trustees Administration Governance Checklist July 2018 Administration Governance Occupational Pension Scheme Trustee Checklist The Pensions Administration Standards Association (PASA) has
More informationRisk Management Strategy, Policy and Guidance
Risk Management Strategy, Policy and Guidance 11.0 Risk Management EQUALITY IMPACT The Trust strives to ensure equality of opportunity for all both as a major employer and as a provider of health care.
More informationThe Kirkup report. Governance Project Mary Aubrey, Director of Governance May 2015
The Kirkup report Governance Project Mary Aubrey, Director of Governance May 2015 The Governance Project group The Governance Project group Communication plan PLANNING PHASE Meetings held with the Heads
More informationGOVERNANCE STRATEGY October 2013
GOVERNANCE STRATEGY October 2013 1. Introduction 1.1. The Central Manchester University Hospitals NHS Foundation Trust believes that the role of the governing body is pivotal to the success of the Trust.
More informationSTATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
Governance Digi.Com Berhad Annual Report 2017 73 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL IN ACCORDANCE WITH PARAGRAPH 15.26 (b) OF THE MAIN MARKET LISTING REQUIREMENTS OF BURSA MALAYSIA SECURITIES
More informationRisk Management Implementation Plan
41 07 Management Author: Dr Kevin Street; Interim Chief Officer Date: 20 November 2015 Version: 1 Sponsoring Executive Director: Rhiannon Beaumont-Wood Who will present: Kevin Street Date of Board / Committee
More informationHealth, Safety, Environment and Quality (HSEQ) Manager. HSEQ Management System Advisor
Position description Title: Health, Safety, Environment and Quality (HSEQ) Manager July 2016 Reporting to: Chief Executive Officer Direct Reports: HSEQ Advisors (x2) HSEQ Management System Advisor PURPOSE
More informationRISK MANAGEMENT STRATEGY AND POLICY
NEWPORT COMMUNITY SCHOOL PRIMARY ACADEMY Date Adopted: 12 th July 2012 Author/owner: Resources Committee Anticipated Review: Ongoing RISK MANAGEMENT STRATEGY AND POLICY Risk Management Strategy The Governing
More informationUniversity of Exeter Corporate/Strategic Risk Register Probability, Severity & Definitions
Contents: 1. Probability Scale page 1 2. Severity Scale page 2-6 3. Tolerance Scale page 7 4. Direction of Travel Indicator page 8 1. Probability Scale Score Probability Likelihood 1 Negligible likelihood
More informationRisk Management Strategy inc Policy Statement
Title Risk Management Strategy inc Policy Statement 2015-17 Summary This strategy will establish a consistent and integrated approach to the management of risk throughout the BSO. Purpose The control and
More informationSomalia. Risk Management For NGOs. Risk Management Unit United Nations Somalia
Somalia Risk Management For NGOs Risk Management Unit United Nations Somalia Table of Contents 1 GLOSSARY... 4 2 HOW TO USE THIS DOCUMENT... 6 3 OVERVIEW... 7 3.1 FRAGILE STATES, UNCERTAINTY AND RISK...
More informationStatement on Risk Management and Internal Control
INTRODUCTION The Board affirms its overall responsibility for the Group s system of internal control and risk management and for reviewing the adequacy and effectiveness of the system. The Board is pleased
More informationCity of Melville Risk Management Toolkit
City of Melville Risk Management Toolkit Last Review Date: 30/07/2012 Document Owner: Risk Management Coordinator Page 1 of 24 Table of Contents 1. Introduction... 3 2. Risk Management Methodology... 3
More informationRisk Management Strategy. Version: V3.0
Risk Management Strategy Version: V3.0 Date: October 2016 Classification: DCC Public Document Control (Document Control Heading) Revision History (Document Control Subtitle) Revision Date Summary of Changes
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY 1 AUTHOR/ APPROVAL DETAILS Document Author Written By: Phil Hartwell Authorised Signature Authorised By: Helen Shields Date: 06
More informationRisk Management Policy
Risk Management Policy 2015 Steadfast Group Limited ABN: 98 073 659 677 Risk Management Policy 1 ABN: 98 073 659 677 2013 Steadfast Group Limited Contents 1. INTRODUCTION 2 2. POLICY INTENT 2 3. POLICY
More informationRisk Management Policy Arvind Infrastructure Limited
Risk Management Policy Arvind Infrastructure Limited 0 Risk management 1.1 Purpose Arvind Infrastructure Limited is committed to high standards of business conduct and to good risk management to: 1. achieve
More informationIssues Management Policy and process
Issues Management Policy and process Version: V1.0 Ratified: Lewisham Risk Management Group Name of originator/author: Name of responsible committee/individual; Victoria Medhurst Senior Management Team
More informationCompetence Framework for Safeguarding Adults
Competence Framework for Safeguarding Adults Introduction This competency framework seeks to develop and demonstrate the competency of staff in delivering services that safeguard adults with care and support
More informationRisk Management at Statistics Canada
Risk Management at Statistics Canada Presentation to Workshop on Risk Management Practices in Statistical Organizations J. Mayda April 25 th, 2016 Introduction Statistics Canada has had a formal Integrated
More informationTHE ARCG CHARTER. Issued in March 2008
THE ARCG CHARTER Issued in March 2008 Index Part A Internal Audit Purpose Charter Mission Independence Scope & Responsibilities Authority Accountability Standards Part B Compliance Introduction Guiding
More informationINTERNAL AUDIT WORK 2016/17 TO MARCH 2017 AUDIT AND RISK COMMITTEE. Report by Chief Officer Audit and Risk. 28 March 2017
INTERNAL AUDIT WORK 2016/17 TO MARCH 2017 Report by Chief Officer Audit and Risk AUDIT AND RISK COMMITTEE 28 March 2017 1 PURPOSE AND SUMMARY 1.1 The purpose of this report is to provide the Audit and
More informationOperational Risk Management Policy
Contents Introduction & Scope... 2 Risk Management... 3 Risk Management Objectives... 3 Categorising Risk at an Organisational Level... 3 Risk Management Processes... 4 Risk Management Activities... 6
More informationDeveloping an Integrated Anti-Fraud, Compliance, and Ethics Program
Developing an Integrated Anti-Fraud, Compliance, and Ethics Program Establishing an Effective Anti-Fraud, Compliance, and Ethics Function 2018 Association of Certified Fraud Examiners, Inc. Discussion
More informationRisk Management Policy
Risk Management Policy IPH Limited ACN 169 015 838 1. Introduction Organisations of all types and scale face internal and external factors and influences that make it uncertain whether and when they will
More informationRISK MANAGEMENT STRATEGY
Agenda Item No: 15 RISK MANAGEMENT STRATEGY PURPOSE: The Risk Management Strategy has been updated to reflect the revised approach to the Corporate Risk Register and Board Assurance Framework and to reflect
More informationMANAGING RISK AT SUNCORP
SUNCORP GROUP LIMITED CORPORATE GOVERNANCE MANAGING RISK AT SUNCORP 1 MANAGING RISK AT SUNCORP Managing risk is a key contributor to Suncorp Group's success. The Board and management recognise that an
More informationISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. This is a free 6 page sample. Access the full version online.
INTERNATIONAL STANDARD ISO 31000 First edition 2009-11-15 Risk management Principles and guidelines Management du risque Principes et lignes directrices Reference number ISO 31000:2009(E) ISO 2009 PDF
More informationRESEARCH SUPPORT SERVICES FRAMEWORK. Streamlining the management and governance of R&D studies in the NHS
RESEARCH SUPPORT SERVICES FRAMEWORK Streamlining the management and governance of R&D studies in the NHS Page 1 of 22 Contents 1. INTRODUCTION... 3 How to use this document... 3 Background... 4 Purpose
More informationBoard Assurance and Escalation Framework
Lincolnshire Partnership NHS Foundation Trust (LPFT) Board Assurance and Escalation Framework DOCUMENT VERSION CONTROL Document Type and Title: Policy No 5a. with effect from 2/11/15 (former corporate
More informationRisk Management Strategy
RM02 Lincolnshire Partnership NHS Foundation Trust (LPFT) Risk Management Strategy Document Type and Title: Authorised Document Folder: New or Replacing: Document Reference: DOCUMENT VERSION CONTROL Strategy
More informationRisk management Principles and guidelines
AS/NZS ISO 31000:2009 Joint Australian New Zealand International Standard Risk management Principles and guidelines Superseding AS/NZS 4360:2004 AS/NZS ISO 31000:2009 AS/NZS ISO 31000:2009 This Joint Australian/New
More informationBoard Assurance Framework Process and Standing Operating Procedure
SH NCP 59 Board Assurance Framework Process and Standing Operating Procedure Summary: Keywords Target Audience: This document describes the integrated governance and internal controls processes within
More informationLevel 5 NVQ Diploma in Management and Leadership Complete
Learner Achievement Portfolio Level 5 NVQ Diploma in Management and Leadership Complete Qualification Accreditation Number: 601/3550/5 Version AIQ004461 Active IQ wishes to emphasise that whilst every
More informationB U S I N E S S R I S K M A N A G E M E N T L T D
B U S I N E S S R I S K M A N A G E M E N T L T D Governance, Risk and Compliance (GRC) After completing this course you will be able to Course Level Understand the requirements and benefits of GRC Develop
More informationENVIRONMENTAL MANUAL. Page 1 of 26 Uncontrolled when printed NCH Env Manual Vers 11.0 date 01/02/18
ENVIRONMENTAL MANUAL Page 1 of 26 Uncontrolled when printed NCH Env Manual Vers 11.0 date 01/02/18 Document Control Identification and Approval Status Document Title: Environmental Manual Version Number:
More informationRisk Management Policy. Date Approved: March 2011 Approved By: Governing Body Ownership: Corporate Development. Date of Issue: March 2011
Risk Management Policy Date Approved: March 2011 Approved By: Governing Body Ownership: Corporate Development Date of Issue: March 2011 Proposed Date of Review: April 2020 Date of Equality Screening: 10
More informationCOMPLIANCE MANAGEMENT FRAMEWORK FOR VICTORIA UNIVERSITY
COMPLIANCE MANAGEMENT FRAMEWORK FOR VICTORIA UNIVERSITY July 2018 Prepared by: Policy Services (Compliance) Portfolio of the Vice-President (Planning) and Registrar Contents 1. BACKGROUND... 2 2. COMMITMENT
More information