CORPORATE RISK ASSURANCE FRAMEWORK. Author: Board Secretary Contact Details for further information: Alison Gerrard

Transcription

1 AGENDA ITEM May 2014 CORPORATE RISK ASSURANCE FRAMEWORK Executive Lead: Board Secretary Author: Board Secretary Contact Details for further information: Alison Gerrard SITUATION This report proposes a new Corporate Risk Assurance Framework (CRAF) that is designed to ensure the Board is informed on principal risks threatening the delivery of objectives associated with the strategic goals of the Health Board. The CRAF aligns principal risks, key controls and assurances alongside each objective. Gaps are identified where key controls and assurances are considered insufficient to mitigate the risk of non-delivery of objectives. The Framework enables the Board and Committees to identify where additional assurances might be required and to direct additional measures to mitigate unacceptable risk. Approval of the Assurance Framework is a matter reserved for the Board. BACKGROUND The Board approved the current Board Assurance Framework (BAF) in June 2011 that comprised of two sections: Section 1 - Inherent risks, controls and assurances against 12 high level objectives Section 2 Live risks as collated in the corporate risk register. This arrangement was based on good practice guidance at the time but has resulted in significant duplication between the two documents which now run over 30 pages and has become unwieldy as a useful tool. Recent changes in governance arrangements have also prompted the need for a review including the establishment of Clinical Boards, changed arrangements for Board Committees, Integrated Medium Term Plan (IMTP) developments; new Performance Management Framework; and Scheme of Delegation.. In the Healthy NHS Board: Principles for Good Governance, best practice now recommends bringing the BAF and corporate risk register together into an integrated CRAF. Corporate Risk Assurance Framework Page 1 of 2 Board Meeting 6 May 2014

2 Considerable research has been undertaken to identify examples of best practice within the UK health sector and this proposed CRAF has been developed following consultation with the Management Executive and Audit Committee. ASSESSMENT The new framework is fully described in the attached paper at Appendix 1. Following discussions at the Audit Committee, changes were made to categorise risks into Principal Risks and Sub-Risks and a tool has been developed that now allows the CRAF to be viewed and sorted at different levels of detail, by Executive lead, by Board Committee and at level of risk. A copy of the live CRAF as at 25 th April detailing the principal risks is included at Appendix 2. All risks assessments and controls have been signed off by the relevant Executive lead. A well-designed CRAF requires the Board to articulate its appetite for risk and it is intended that a further target score column is included within the framework. The Board Development session held in April 2014 included debate and discussion about the Board s appetite for risk; this will need to be developed further with more clarity needed on short-term and longer-term risk appetite before target scores can be included. Further consideration is scheduled for the Management Executive in June 2014 with a further Board-level discussion over the summer. The internal audit programme for 2014/15 was fully informed by the CRAF and in turn the CRAF is regularly updated to reflect the outcome of audit reviews. The main risks not covered within the internal audit programme are those that relate to the development of new models of care and quality and safety both of which would normally fall to the clinical audit function. The Medical Director is currently reviewing Clinical Audit arrangements to ensure closer alignment in the future. The Quality, Safety and Experience Committee will be considering this further at its meeting in June It is proposed that a full review of the CRAF is undertaken annually in an Audit Committee sponsored workshop to ensure that it remains fresh and fully aligned to the IMTP. The CRAF has been operated in shadow form since March 2014 and is working effectively. A number of Clinical Boards have already adopted a similar framework for their own assurance arrangements. RECOMMENDATION The Board is asked to: APPROVE the new Corporate Risk Assurance Framework. Corporate Risk Assurance Framework Page 2 of 2 Board Meeting 6 May 2014

3 CORPORATE RISK ASSURANCE FRAMEWORK PURPOSE OF CORPORATE RISK ASSURANCE FRAMEWORK The Corporate Risk Assurance Framework (CRAF) provides assurance to the Cardiff and Vale University Health Board on the delivery of its core purpose of Caring for People; Keeping People Well through robust risk management processes. The CRAF brings together the former Board Assurance Framework (BAF) and corporate risk management processes as recommended in a Healthy NHS Board 1 The CRAF supports the Annual Governance Statement (AGS) and is the subject of annual review by the Wales Audit Office as part of the Structured Assessment process. The UHB purpose is achieved through its priorities and strategic goals which are calibrated against principal risks. Cardiff and Vale UHB s Purpose: Caring for People; Keeping People Well Organisational Priorities and Strategic Goals We care about the people we serve and the people we work with We take personal responsibility We trust one another We treat people with kindness We respect each other We act with integrity The CRAF is designed to provide evidence to the Board about the successful realisation of its strategic goals and values. The framework also serves to inform the Board on principal risks threatening the delivery of the objectives associated with the strategic goals. The CRAF aligns principal risks, key controls and assurances on controls alongside each objective. Gaps are identified where key controls and assurances are insufficient to mitigate the risk of non delivery of objectives. This enables the Board to develop and monitor action plans intended to close the gaps. 1 The Healthy NHS Board: Principles for Good Governance

4 The CRAF is principally established from the Integrated Medium Term Plan (IMTP) and reconciled against the Clinical Board and corporate department Risk Registers by the Management Executive and then reviewed by the Board for coverage and consistency with regard to the principal risks. BOARD RESPONSIBILITY FOR THE CRAF It is the responsibility of the Board to: Determine and clearly articulate its objectives Identify the principal risks that threaten the achievement of these objectives Agree its risk appetite recognising the interdependencies of objectives and the impact of mitigating risks on one may adversely impact on others. Agree the key strategic and operational plans that will deliver those objectives and which encompass the controls and actions in place to manage the identified risks Monitor delivery through a robust performance and assurance measurements Ensure that plans are in place to take corrective action where they are not assured that objectives will be fully delivered Sustain and uphold dynamic risk management arrangements (in particular an up to date and well maintained risk register) The Audit Committee has oversight on behalf of the Board on: the adequacy of the assurance processes the effectiveness of the management of principal risks Each principle risk is designated to a Board Committee which has responsibility on behalf of the Board to seek assurance that those risks are being managed in accordance with approved plans. Assurance provides Board members with the evidence that the Health Board is operating effectively, achieving desired outcomes, delivering on its strategic vision, meeting its strategic objectives through effective risk management, in a manner which upholds the Citizen Centred Principles and is in accordance with all statutory requirements. (Audit Committee Handbook 2012)

5 THE ASSURANCE FRAMEWORK IN ITS OPERATIONAL CONTEXT At a high level, the following schematic represents the Board Assurance System. GOALS AND OBJECTIVES Strategic goals, objectives and values agreed through 3 year Integrated Medium Term Plan & Delivery Change Programmes REPORTING Reports to Board, Committee & Welsh Government Annual Report, Governance, Quality and Financial Statements ASSURANCE SYSTEM RISKS Principle risks identified from IMTP & Risk Registers Board determines its risk appetite Ongoing review and monitoring ASSESSMENT Internal & External reports and recommendations Performance indicators and analyses Review of assurance framework Observational findings ASSURANCES Performance measures External, internal and clinical audit Regulatory and inspection agencies Delivery and action plans Board & Committee reports CONTROL ARRANGEMENTS Clinical Board / Corporate IMTPs Performance Management Framework Scheme of delegation Policies and procedures Goals and Objectives Organisational goals and objectives are fully described in Organising for Excellence and the Integrated Medium Term Plan. These plans are rooted in the Citizen Centred planning principles for Wales and encompass Welsh Government and local priorities for improvement and change. Organising for Excellence articulates what successful realisation of those goals will achieve and provides a high level framework for the delivery of the UHB strategic objectives.

6 Our Current State Access to care is based on demand and GP knowledge/interest Services are provider led; developed on historical patterns of care and clinical interest Little detailed descriptions of what services are provided, their cost and outcomes Health Improvement Commissioning Commissioning Model Service Integration Model Our Future State Access to care is equitable and based on assessed need Services are commissioned based on a clear understanding of population needs All services will have a clear specification, clearly setting out how care will be provided for the population Variable engagement with partners with service interest paramount Meeting targets is variable. Staff feel that the priority is meeting targets not patient needs Resources aren t necessarily aligned to need, and we re not clear that we are making the best use of all our resources Pockets of outstanding clinical and research excellence which aren t always fostered to support the individual or UHB Deliver Operational and Clinical Excellence Tertiary Centre of Excellence and Academic Partnerships Services are co produced with staff, the public and partners to shape the best possible experience of care High quality services will be delivered sustainably through a committed and engaged workforce which meets targets within available resources All of the UHB;s resources: money, staff, estate and equipment are maximised to deliver the best possible care. We will maximise the benefits of our links with the University and industry to make the UHB a global centre of excellence These seven goals have been used as the basis of the CRAF as they span the breadth of organisational responsibilities the IMTP describes both the what and the how with processes in place to report delivery. To ensure there is complete coverage within the CRAF of those matters on which the Board will wish to seek assurance (although these run through everything) three additional objectives are also included: Governance Values and Behaviours Benefits realisation.

7 Corporate Risk Assurance Framework Strategic Objectives Appendix 1 Health Improvement Population health is improved with action targeted at the main areas of population health need Commissioning Services are commissioned to ensure access to services is equitable and based on needs Service Integration All services will have a clear specification setting out how joined up care will be provided Co Production and partnerships Services are co produced with staff, the public and partners to shape the best possible experience of care. Operational and Clinical Excellence High quality services will be delivered sustainably through a committed and engaged workforce which meets targets within available resources. Resources All the UHB s resources: money, staff, estates and equipment are maximized to deliver the best possible care. Tertiary Centre of Excellence and Academic Partnerships To be at the forefront of innovation, expertise and professional training in partnership with Cardiff University Governance To have effective governance arrangements ensuring the UHB is compliant with relevant legal and regulatory frameworks and its processes for decision making are robust. Values and behaviours To rigorously uphold public sector values and be open, honest and acting in the public interest at all times. To actively demonstrate the behaviours required of staff: care, respect, trust, personal responsibility, integrity and kindness. Benefits realisation To realise benefit in everything that is done through a culture that drives delivery and improvement at the required pace. Identifying the risks of achieving UHB objectives Against each principle objective, there has been an assessment of the principle risk of achievement prospectively as a fundamental part of the planning process (these are referenced throughout the IMTP). The CRAF will be updated on a bi monthly basis to reflect the periodic review of Clinical Board and corporate risk registers exception reports will be focussed on deviation from agreed acceptable risk for consideration by management and the relevant assurance Board Committee. The process by which Clinical Board risks are considered for inclusion in the CRAF will also be strengthened to ensure there is

8 Ward to Board visibility of risk management. To complement this, the Board will receive a heat map for all those risks assessed as Extreme which will identify the number of Clinical Boards / corporate departments that have included that risk (or something very similar) on their own registers and their local risk assessment. This is intended to provide the Board with a better indication of the severity and breadth of these risks. Any new risks identified during the year will be assigned against the relevant objective. The Audit Committee will wish to assure itself that any new risks or significant escalation of risk, were reasonably unforeseen at the start of the year. The process can be summarised as follows: Report Purpose Reviewed at Corporate Risk Assurance Framework Identify, assess and manage all risks to the UHB s strategic priorities Board to consider and undertake comprehensive review of full CRAF annually through an Audit Committee sponsored workshop Delegate to Committees with responsibility for managing and tracking actions Committee Chair to receive relevant extract at each agenda setting meeting Corporate Risk Exceptions Report Clinical Board and Corporate Departmental Risk Registers Consider and manage risks rated as 12 or more, new risks, increased risks, actions outstanding, risks that remain RED Identify extreme risks (scoring 20 or more) and identify new risks, increased risks, actions outstanding Heat map of risk distribution across UHB for all extreme risks (rated as 20 or more) Identify, assess and manage all risks across the Clinical Board / department Escalate risks and recommended actions where these are rated 15 or more Submit Register to Clinical Board meetings Address any risks flagged as RED Management Executive to receive and consider bi monthly report. Board to receive bi monthly Lead Committee to receive relevant extract at every meeting Clinical Board meetings Control arrangements The IMTP and underpinning Clinical Board and Corporate department plans describe the actions and processes to ensure delivery of objectives and the controls in place to manage risk. These controls are wide ranging from operational plans, project management, policies, procedures, financial management, quality and safety

9 processes etc to ensure that systems are in place and that staff are equipped to deliver an effective and consistent outcome. There is not a 1:1 relationship between risks and controls often there may need to be multiple controls in place to mitigate risk and some controls will also manage more than one risk. It must be accepted that there is not always a neat framework and even if controls are in place, consideration needs to be given as to how effective they are and whether it is better to have a smaller number of key controls rather than multiple controls that no one is properly following as this might give a false impression on the level of assurance. One of the key challenges for the Board is to decide on those controls that it considers are most important and ensure there is a system in place to gain assurance about the effectiveness of the operation of these controls. Assurances The Board needs to assure itself that these controls are effective to manage the principle risks. A good system will bring together and triangulate internal and external assurance sources and should also be a combination of quantitative and qualitative information. The information included within the routine Board Performance report is a fundamental tool in this process but will need to be supplemented by bespoke reports and other assurance sources. A particular focus during the year has been to improve the performance information provided to the Board so that the Board can be assured on the accuracy and reliability of the information as well as ensuring it is focusing on the most important matters. Weaknesses had been identified in the length of time it was taking to code patients and outcomes. This might have caused delay, for example, in identifying areas of unexpected high death rates. This matter has received focus attention with the Board receiving regular reports. I am now satisfied that the mortality information presented to the Board reflects an accurate position. For each objective, the assurance will come from a variety of internal and external sources. These external sources are extremely important and it is essential that the Board (or relevant Committee) is aware of all sources of such information from regulatory or inspection bodies and are sighted on their conclusions.

10 Potential (but not exhaustive) sources of assurance include: Internal Sources Performance Management Reports Service change management reports * Workforce information & surveys Benchmarking Internal & Clinical Audit reports Board & Committee reports Local counter fraud work Standards for Health assessments Board Member Walkabouts Results of internal investigations Serious Incident reports Concerns and compliments Whistleblowing and Safety Valve Infection control reports Information governance toolkit selfassessment Patient experience surveys and reports Compliance against legislation (eg Mental Health Act / Health & Safety, Data Protection) External Sources Population Health information Wales Audit Office reports Welsh Risk Pool Assessment reports Healthcare Inspectorate Wales reports Community Health Councils visits Feedback from healthcare and third sector partners Royal College visits Deanery visits Regulatory, licensing and inspection bodies External benchmarking and statistics Accreditation schemes National and regional audits Peer reviews Feedback from service users Local networks (eg cancer networks) Investors in People Welsh Government reports and feedback *From previous workshops on Board Assurance and the findings from the Mid Staffs review it was agreed that additional and specific measures should be put in place during significant service change programmes as these have inherent risks. The internal audit programme is already closely aligned to identified risks so that there is a rolling programme of independent scrutiny. This is currently being strengthened to re focus the clinical audit programme of work. Assurance Assessment The process for assessing assurance is fundamentally about taking the most relevant evidence together and arriving at informed conclusions to establish a composite sense of assurance. The principle gaps in assurances are highlighted in the Corporate Risk Assurance Framework. Where there are gaps in assurance, further controls will need to be identified. When there is a lack of evidence from current sources of information, this will be critical in determining the future work programmes of internal and clinical audit so resources are directed appropriately. REPORTING AND PUBLIC DISCLOSURE DOCUMENTS

11 It is intended that the Corporate Risk exceptions report is presented at each Board & Committee (for assigned risks) meeting and agendas should reflect those matters of highest corporate risk. A full review will be undertaken annually to refresh the document and significant elements of the Annual Governance and Accountability Review and the Annual Governance Statement will fall out of this new framework.

12

13 Appendix 2 Objective Principal Risks Failure to Exec lead Total Controls Assurances Gaps in assurance Further agreed action Lead Committee I L S What are we doing about it? How does the Board know if we are doing it? Objective 1 Health Improvement Population health is improved with action targeted at the main areas of population health need 1.1 Develop services and longer term models of care to met the needs ofdoph Comprehensive Clinical Services Strategy to be developed during an increasing and aging population 2014/5 Board to approve Plan in March Clinical Services Plan Dashboard being developed. Updates to be included in 6 monthly IMPT progress report. Internal Audit 2015/16 Detailed programme and timelines to be agreed Board 1.2 Meet Public Health Targets DoPH LPHT Priority Areas 2014/5 actions to be taken forward in Clinical Peformance Report Board plans. Additiona Annual Report of DOPH project support for smoking prevention, dementia and diabetes programmes 6 monthly IMPT update to Board Internal Audit 2013/14 April Audit Committee received Limited Assurance IA Report. The limitations identified in established processes will undermine the success of these action plans, and may adversely impact the achievement of Public Health targets. Offer smoking cessation and weight management support to all those listed for surgery. Increased engagement with Clinical Boards. Follow up Audit to be undertake at end of Operationalise Health Improvement Programmes within Clinical Boards DoPH Clinical Board Health Needs Assessments Optimising Outcomes Policy Standard for Health Services 3: Health promotion, protection and improvement Six monthly report to Board on IMTP progress Internal Audit 2016/17 HCS selfassessment, Executive and IM Review, Internal Audit Overall Programme of Health Needs Assessments being prepared during (3.2 IMPT) Objective 2 Commissioning Services are commissioned to ensure access to services is equitable and based on needs 2.1 Embed a commissioning approach to ensure services are based on evidence and population need DoPH Commissioning Framework and priorities Six monthly report to Board on IMTP progress Internal Audit (2014/15) Prudent healthcare agenda. Additional resource and capacity to be invested in 2014/5. Demand management work to be progressed. Commissioning Strategy to be developed in 2015/16 based on the developments of the Clinical Services Plan. 2.2 Comply with National Policy Directives and NICE requirements COO Delivery plans for each priority (page 35 of IMPT) Six monthly report to Board on IMTP progress Internal Audit (2015/16) 2.3 Agree and align WHSSC commissioner and provider responsibilities (including clinical networks) 2.4 Implement service changes emanating from the South Wales Programme 2.5 Have robust governance / SLA arrangements in place (including quality standards) with all external service providers DoF CEO is member of WHSCC Board CB Delivery Plans Director of Nursing now leading for WHSSC provider contract on safety and quality to enable rounded focus. WHSSC communications protocol to be agreed by end of May Commissioner LTA signed by end March 2014, provider by end April DoF Chair and Chief Executive sit on Programme Board. Clinical services plan will reflect agreed changes Implementation Programme will be established. Strengthened network arrangements being developed DoPH SLAs to be in place and monitored with all externally commisisoned services Finance Report re gaps in financial assumptions. Specific reports Internal Audit 2016/17 Regular specific reports to Board Internal Audit (Annual rolling programme) Cardiac Surgery Commissioner plan not received to support finalisation of provider business case Liaison with other HBs re implementation of new screening test for Down's Syndrome Agreement with WHSSC to revise provider LTA management structure wef 1/4/2014. Development of care delivery networks/ alliances to implement outcome of consultation. Planning group being established to plan and co ordinate the implementation programme. Board Board Objective 3 Service Integration All services will have a clear specification setting out how joined up care will be provided 3.1 Develop,agree and implement sustainable and integrated patient pathways / service models across the UHB and with partners 3.2 Commission effective, safe and efficient emergency and nonemergency transport services (including transport of clinical items) DoP Clinical Services Plan Commissioning Intentions with CBs for agreed care pathways / service models for MSK, anti coagulation, INR, dementia, falls and USC. Strategic Framework for working with the 3rd Sector. DoPH Service level Agreements Participation in Ambulance Services Review Integrated Patient Pathways and Clinical Services Plan Dashboards being developed Six monthly report to Board on IMTP progress Incident Reports Internal Audit (2016/17) Develop pathways for MSK,INR and diabetes Development of Organisational Strategy (10 Year Change Programme) CEO to attend Emergency Ambulance Commissioning Committee. Lead Executive to be agreed. Objective 4 Co production and partnerships Services are co produced with staff, the public and partners to shape the best possible experience of care. 4.1 Communicate and engage meaningfully with staff WOD LPF and LNC partnership working policies and protocols Organisational Change Policy Audience with Adam Clinical Board Communication Plans Staff satisfaction surveys Staff achievement awards Team briefing to be reintroduced Page 1 of 5

14 Appendix 2 Objective Principal Risks Failure to Exec lead Total Controls Assurances Gaps in assurance Further agreed action Lead Committee What are we doing about it? I L S 4.2 Involve and engage with Patients and Carers ND Patient / User feedback surveys Putting Things Right processes Public / patient advice and support arrangements Carers framework Welsh Government Patient Feedback Framework Clinical Board Planning arrangements 4.3 Engage and consult with the public DoP National principles for Public Engagement WG Consultation and Engagement requirements Standard for Health Services 5: Citizen engagement and feedback 4.4 Work co operatively with partner agencies DoPH Cardiff "What Matters 2010:2020" Vale of Glamorgan Community Strategy Integrated Strategies and action plans eg Wyn Fully functioning Area Planning Board Third Sector Strategic Framework Community Health Council Memorandum of Understanding How does the Board know if we are doing it? Patient Experience Reports Concerns/ Compliments information Internal Audit (2015/6) CHC Feedback reports Responses to public engagement / consultation exercises Health Care Standard 8: Care Planning and Provision & 18: Communicating effectively Deivery against key outcomes Community Resource Teams; Falls pathways; care home commissioning; Wyn; CYP services Six monthly report on IMPT progress Area Planning Board montly performance reports LSB Monthly reports New strategic approach in partnership with CBs to be agreed and implemented. Patient feedback / experience Steering Group to be established. Engagement with communities on the development of Shaping Our Future Well Being Clinical Services Plan during 2014/15 QSE Board Engagement with partners on the development of IHSC Board Shaping Our Future Well Being Clinical Services Plan Board during 2014/15. Key topic for June Board development session. Objective 5 Operational and Clinical Excellence High quality services will be delivered sustainably through a committed and engaged workforce which meets targets within available resources. 5.1 Deliver safe, effective and efficient care COO Policies, procedures and other control documents Professional codes and regulatory standards IMTP and operational plans Chief Operating Officer and Clinical Board operating arrangements Clinical Board authorisation, freedoms and delegations process Performance Review process Service redesign & improvement programmes Leading Improvement in Patient Safety programme (LIPS) Standards for Health Services 7: Safe and Clinically Effective care Patient Stories at Board and Committee Performance Reports Capacity Reports Internal Audit reports MHA monitoring reports Concerns/complaints information Patient Safety Walkarounds Patient Feedback (against 4 quadrants) External Audit 2014 (Follow Up Appointments, Operating Theatres, Community Nursing) Health Standards Self assessment, Exec and IM review, audit Clinical audit Serious Incident Reports Ombudsman Reports Royal College Reports HIW & Regulatory Reports Six monthly report to Board on IMTP progress CHC Reports Numbers of Serious Incidents, Performance metrics on Leading Improvements in Patient Safety Programme delivery, effectiveness and efficiency identify the need (LIPS) to improve quality of care to patients and for improvements leading to reductions in Health Care Associated Infections, pressure damage, DVTs and incidents arising from Sepsis Improving the way the UHB deals with concerns QSE 5.2 Achieve Waiting Times and other Tier 1 targets COO Clinical Board and Corporate Department Operational Plans. Tier 1 Performance Targets in Board performance Report 5.3 Sufficiently prepared for a major incident / outbreak DoP Polices and procedures Training and exercises Standard for Health Services 4: Civil Contingency and emergency planning arrangements 5.4 Recognise and act upon safeguarding in a timely manner ND Polices and procedures Strong links developed with partner agencies Health Standards for Wales 11: Safeguarding children and vulnerable adults Internal Audit (2011/12 & 2015/16) Health Standard Self assessment, Exec & IM Review, Audit Serious Case Reviews HCS self assessment, Exec & IM review, audit Internal Audit (2016/17) See latest Board Performance Report. Internal Audit Waiting List Mg. Limited assurance in 12/13 Delivery of agreed plans monitored through the Performance Management Framework QSE Page 2 of 5

15 Appendix 2 Objective Principal Risks Failure to Exec lead Total Controls Assurances Gaps in assurance Further agreed action Lead Committee 5.5 Recognise, address and learn from patient concerns, clinical failures and serious incidents What are we doing about it? I L S ND "Putting things Right" Complaints / concerns policies and procedures Concerns Team supported by DATIX system Patient feedback mechanisms Serious Incident Reviews Health Standards for Wales 23: Dealing with concerns and managing incidents How does the Board know if we are doing it? Concerns performance information Complaints panel Serious Incident Reports HCS selfassessment, Exec & IM review, audit Internal Audit (2014/15) Ombudsmans Reports Coroners Reports HIW Reports CHC Reports IA reviews have previous identied weakness in incident Introduction of E DATIX to asupport more timely reporting system. information. Review of future management of the more serious concerns requested by Complaints Panel (March 2014) Taskforce led by COO taking forward a programme of work on interface incidents QSE 5.6 Provide patients with a good experience ND Policies, procedures and protocols Professional Codes of Conduct Patient feedback reports / stories Internal Audit (2015/16) Fundamentals of Care Health Health Standard self assessment, Exec Standards for Wales 10: Dignity & Respect and IM review, audit Concerns and compliments information CHC reports Fundamentals of Care improvement plan QSE Objective 6 Resources All the UHB s resources: money, staff, estates and equipment are maximized to deliver the best possible care. 6.1 Shared Services Partnership priorities and delivery are not aligned to BS Aproval of SSP Operational Plan by lead Execs UHB requirements Membership of SSP Committee Regular meetinsg between CEOs a) Workforce 6.2 Appropriate complement of well trained, skilled and competent staff COO Staff establishment standards Recruitment, sickness and other workforce policies, procedures & support mechanisms Pooling, bank and agency arrangements Health Standards for Wales 24,25,26: Workforce planning, recruitment, training & OD Staff appraisal and personal development plans 6.3 Effective leadership and management WOD Executive Leadership programme Clinical Board Leadership Programme Organisational Development Arrangements. b) Estates and facilities 6.4 Plan, resource and implement safe and adequate estate DoP Major and discretionary capital programmes Estates inspections and audits Capital prioritisation process Maintenance requests and prioritisation Health Standard for Wales 12: Environment 6.5 Procurement, supply and storage (including pathological storage) arrangements do not meet service needs DoF O4E enablers project on Better Value Supply Chain Increased clinical engagement in procurement arrangements Clinical Board Account Managers established c) Equipment 6.6 Plan, fund and deliver safe and up to date equipment requirements. DoTh Capital prioritisation process / Discretionary capital programme Bed contract Bariatric equipment contract Health Standard for Wales 16: medical devices, equipment and diagnostic systems SSP Performance Monitoring reports Board Development session 2014 Workforce reports Staff / pulse surveys Compliance reports against professional standards HCS selfassessments, Exec & IM review, audit Internal Audit (2016/7) Numbers completing programme Staff survey Pulse surveys Estate surveys Backlog maintenance reports HCS self assessment, Exec & IM review, audit Internal Audit (Annual rolling programme) Internal Audit (Inc Clinical Storarge) 2015/16 & 2016/17 Capital update report HCS self assessment, Exec & IM review, audit Internal Audit 2016/17 d) Finance 6.7 Deliver financial balance and savings programmes DoF Detailed CB savings plans tested by Finance Director and Executives. Finance Performance report to each Devolution of Finance support to Clinical Boards Board. Performance Management Framework / Clinical Board regular meetings Internal Audit 2015/16 External Audit Annual Audit Staff shortages highlighted in CB Risk Registers. Overreliance on Agency staff to fill rotas. Inability to release staff for training IA reviews on capital schemes have highlighted numerous copntrol weakness. No and Limited assurance reports previously issued. Significant gaps identified to meet need. Medical Equipment Management Group scoping with Clinical Boards. Deficits in equipment repair and replacement for non capitalised equipment. Clinical Equipment Steering Group scoping capital equipment requirements Shortfall in savings plans to deliver approved financial plan New sickness management arrangements introduced for 2014 Strengthened control arrangments implemented. Application to be made to WG for additional 5m Application to be made to WG for additional 3m Earlier development of 2015/16 savings programme focused around prudent healthcare/commissioning. Initial plans to be developed by end of June Audit Board e) Information management and Information technology 6.8 Plan, fund and maintain effective & resiliant IM&T systems DoF IM&T implementation programme IM&T group established to oversee progress Standards for Health Services 19: Information management and communications technology IM&T Implementation monitoring report HCS self assessment, Exec & IM review, audit Internal Audit (Annual rolling programme inc Business continuity) External Audit 2014 IA reviews on deprartmental IT systems have highlighted weakness with the management of the system and business continuity arrangements. 2.4m capital investment agreed for 2014/15. Rolling investment programme agreed by ITPB for recommendation to the Board Page 3 of 5

16 Appendix 2 Objective Principal Risks Failure to Exec lead Total Controls Assurances Gaps in assurance Further agreed action Lead Committee 6.9 Patient results, records, clinical coding, DATIX and other core patient information systems being accessible, complete, and up to date What are we doing about it? I L S DoF Health records policies, procedures and protocols Clinical Portal arrangements Health records modernisation programme Head of Information Governance appointment Health Standards for Wales 20: Records management How does the Board know if we are doing it? Specific update reports on programmes of work HCS self assessment, Exec & IM review, audit Internal Audit (Medical Records) 2014/15 External Audit (Clinical coding) 2014 DATIX Project Group to be established under auspices of leaner and Fitter Programme. Investment in additional coding staff and non recurrent external support confirmed in 2013/14. WAO audit early 2014/15 will provide update on progress and action plan will be developed by the UHB in response. Page 4 of 5

17 Appendix 2 Objective Principal Risks Failure to Exec lead Total Controls Assurances Gaps in assurance Further agreed action Lead Committee What are we doing about it? How does the Board know if we are doing it? I L S Objective 7 Tertiary Centre of Excellence and Academic Partnerships To be at the forefront of innovation, expertise and professional training in partnership with Cardiff University 7.1 Recruit and train a competent medical & dental workforce matched to sustainable service needs 7.2 Invest sufficient resources in innovation, service improvement and knowledge management MD Clinical Services Strategy Undergraduate strategy Medical Staff job plans, appraisal and revalidation SLA with Deanery Approval of Strategy Deanery Annual Report GMC Annual Trainee Survey Deanery Annual Report Workforce information reports. Internal Audit (2014/15) MD Joint Director of Clinical Innovation woith Cardiff University Specific Reports Health Good to Great O4E workstream Standard Self assessment, Exec and IM Continuous Service Improvement Team review, audit Faculty for Quality Improvement Standards for Health Services 6: Participating in quality improvement activities Consultant appraisal rates are 23.7% (at Sep 2013) Amalgamate Undergraduate and Postgraduate Departments Board 7.3 Capitalise on outcomes from R&D projects and Medical School innovations into mainstream operational delivery MD Refocussing R&D activity and CB funding Establishment of Joint Innovation Centre with Cardiff University Standard for Health Services 21: Research, development and innovation HCS self assessment, Exec & IM review, audit Internal Audit (2016/17) Objective 8 Governance To have effective governance arrangements ensuring the UHB is compliant with relevant legal and regulatory frameworks and its processes for decision making are robust. 8.1 Meet Legislative requirements BS Important documents control process ensuring all inspections are recorded and compliance monitored. Scheme of delegation. Register of Executive responsibilities covering all legal requirements Internal Audit (2015/16) Audit 8.2 Robust and effective governance framework including system of risk management and assurance BS Corporate Risk Assurance Framework, Risk policies and procedures Risk Management training Executive oversight of risk registers Standards for Health Services 22: Managing risk and health and safety Internal Audit (Annual Review) HCS self assessment, Exec and IM review, audit Internal Audit Limited Assurance CB and corporate departments Risk Registers incomplete Key element of CB authorisation process Board / Audit 8.3 Prevent fraud, theft and corruption DoF Fraud and bribery policies and rocedures. Counter fraud awareness programme. National Fraud Initiative and annual workplan Routine counter fraud reports Internal Audit (2011/12 & 2016/17) Audit Objective 9 Values and behaviours To rigorously uphold public sector values and be open, honest and acting in the public interest at all times. To actively demonstrate the behaviours required of staff: care, respect, trust, personal responsibility, integrity and kindness. 9.1 Meet public sector standards of behaviour BS Corporate Standards of Behaviour Policy and Corporate Inductions Internal Audit (2015/16) Audit 9.2 Protect staff from Violence and agression DoP Security and police joint working arrangements Staff V&A training Case Management support Lone worker policies and safety devices Annual H&S Report H&S Risk Monitoring tool 9.3 Uphold the UHB reputation with public, politicians and stakeholders DoP Establishment of Office of Strategic Management WG correspondance, Ministerial meetings, Media coverage Develop external stakeholder management plan H&S Board Objective 10 Benefits Realisation To realise benefit in everything that is done through a culture that drives delivery and improvement at the required pace Assess and realise the benefit against objectives and priority work programmes CEO O4E and Good to Great programme Additional programme support to drive priority work O4E Reports IA report on Stoke Unit (April 2014) whilst providing "Reasonable Assurance" identified that benefits had not been fully realised. Further work required to devlop this further O4E Page 5 of 5