Risk Management Strategy

Transcription

1 RM02 Lincolnshire Partnership NHS Foundation Trust (LPFT) Risk Management Strategy Document Type and Title: Authorised Document Folder: New or Replacing: Document Reference: DOCUMENT VERSION CONTROL Strategy Risk Management Strategy Risk Management Replacing RM02 Version No: 7 Date Policy First Written: April 2001 Date Policy First Implemented: April 2001 Date Policy Last Reviewed and Updated: January 2010 Implementation Date: August 2010 Author: Approving Body: Risk Control Manager Board of Directors Approval Date: February 2010 Committee, Group or Individual Monitoring the Clinical Quality & Risk Committee Document Review Date: January 2011 LPFT RM02 v.7 February

2 Contents Section Page Number Statement of Philosophy 3 1 Introduction 4 2 Framework 4 The Risk Register 4 Approach to Risk Management 4 Roles & Responsibilities 5 Organisational Structure 7 3 Operating the Management of Risk 11 Definitions 11 Aims and Objectives 11 Process 13 Risk Management Cycle 14 Implementation of the Risk Management Strategy 16 4 Related Policies and Procedures 18 5 Audit and Monitoring 18 6 References 18 7 Review Requirements 18 Appendix 1 Integrating Risk Register into Management Processes 20 Appendix 2 Policy Monitoring Audit and Feedback Summary 21 LPFT RM02 v.7 February

3 Statement of Philosophy The Board of Directors is committed to ensuring that all services are provided to a high quality and that any risks to patients, staff or the organisation are minimised by a process of identification, assessment, management and where possible elimination of risk. The Trust s plans, outlined in the Integrated Business Plan demonstrate a commitment to raise standards and strive to improve continuously the quality of our services, in partnership with other agencies where appropriate. The Risk Management Strategy supports this Plan to ensure any risks to the achievement of the objectives within it are identified and managed. The Plan integrates drivers for change including National Service Frameworks, government targets and performance monitoring, service integration and workforce development. The Plan also outlines the Trust s strategic objectives, which are managed through the Assurance Framework and Integrated Governance Plan. LPFT RM02 v.7 February

4 Section 1 Introduction This document sets out the Trust s framework, aims and objectives in managing risk to ensure a holistic approach is adopted across the organisation. The Risk Management Strategy is a strategy in support of the Trust s Integrated Business Plan It also defines how this will be done through relevant policies, procedures, processes and organisational structures. Section 2 Framework 2.1 The Risk Register The Trust Risk Register is made up of Local, Divisional and Corporate elements. Risks are identified from Risk assessments of service requirements, issues from incidents, complaints and claims which have occurred within the Trust. Risk assessment forms are completed using the matrix to score the risk and evaluate the residual risk once the action plan is actioned. Following confirmation by the Divisional Management team, they are entered onto the Divisional Risk Register. Corporate risks are identified by General Manager s, Heads of Service, Directors and Project Leads and confirmed by the Executive Team. Description of Risk Location of risk Source Of Risk Risk Score Risk Treatment Plan Residual Risk rating Primary responsibility Progress Update with mitigating actions Date of review Revised Score 2.2 Approach to Risk Management The Trust has developed an Integrated Governance system which ensures that the strands of governance such as financial, clinical, research and the management of risk are brought together in a coherent way. The Trust's system of internal control is based on an ongoing risk management process designed to identify the principal risks to the achievement of the organisation s objectives; to evaluate the nature and extent of those risks; and to manage them efficiently, effectively and economically. The system of internal control is underpinned by compliance with the requirements of the Standards for Better Health which form the basis of the organisations objectives along with relevant Care Quality Commission (CQC) objectives. The assurance framework assesses the principal risks to achieving corporate objectives. Through the framework, risks are reviewed to identify gaps in control and gaps in assurance. The risk register is a record of all forms of residual risk. The risk register is a live document that is constantly updated to reflect new risks and changes to existing risks. It is important that the risk identification process determines the relevance and significance of such risks to the achievement of corporate objectives. Without this link, material risks impacting upon the delivery of key objectives may be overlooked and could lead to failure to achieve objectives if controls are not strengthened. It is therefore proposed that each risk identified on the risk register is referenced to risks to corporate objectives to ensure the risk register can feed the assurance framework. Compliance with Monitor s Governance Code and the Compliance Framework give added value and strength to our system of internal control. LPFT RM02 v.7 February

5 The Trust has developed a focused iterative process of assurance that provides the Board of Directors with the evidence that achievement of the organisations strategic objectives is being met. This process identifies: What the organisation aims to deliver; Corporate Objectives, The factors that could prevent the objectives being achieved; Principal Risks; The significance of the risks; Impact The Likelihood of a risk occurring, Processes in place to manage the risks; Controls The evidence that appropriate controls are in place and operating effectively; Assurance And Action required to close the gaps in controls and assurance The Board has identified the key purposes and achievements for the organisation by examining the objectives against the domains of the standards for Better Health Core and Developmental standards including some CSCI standards The Board has identified evidence to satisfy itself that it has met its assurance needs OBJECTIVES ASSURANCE Patient Led NHS RISKS CONTROLS The Board has identified the risks which will prevent the objectives from being met The Board has identified its assurance needs to demonstrate controls are effective including those around the organisation s objectives to minimise the impact of risks including a review of the processes required to comply with the standards for Better Health 2.3 Roles and Responsibilities Executive Responsibilities The Chief Executive, as Accounting Officer, has overall accountability for risk management. The Director of Nursing & Strategy is the designated Executive Director with overall responsibility for the implementation of organisational and clinical risk management systems ensuring this strategy is executed and communicated. This will include the development of an annual organisational action plan to review risk management training. The Director of Finance and Compliance is responsible for developing the Assurance Framework and co-ordinating the annual review of the effectiveness of internal control, establishing and maintaining sound systems for internal financial control and for ensuring LPFT RM02 v.7 February

6 the adequacy of all controls related to disclosure statements prior to endorsement by the Board. The Director of Finance and Compliance is responsible for ensuring the Trust actively supports counter fraud risk based elements of work through the Risk Register, Trust activated fraud risk assessments and the risk related work of the Counter Fraud provision. The Director of Finance and Compliance is responsible for receiving potential risks and identified system weaknesses arising from the Trust s Counter Fraud provision, ensuring these are reviewed from a Trust-wide perspective by the Risk Control Manager and relevant Workstreams. Such action supports effective internal control. Executive Director Leads have been identified for each of the Trust principal objectives and are responsible for ensuring that systems are in place to manage risks and provide assurance for all areas within their sphere of responsibility Governance, Risk Management and Legal Responsibilities The Deputy Director of Nursing & Clinical Governance has the following responsibilities: the development of policies and procedures that ensure the clinical safety of service users, integrating these with other clinical governance processes; to ensure that systems are in place to ensure that all service users are assessed for the risk of harm to self and others and to make sure that appropriate risk management plans are in place. Supporting, training and advising clinical staff on clinical risk assessment and practice. The implementation of national quality initiatives, ensuring there is regular clinical audit and monitoring trends in key clinical quality and clinical outcome measures. The Risk Control Manager is responsible for: ensuring that systems are maintained to manage risk effectively. This includes systems for reporting and learning from untoward incidents, maintenance of the Trust s risk register, verifying the implementation and effectiveness of actions taken to treat risk and leading on external assessments, e.g. NHS Litigation Authority Standards. Providing expert advice on health and safety and fire safety. Ensuring health and safety, fire and security incidents are investigated appropriately and liaising with the Health and Safety Executive and the MHRA. The Head of Estates & Facilities is responsible for: developing business continuity plans and management contingency plans. The Head of Corporate and Legal Services is responsible for: advising on legal issues including actual and potential litigation. The Learning & Development Manager is responsible for: advising on appropriate training and development activities and facilitating the provision of and recording of attendance and non attendance at training programmes. LPFT RM02 v.7 February

7 Managers Responsibilities All General Managers and Heads of Service are responsible for ensuring: Staff are aware of their responsibilities for identifying, managing and recording risk and attend appropriate training. Risk assessments are undertaken, risk treatment plans produced and any problems in the management of risk are recorded. Any adverse incidents or accidents are reported. Risk assessment is incorporated in all service and capital plans. Risk assessments are conducted on all activities undertaken in their areas, and suitable action plans are produced and implemented. Risk control measures are reviewed at least annually. All staff are aware of risks within their work environment and their personal responsibilities. Incidents and near misses are reported, managed and investigated according to Trust procedures. All staff receive appropriate training. Workplace induction, which includes risk management is in place for all staff, including bank and agency staff. Local policies and procedures are developed to manage specific risk issues where required. All Team Leaders are responsible for: Ensuring all staff are clear on their roles and responsibilities in respect of Mandatory training Co-ordinating work-based inspections and completing work based risk assessments Ensuring all staff within their team(s) meet the minimum requirements in respect of mandatory training Ensuring all staff have equitable access to mandatory training Monitoring all staff within their teams against mandatory training performance targets Feeding up into the organisation through their line manager the critical evaluation by staff of mandatory training in relation to the workplace. Staff Responsibilities, including bank, agency and locum staff All staff are responsible for: Familiarising themselves with this Strategy. Reporting untoward incidents and near misses according to the Trust s policy. Being aware of known risks within their working environment. Being familiar with emergency procedures for their area of work e.g. fire and resuscitation. Complying with policies and procedures and not to interfere with or misuse any equipment, which is provided for health and safety purposes. Attending any relevant training provided by their employer. Board of Directors Is responsible for reviewing the full organisational Risk Register on a monthly basis. Individual Directors are responsible for reporting on principal risks to the Audit and Assurance Committee, Clinical Quality and Risk Committee and Board of Directors (see 3.4) LPFT RM02 v.7 February

8 2.4 Organisational Structure Audit and Assurance Committee: The Audit & Assurance Committee is authorised by the Board of Directors to conclude upon the adequacy and effective operation of the organisations internal control system. In performing that role the committees work predominantly focuses upon the framework of risks, controls and related assurances that underpin the delivery of the organisations objectives (the Assurance Framework). The Audit and Assurance Committee: Is responsible for overseeing the effectiveness of the Trust s systems for internal control and for reviewing the structures and processes for identifying and managing key risks. Is responsible for reviewing the adequacy of all risk and control related statements prior to endorsement by the board. In discharging its responsibilities takes independent advice from the Trust s internal and external auditors. Agrees the annual assurance plan and monitors the assurance framework. There are a number of Operational Risk Committees and workstreams that report to the Board of Directors Chief Executive Team Reviews all corporate risks monthly and also identifies emerging issues and risks Operational Services Directorate Meeting Reviews the Divisional Risks and provides a confirm and challenge function Makes sure risks are graded appropriately Makes sure mitigating actions are appropriate, achievable and are updated and maintained Financial Governance Workstream Financial control is driven by the Strategy Committee and the Audit and Assurance Committee. A comprehensive financial management support process is in place, which includes setting of achievable annual budgets for individual divisions, in year budget reporting and monitoring and training in financial management Information Governance Workstream The Information Governance Committee is responsible for: Ensuring compliance with the NHS wide Information Governance toolkit. Data Protection The Confidentiality Code of Practice (Caldicott) Freedom of Information Information Security Management Records Management Information Quality Assurance NHS Connecting for Health LPFT RM02 v.7 February

9 2.4.6 Strategy Workstream The overall purpose of the workstream is to provide leadership and strategic direction to the delivery of the organisations aims, values and principal objectives. The Strategy Committee is responsible for: Ensuring the development and delivery of the annual business plan and financial plan Provide challenge and assessing risks to the delivery of key performance indicators, Trust priorities and Standards for Better Health. Identifying key risks to the achievement of the organisations objectives, assigning lead responsibility and ensuring effective controls assurance. Approving the Divisional Risk Register and escalating necessary risks to the Board of Directors Receives the approved Corporate Risk Register from the Board of Directors The Clinical Quality and Risk Workstream The Clinical Quality and Risk Committee is responsible for: Reviewing the Trusts Performance in managing clinical risk. Ensuring that clinical safety is integrated within all clinical governance processes. Ensuring the production of a quarterly report to the Board of Directors that includes key information on clinical risk management. Ensuring that clinical and professional policies and practice reflect the need to maintain a high level of clinical safety and reflect best available evidence. The Clinical Quality and Risk Committee is supported by a number of risk workstreams to ensure that all aspects of risk are managed throughout the Trust. These workstreams communicate with the Clinical Quality and Risk Committee either by means of common membership, regular reports or exception reports. In particular, these Committees and Groups include: Clinical Risk Workstream (Risk Review Group) The role of this workstream is to: Review serious untoward incidents and near misses. Take immediate action on identified significant risks Review risks identified through aggregate reporting from incidents, complaints and claims and identify actions required. Commission incident investigations, review outcomes, including recommendations and produce and monitor action plans. Oversee the development of action plans based on information obtained from root cause analysis investigations, external reports and recommendations. Monitor the implementation and effectiveness of action plans. Ensure that clinical risk is effectively managed throughout the organisation. Ensure effective clinical risk standards and assessment tools are developed. Ensure clinical risk is integral to all training. Coordinates clinical risk elements of this strategy Research and Effectiveness Workstream The role of this workstream is to: LPFT RM02 v.7 February

10 Ensure standards for research governance are achieved and maintained Develop an annual clinical Audit programme which provides the assurance in relation to the annual declaration of performance against the Standards for Better Health. Establish effective systems for the implementation of NICE guidelines and Technology appraisals Ensure that Clinical policies, procedures and protocols reflect best available evidence Medicines Management Workstream The role of this workstream is to: Provide a strategic framework to enable and support the safe and cost effective of pharmacological treatments for people with mental health problems, throughout Lincolnshire Partnership NHS Foundation Trust (LPFT) and the local health community. Support effective medicines management within LPFT and the wider local health economy. Support clinical governance in the Trust through effective policies and guidelines which assure best practice in prescribing, supply, administration and monitoring of medicines Support effective implementation of NICE Technology Appraisals in relation to medicines management Safeguarding Workstream The role of this workstream is to: Ensure that effective child and vunerable adult protection practices are in place in all parts of the organisation Liaise with countywide Safeguarding Boards and associated workstreams Infection Control Workstream The role of this workstream is to Ensure there are effective systems for the prevention and management of health associated infections in accordance with the Health Act 2008 Ensure there is an annual cycle of PEAT inspections and cleanliness audits Ensure the findings of Audits are communicated, action plans are in place and their effectiveness is monitored Health and Safety Workstream: The Health & Safety Committee is responsible for: Establishing effective systems for the management of all Health and Safety risks Commissioning health and safety risk assessments and audits across the organisation ensuring that resulting action plans are produced and acted upon. Providing a forum where management and staff side work together to ensure the Trust is compliant with health and safety legislation. Ensuring there are effective systems in place to manage the Central Alert System (CAS) and Medical Devices Alerts. LPFT RM02 v.7 February

11 2.4.9 Workforce and Organisational Development Workstream Workforce and Organisational Development supports the delivery of all organisational objectives through the development of the workforce. The Workforce and Organisational Development Committee is responsible for: Developing the Workforce Strategy and plans to deliver the organisation s objectives Ensuring achievement of external accreditation and validation Clinical Governance Workstream The Clinical Governance Committee is responsible for: Ratifying appropriate polices Ensuring adherence to clinical standards, Policy, Practice and guidance Section 3 Operating the Management of Risk 3.1 Definitions What is Risk? Risk refers to the probability of an adverse outcome that is different from the expected outcome and the potential impact of such an outcome. Major categories of risk include: Strategic: risks associated with a particular strategy, for example: overcapacity; competitor reactions; service line obsolescence Financial: risks associated with the financial structure of the Trust; the financial transactions and the financial systems which are in place Operational: risks associated with the operational and administrative procedures of a business, such as clinical activities; Patient safety; IT systems; recruitment Regulatory and political: risks posed by potential changes in the regulatory and political environment, such as tariff changes; policy changes; changes in healthcare targets Reputation: risks to the perceived quality or image, for example bad press resulting from service changes Contingent: risks that will only come into existence if a certain contingent event takes place Principal or key risks are those, which have significant potential to impair or affect the operational or financial ability of the organisation to deliver ongoing services or prevent the achievement of a strategic objective. What is Risk Management? Risk management refers to the collective set of processes, working practices and tools used to minimise the probability and impact of the adverse outcomes. It involves: Identification of potential sources of risk Estimation of the value at risk : calculated as probability of loss times severity of loss Implementation of controls to minimise probability and severity of loss. LPFT RM02 v.7 February

12 3.2 Aims and Objectives Aims To safeguard and enhance the quality of healthcare provided. To protect the services, reputation and finances of the Trust. To identify, assess, reduce and manage risk to people who use the service, staff who provide the service and others, for example visitors, contractors and the general public. To ensure risks to the achievement of the Trusts strategic objectives set by the Board of Directors are identified and managed. To provide assurance to the Board that risk controls are effective. Generic Risk Management Objectives (Proactive) To integrate and manage all risk, including clinical, financial and organisational within the resources that are available. To promote an open learning culture: To promote a fair and just work environment which does not seek to blame, but encourages sharing of information about incidents, errors and near misses. To identify and disseminate local examples of best practice. To set up systems of information sharing, collation, monitoring and reporting which facilitate the detection of problems, failures and trends in the management of risk. To promote and participate in audit projects within the area of clinical risk. To systematically investigate all major incidents involving risk, identifying lessons to be learned, and developing and implementing appropriate action plans. To ensure that both individual and organisational factors are considered when reviewing incidents, errors and near misses. To ensure this information is reported through clinical and operational management structures. To learn more about the risks inherent in the total system in which we provide services and make changes that seek to eliminate, reduce or minimise those risks. To develop a compliance framework to provide assurance that cyclical risk assessments and mitigation plans are actioned. Specific Objectives for (Reactive) To improve the management review of incident analysis to provide evidence of management decisions and actions. To continue the delivery of training to all senior and department managers. To continue the delivery of clinical risk update training and provide basic clinical risk training. To increase the number of departments in the Trust who have completed comprehensive risk assessments. Integrate the Trust s approach to risk assessment into business and service development plans and project plans. To retain NHSLA Level 1 and strive to achieve NHSLA level 2. To develop the new integrated risk management software (Sentinel) and support its use across all functions in the Trust. Develop a systematic approach to the management of Health and Safety at team level Develop an investment strategy and agree the reporting needs and requirements in relation to Trust investments To develop a Strategy for Positive Risk-Taking LPFT RM02 v.7 February

13 To ensure recommendations and actions arising from reviews, inspections and incidents are actioned. Progress against the Trusts objectives will be monitored through the Strategy Committee and Audit and Assurance Committee, Complete roll out of Health and Safety Control Manual. Increase ownership of and number of local assessments. Continue to embed risk register. Risk Training for Board of Directors, Senior Manager s and front line Manager s. Review risk assurance framework and improve link between assurance framework and risk register. Audit compliance with health and safety legislation. 3.3 Process The risk management process can be applied at strategic and operational levels within the Trust and also to specific projects to aid decision-making. Risk will be identified on an on-going basis and risks identified will be managed by following the risk management cycle (figure 2). That is, analysis and evaluation to determine existing controls, likelihood, consequence and grading; treatment; acceptance; monitoring effectiveness of implementation and ongoing review. The assessment tools used, to ensure consistency in the risk assessment process and risk grading are described in the Risk Assessment Procedure. Risk management processes can be divided into two groups, according to how they are initiated: Proactive - The ongoing, systematic review of all risks within the Trust. Reactive - Those prompted by an adverse event. Risk may be identified, for example, through: Internal: Risk and Control Assessments (strategic objectives) Self assessments (Standards for Better Health) Risk assessment as integral part of business and service planning Risk assessment as integral part of project plans and management Generic risk assessments operational level. Clinical risk screening and assessment of service users. Investigation of untoward incidents and near misses. Child and adult protection investigations. Complaints and whistleblowing. Litigation. External: External inquiry reports. External bodies, e.g. HCC, NHSLA, HSE, MHRA, CQC. NHS Executive and National Patient Safety Agency. Internal and External Audit. LPFT RM02 v.7 February

14 Figure 2 Risk Management Cycle Identify Risk Analyse Risk Yes Evaluate Risk Monitor and Review Has the control created a new risk? Accept Risk? No Treat Risk Yes Risk Register Accept Residual Risk Yes No The Risk Matrix is used during the process of analysing and evaluating risks resulting in a Risk Score and Risk Grade. Risks are graded, green, yellow, amber and red. Risk Matrix Impact Insignificant Minor Moderate Major Catastrophic Likelihood Rare Unlikely Possible Likely Almost Certain The risk score is calculated by multiplying the numeric value of the likelihood with that of the severity to establish a score for each risk. Example of probability of risk framework 1 Probability of risk Likelihood Probability Criteria Rare Very Low 0-5% - extremely unlikely or virtually impossible Unlikely Low 6-20% low but not impossible Possible Medium 21-50% - Fairly likely to occur Likely High 51 80% - more likely to occur than not Certain Very High % - almost certainly will occur 1 Seven Steps to Patient Safety, Full Reference Guide, NPSA August 2004 LPFT RM02 v.7 February

15 Impact/Severity Score Example Details/Descriptions Catastrophic 5 Death at work Death of Service User National adverse publicity NHSE investigation Many people involved (100+ persons) Litigation expected/certain High financial loss ( 1m+) Major 4 Extensive injuries permanent injury Loss of production capability service closure Long-term sickness Adverse publicity Moderate number involved ( persons) Litigation expected/certain Major financial loss ( 50,000-1m) Criminal proceedings against the Trust or member of Trust staff Moderate 3 Risk to organisation Medical treatment required semi-permanent injury Contained on-site with outside assistance disruption of services for more than 24 hours RIDDOR reportable incidents Needs careful public relations Small numbers involved (eg.3-10 persons) High potential for complaint/litigation possible Medium financial loss ( 25,000-50,000) Minor 2 First aid required/short term injury Contained on site Requiring less than 3 days sick leave Minimal risk to organisation 0-3 persons involved Moderate financial loss ( 10,000-25,000) Complaint possible /litigation unlikely Insignificant 1 No injuries/harm caused No risk to organisation or person involved Unlikely to instigate a complaint/litigation Low financial loss within operational areas (up to 1,000) The score and grading are used to assist the process of prioritising risk treatments and determining at what level within the Trust risk can be accepted. Acceptance of Risk It is impossible and not always desirable to treat and/ or eliminate all risks and therefore some risks will have to be accepted. The decision to accept a risk will be based on the principle of cost versus benefit, considering operational, legal, social and humanitarian factors. The responsibility for the treatment and acceptance of risk is dependent upon the risk grade: RED Risks Score: Extreme Executive Leads AMBER Risks Score: High General Managers/Heads of Service YELLOW & GREEN Score: Moderate/ Low Team Leaders/Departmental Heads LPFT RM02 v.7 February

16 All moderate and significant risks, i.e. risks graded amber or red are held on a live Risk Register, which is updated as new risks are identified and action plans completed. Risks that are adequately controlled are recorded as such on the risk register. All risks are given a review date and will be reviewed, at least quarterly. Monitoring of Risk The Director or Manager who is the owner of a risk is responsible for ensuring that the risk treatment plan and risk controls are reviewed within the agreed timescales and for updating the Risk Register. The annual review process will however also be prompted by the Risk Register to ensure live risks are reviewed at least quarterly and archived risks annually. The Risk Management Department will produce regular reports from the Risk Register and will remind staff if risks are overdue for review. All new amber and red risks and progress on the treatment of outstanding amber and red risks will be reported to the Board of Directors. The Board will review red and amber risks that have been accepted by the Trust, at least quarterly. All green and yellow risks held on local risk registers will be reviewed quarterly to identify trends that may require escalating as a principal risk against the trust. Trend analysis of incidents will be done centrally to identify general themes for the trust and in further detail in each division to identify more specific trends and issues specific to each division. All trends and common themes will be brought to the attention of the Risk Review Group who will manage the lessons learned process for the trust. The process for identifying risks and reviewing the risk register by the Trust Committees is outlined in Appendix 1. Monitoring of the Risk process is outlined in Appendix 2. Service Users All service users are assessed for risks to self, risks to others, neglect and aggression and violence, risk assessment should include the risks to service users if they are not allowed to achieve their potential. Policies and procedures are in place defining how these processes are executed and are located within the Clinical Policies and Procedures Manual. 3.4 Implementation of the Risk Management Strategy The Risk Management Strategy and supporting procedures are distributed to all managers for inclusion in the Corporate and Risk Management and Clinical Policy and Procedure Manuals. Directors and Managers have a responsibility to ensure that their staff are aware of these policies and procedures. Training To ensure Directors, managers and other staff have the knowledge and skills to effectively implement this Strategy, Risk Management training is mandatory. The organisation will provide sufficient and appropriate training for each of the main staff groups as outlined within the Trust LPFT RM02 v.7 February

17 Mandatory Training Matrix (Mandatory Training Policy PER25). All risk management training will be included in the Trust Training Prospectus which will be reviewed on an annual basis. Board members and Senior Manager s will receive an annual update on risk management. The Trust considers the following areas as mandatory training for risk management: Rapid Tranquilisation Training Hand Hygiene Training Clinical Supervision Moving and Handling Training Safeguarding Adults Training Slip, Trips and Falls Training Inoculation Incident Training Prevention and Management of Violence and Aggression Training Dual Diagnosis (Mental Health and Substance Misuse) Training Observation of Service Users Training Medicines Management Training Resuscitation Training Infection Prevention and Control Training Investigation of Incidents, Complaints and Claims Training Clinical Risk Assessment Training Harassment and Bullying Training (Diversity) Health Record Keeping Training Risk management training for senior managers and board members Please note this is not an exhaustive list of the risk management training offered by the trust. Attendance at Trust Risk Training events will be recorded and information held by the Training department. A follow up letter will be sent to non attendees and copied to their line manager. On an annual basis the Risk management training needs will be reviewed by the Board or a Board Committee who will use the reports supplied by the Training department on attendance and non attendance to develop an action plan for the continued delivery of this training by the Divisional Management teams. The action plan will be based on risk assessments on gaps in training delivered and prioritised accordingly using the traffic light system to ensure areas of high risk are tackled first. Where necessary the Clinical Quality and Risk Committee will place the training risk on the risk register to ensure local management addresses any gaps in training. The Associate Director of Workforce will also ensure that the Risk Management training programme is entered into the training prospectus. Effectiveness The effectiveness of implementation of the Risk Management Strategy will be measured and monitored through various means, including development and monitoring of key indicators. Incident reporting and investigation: Trend analysis of incidents from risk management database Evidence of management actions being taken Learning the Lessons audit to verify implementation of recommendations. Risk assessment: Monitoring completion of risk assessments via the Health and Safety Audit LPFT RM02 v.7 February

18 Monitoring completion of risk treatment plans via the risk register Monitoring completion of clinical risk assessments via CPA/records audit and suicide audit Monitor inclusion of risk in business plans Performance Assessment and Assurance Framework: Inclusion of risk cascaded from strategic objectives into Directors and managers individual objectives. Monitoring of this through Performance Reviews and Individual Performance Reviews. Uptake of Training: Monitor uptake of training against the training needs analysis. Managers reports on training attendance for all mandatory training and follow-up of non attendees. Standards for Better Health: Monitoring implementation of assurance action plans via the Integrated Governance Plan. Each Director will report on principal risks to the Audit & Assurance Committee at least quarterly and Board of Directors annually and by exception. The Committees as outlined in Section 2.3 are responsible for monitoring the effectiveness of the Risk Management Strategy and raising any exceptional issues/risks of the Strategy to the Board of Directors. Communication of Risk Significant risk issues that require immediate action are communicated to staff through the CAS System. Other Risks are communicated to staff through the Risk Register and Operational Directorate structure. Section 4 Related Policies and Procedures Trust Policies and Procedures manuals refer to: Risk Management and Health and Safety Manual Corporate Services Personnel Mental Health Act Policies Operational Policies Infection Control Policy Whistleblowing Policy Together with the above Polices and Procedures the Management Code of Practice and Conduct must be adhered to. Section 5 Audit and Monitoring LPFT RM02 v.7 February

19 See Appendix 2 Section 6 References Code of Conduct for NHS Managers (October 2002) Mental Health Reference Group (2000) Risk Management. Scotland. Mental Health and Wellbeing Support Group. Vincent, C (2001) Introduction. In Vincent, C Ed (2001) Clinical Risk Management: Enhancing Patient Safety. London. BMJ Publishing Group. Section 7 Review Requirements The Clinical Quality and Risk Committee will review this Strategy annually. LPFT RM02 v.7 February

20 Integrating Risk Register into Management Processes Appendix 1 ALL STAFF Risks/hazards/incidents/near misses/complaints are reported in line with appropriate policy BOARD DEVELOPMENT Prepare and review Strategic Risks Department/Project Risk Coordinators/Building Managers Perform Risk Assessment and prepare local risk register e.g. Local Health & Safety Audits, Infection Control Audits General Managers/Heads of Service/Service Directors Review and approve local risk register Prepare Divisional Risk Register Review Divisional Risk Register and Risk Action plans Operational Services Directorate Meeting Receives and reviews divisional risks Challenge & Confirm Risk Register Strategy Committee Receives and review Exception reports and Issues that cannot be resolved or funded at Divisional level Monitor Progress of all divisional risks on the register and action plans against due dates Approve the Red & Amber category Risk Register report for submission to Board of Directors Specialist Committees e.g. Information Governance, Research Comm, Clinical Gov Comm. Audit & Assurance Committee Reviews Adequacy of systems Board of Directors Review the System of Risk Management LPFT RM02 v.7 Approve the Red and Amber category Risk February 2010 Register Report 20

21 Appendix 2 Policy Monitoring, Audit and Feedback Summary: 1 Risk Management Strategy Systems Monitoring and/or Audit Criteria Measurables Lead Officer/Group Frequency Reporting to Action Plan/Monitoring Systems in place to monitor the business of the risk management groups No of meetings taking place: Strategy Committee Information Governance Clinical Governance Risk Review Research Medicines Management Safeguarding Steering Group Infection Control H&S Workforce and Org Development Medical Devices Director of Nursing and Strategy Quarterly reports Clinical Quality and Risk Committee Director of Nursing and Strategy (action plan) Board of Governors (monitoring) Board of Directors (approval) Systems in place to monitor the review of the corporate risk register No of meetings by the Board of Directors No of meetings by Clinical Quality and Risk Committee Director of Nursing and Strategy Monthly Report to Board of Directors Quarterly to Clinical Quality and Risk Chief Executive Director of Nursing and Strategy (action plan) Board of Governors (monitoring) Board of Directors (approval) Systems in place to monitor local management of risk No of meetings to review local risk registers Number of risks escalated to divisional management team Risk Management Department General Managers and Heads of Service Monthly Report Divisional Management Meetings General Managers and Heads of Service (action plan) Operational Services Directorate Meeting (monitoring) Identification of trends highlighted Board of Directors (approval) LPFT RM02 v.7 February

22 Policy Monitoring, Audit and Feedback Summary: 2 Risk Management Training Systems Monitoring and/or Audit Criteria Measurables Lead Officer/Group Frequency Reporting to Action Plan/Monitoring Systems in place to monitor board members and senior managers receive risk management awareness training And follow up actions of attendance No of staff attending training Board members Senior Managers No of staff not attending training Board members Senior Managers Training Department Annual Report Director of Nursing and Strategy Director of Nursing and Strategy (action plan) Audit and Assurance Committee (monitoring) Board of Directors (approval) No of follow up letters sent Policy Monitoring, Audit and Feedback Summary: 3 Assessing Risk Systems Monitoring and/or Audit Criteria Measurables Lead Officer/Group Frequency Reporting to Action Plan/Monitoring Systems in place to monitor the process for assessing risk No of risks reported via risk register Sources of identified risks Divisional Management Team Monthly Report Operational Services Directorate Meeting Divisional Management Team (action plan) Operational Services Directorate Meeting (monitoring) Board of Directors (approval) LPFT RM02 v.7 February

23 LPFT RM02 v.7 February

24 LPFT RM02 v.7 February