THE ASSURANCE FRAMEWORK

Transcription

1 THE ASSURANCE FRAMEWORK Policy Profile Version: Version1.0 (April 2014) Date: Review date: Author: Lead Director: 1 April 2014 On an annual basis Irene Low, Assistant Director: Risk Management & Governance Myra Weir, Director of Human Resources & Corporate Affairs Approval Profile Corporate Control Committee: Via consultation June 2014 Governance Assurance Committee: Via consultation June 2014 Trust Board: 25 June 2014 Board Assurance Framework April 2014 (updated Dec 2016)

2 Contents Page No Foreword Introduction Governance in Context What a Board must do What assurance means for HSC and other Arm s Length 9 Bodies 3.0 Accountability in Context The Policy and Planning Hierarchy Objective Setting Accountability and four domains Key elements of Safety & Quality The Assurance Framework in Practice Key stages in building the assurance framework Assurance and co-ordination Assessing the Assurance Framework Organisational Arrangements for the Board The Board of Directors The Executive Management Team The Audit Committee The Governance Assurance Committee The Corporate Control Committee The Safety & Quality Committee Accountabilities and Responsibilities for Assurance within the Trust The role of the Board The role of the Chairman The role of Non-Executive Directors The role of the Chief Executive The Director of Finance & Estates (Lead Director for 21 Financial Governance) 7.6 The Director of Human Resources & Corporate Affairs (Lead 21 Director for Governance) 7.7 The Medical Director (Lead Director for Clinical Governance) 21 South Eastern Health & Social Care Trust Page 2 of 42

3 7.8 The Director of Primary Care & Older People/Executive 22 Director of Nursing 7.9 The Director of Children s Services/Executive Director of Social Work (Lead Director for Social Care Governance) Directors Professional Leads Operational Leads for Governance Assistant Directors and Clinical Directors Ward, Department and Facility Managers Individual Staff members Links Between the Assurance Framework and Related internal business processes Performance Reporting Performance Management and the Operating Cycle Risk Management Risk Registers Board Reporting 27 Appendices Appendix 1 Glossary of Terms 29 Appendix 2(a) High Level Governance Structure 32 Appendix 2(b) Low Level Governance Structure 33 Appendix 3 Risk Matrix 34 Appendix 4 Membership of the Trust Board and Executive 36 Management Team Appendix 5 Assessment of Assurance Frameworks 37 Appendix 6 Board Assurance A Quick Reference Guide 41 South Eastern Health & Social Care Trust Page 3 of 42

4 Foreword Almost eight years have passed since, in January 2006, the first version of the Assurance Framework guidance was published by the Department of Health & Social Services now known as the Department of Health (the Department). At that time the concept was commended to Health and Social Care (HSC) organizations as an important example of governance best practice. All Department s Arm s Length s Bodies subsequently adopted the framework and begun to rely on it as the pivotal mechanism through which Boards exert control over their organisation. The guidance was re-examined in the light of practical experience thereby gained and its revision has benefitted particularly from the views expressed by colleagues from across the HSC. It was reissued to support the mandatory adoption of an Assurance Framework by each Board from 1 April This is the third Assurance Framework produced by the Trust for the period 1 April 2014 to 31 March It is based on the Department s Assurance Framework (issued on 1 April 2009). The essential point of a good Assurance Framework is that it provides a stronger basis for effective challenge and better informed decision-making in the Boardroom. It will also be of relevance to all those with responsibility for good governance and service improvement. In March 2010, following a comprehensive review of its Governance and Risk Management arrangements, the Trust Board approved new structures for Governance which were fully aligned to the four domains as reference in the Department s Assurance Framework document. For ease of reference these are listed below:- Corporate Control; Safety & Quality; Finance; Operational Performance and Service Improvement. This document, therefore, is intended to help the Trust improve its systems of internal control. It does this by showing how the evidence for adequate control can be marshalled, tested and strengthened within an Assurance Framework. It forms part of a series of strategies and systems for improving and strengthening practices and governance arrangements so that safe and high quality health and social care are provided to all that need them. The document also focuses on what assurance means for the Board, the process for assurance and the organisational and accountability frameworks to deliver this agenda. The framework work sits alongside the Corporate Risk Register system and the Controls Assurance process, which underpins all aspects of the business of Health & Social Care (HSC) clinical and social care, financial and organisational and which supports the Trust s governance arrangements. The commissioning and provision of health and social care services require quality assurance and risk management. They also require organisational governance, such as management of personnel, financial efficiency and systems efficiency, as much as clinical and social care governance; all the various elements of governance need to be managed. Focusing on any one element at the expense of others leads to mismanaged services. It is not a choice South Eastern Health & Social Care Trust Page 4 of 42

5 between risk management and quality assurance. Both are needed, as fewer errors mean safer and better quality services. A robust assurance framework provides a stronger basis for effective challenge in the boardroom and better-informed decision-making. It also allows me as the Accountable Officer to more fully discharge my statutory responsibility to prepare an annual Governance Statement. This document will be subject to review on an annual basis by the Corporate Control and Governance Assurance Committees and ultimately endorsement by members of the Trust Board. Hugh McCaughey Chief Executive April 2014 (updated Dec 2016) South Eastern Health & Social Care Trust Page 5 of 42

6 1.0 Introduction 1.1 People need to be confident about the quality of care that they get from organizations commissioning or providing health and social care. They want services that are readily accessible, are safe, and, are provided by competent and confident staff who will always work in their best interests. 1.2 The Board of the South Eastern Health and Social Care Trust (the Trust), and of each of the Department s Non-Departmental Public Bodies (NDPBs), has therefore a duty, on behalf of its service users, carers, staff and local communities, to ensure that the organisation is carrying out its responsibilities within a system of effective control and in line with the objectives set by Ministers. Their organisations must also demonstrate value for money, maximizing resources to support the highest standards of service. To discharge all these duties, Boards need to have in place robust systems of direction, control and communication; good governance, in other words. 1.3 This document entitled The Assurance Framework provides the policy framework and structure by which the Trust Board s responsibilities will be fulfilled. The Assurance Framework is an integral part of the governance arrangements for the Trust and should be read in conjunction with the extant Corporate Plan (and subsequent addendum) 1, Corporate Management Plan 2016/17 2, Risk Management Strategy, April , the framework for Corporate and Directorate Risk Registers 4 and the Integrated Governance Strategy, March The Assurance Framework through the Corporate Risk Register describes the organisational objectives, identifies potential risks to their achievement, the key control measures through which these risks will be managed and the sources of assurance about the effectiveness of these controls. It lays out the sources of evidence, which the Board will use to be assured of the soundness and effectiveness of the systems and processes in place to meet objectives and deliver appropriate outcomes. 1.5 This framework will provide the Trust Board with confidence that the systems, policies, and people are operating effectively, are subject to appropriate scrutiny and that the Board is able to demonstrate that they have been informed about key risks affecting the organisation. 1.6 The Directors of the Trust have: Defined corporate objectives 1 and 2 ; Identified principal risks that may threaten the achievement of those objectives 6 ; Controls in place to manage these risks, underpinned by core controls assurance standards 4 ; 1 South Eastern Health & Social Care Trust Corporate Strategic Plan (and addendum, May 2016) 2 South Eastern Health & Social Care Trust Corporate Management Plan, 2016/17 3 South Eastern Health & Social Care Trust Risk Management Strategy, April South Eastern Health & Social Care Trust Framework for Corporate & Directorate Risk Registers, June South Eastern Health & Social Care Trust - Integrated Governance Strategy, March South Eastern Health & Social Care Trust extant Corporate Risk Register South Eastern Health & Social Care Trust Page 6 of 42

7 Explicit arrangements for obtaining assurance on the effectiveness of existing controls across all areas On an ongoing basis the Trust Board will: Assess the assurances given; Identify where there are gaps in controls and/or assurances; Take corrective action where gaps have been identified; and Maintain dynamic risk management arrangements including, crucially, a regularly reviewed corporate risk register. 1.8 The framework does not impose any new requirements on the staff of arm s length bodies: rather, it supplies their boards with an instrument for making fuller use of the existing governance capacity: in terms of how the various aspects of governance relate to organizational responsibilities, accountability and to each other; in relation to the information they need to discharge their responsibilities and accountability; to know how the different facets of governance are working; and to ensure the effective management of risk. 1.9 The Trust has a duty to protect service users, carers, staff and others in the planning and delivery of services. Reducing risk is not just about financial or management probity. It is also indeed, it is primarily concerned with improving the safety, quality and user experience of services. This means that equal priority needs to be given to the obligations of governance across all aspects of the business, whether financial, organizational or in clinical and social care, together with a need for governance to suffuse each organization s culture. Good governance depends on having clear objectives, sound practices, a clear understanding of the risks associated with the organization s business and effective monitoring arrangements in other words, a sound system of organizational-wide risk management The six core principles of good governance, as set out in the Good Governance Standard for Public Service 7, are: focusing on the organisation s purpose and on outcomes for citizens and service users; Performing effectively in clearly defined functions and roles; Promoting values for the whole organisation and demonstrating the value of good governance through behaviour; Taking informed, transparent decisions and managing risk; Developing the capacity and capability of the governing body to be effective; Engaging stakeholders and making accountability real. 7 Published by the Independent Commission for Good Governance in Public Services (January 2005) South Eastern Health & Social Care Trust Page 7 of 42

8 2.0 Governance In Context The Boards of Health & Social Care (HSC) organizations and NDPBs need to be confident that their governance arrangements are operating effectively. They have to know that they will identify, manage and minimize the risks inherent in the provision of health and social care and that, thereby, they will help to achieve business objectives. With effect from April 2013, the Chief Executive must, as Accountable Officer, sign a Governance Statement (previously known as a Statement of Internal Control as part of the statutory accounts and annual report process. From onwards they must also produce a Mid-Year Assurance Statement to attest to the maintenance and improvement of control systems. These obligations heighten the need for Boards to be able to demonstrate that they have been properly informed about the totality of their risks, whether in the immediate provision of health and social care or in organisational matters. To do this they need to be able to show to give assurance that they have systematically identified their objectives, managed the principal risks to achieving them and identified any significant weakness that need to be addressed. In turn, this assurance (in the form of a Governance Statement and Mid-Year assurance statement) is provided to the Department s Accounting Officer. 2.1 What a Board must do Criterion 6 of the Governance Standard 8 states: The Board ensures that it has proper and independent assurances on the soundness and effectiveness of the systems and processes in place for meeting its objectives and delivering appropriate outcomes. To meet this criterion, the Board needs to develop a process to support the Chief Executive in making a balanced, fully informed Governance Statement one that describes both the achievements in the embedding of risk management and the work that remains to be done. This process will include: Establishing principal objectives (at organisation, directorate and unit/team level); Identifying, by drawing up a risk register, the principal risks that may threaten the achievement of those objectives; Identifying and evaluating the key controls intended to manage these risks, underpinned by core controls assurance standards; Setting out explicit arrangements for obtaining assurance on the effectiveness of key controls across all areas of principal risk; Assessing the assurances given; Identifying the positive assurances and areas where there are gaps in controls and/or assurances; Putting in place plans to take corrective action where gaps have been identified; and 8 South Eastern Health & Social Care Trust Page 8 of 42

9 Maintaining dynamic risk management arrangements including, crucially, a regularly reviewed corporate risk register. 2.2 What Assurance Means for HSC and other Arm s Length Bodies The Trust Board can properly fulfil their responsibilities when they have a full grasp of the principal risks facing the organisation. Based on the knowledge of risks identified, the Directors will determine the level of assurance that should be available to them with regard to those risks. There are many individuals, functions and processes, within and outside an organisation, that produce assurances. These range from statutory duties (such as those under health and safety legislation) to regulatory inspections that may or may not be H&SC-specific, to voluntary accreditation schemes and to management and other employee assurances. Taking stock of all such activities and their relationship (if any) to key risks is a substantial but necessary task. The Trust Board is committed to debating and making the connections between the corporate objectives, risks and the range and effectiveness of existing assurance reporting. This will require some consideration of the principle of reasonable rather than absolute assurance. In determining reasonable assurance it is necessary to balance both the likelihood of any given risk materialising and the severity of the consequences should it do so, against the cost (within the limited resources available) of eliminating, reducing or minimising it (within available resources). This framework defines the approach of the Trust Board to reasonable assurance. It is clear that assurance, from whatever source, will never provide absolute certainty. Such a degree of assurance does not exist, and pursuit of it is counter-productive. For any HSC organization, effective risk management requires the embedding of controls assurance in the key processes that directly support service (business) objectives. And from , with the extension of the core controls assurance standards to the RQIA, the NI Fire & Rescue Service, the NI Practice & Education Council for Nursing & Midwifery and the NI Social Care Council, the embedding principle applies to all of the Department s arm s length bodies. The best assurance régime is integral not only to the delivery of safe and high quality health and social care and public safety services; it underpins also effective stewardship of public resources and good performance as regards the delivery of services. It can, moreover, be used to manage change, to involve all levels of the organization, improve or defend the organization s reputation and maximise its opportunities to innovate. Although these advantages are enough to commend the assurance agenda to all wellordered organisations, there is also a strong external driver in the form of the SIC. This imposes an important public disclosure obligation on each Board of Directors. In effect, the SIC requires confirmation that the effectiveness of the system of internal control has been reviewed and that the results of the effectiveness review have been discussed by the Accounting Officer with the board. That responsibility for the system of internal control encompasses:- adopting appropriate policies on internal control; South Eastern Health & Social Care Trust Page 9 of 42

10 obtaining regular assurance that the system is functioning effectively; and ensuring that the system of internal control truly identifies and manages risks, as the board intended. Originally, compliance with standards was the governance priority for many HSC boards, with attention focussed on assessing gaps in performance against set criteria within given areas of risk. That compartmentalised process was useful in terms of engaging all HSC organisations in a consistent manner. But the SIC requirement is that each Board and its members understand the links in their particular organization s assurance chain, and that the Trust Board continuously monitors the effectiveness of its internal control. No set of standards, however rigorously adhered to, replaces the need for an organization-wide bespoke system of risk management. 3.0 Accountability in Context 3.1 The Policy and Planning hierarchy Each year the Government sets out, in its Programme for Government (PfG) and supporting Budget and Investment Strategy, its intentions for improving public services in Northern Ireland. The PfG contains a series of Public Service Agreements committing departments to work towards particular aims and outcomes for the benefit of service users. In order to produce the outcomes for which the PfG makes the Department ultimately responsible, a strong partnership is required between the Department and those arm s length bodies which have a hand in commissioning, delivering etc the services that lead to those outcomes. In order to make the partnership effective, it must be expressed in formal and explicit terms. The outcomes and targets specified in the PfG are therefore restated in operationally measurable terms, and are assigned to the appropriate HSC organisations. The HSC response to this is communicated through commissioning and delivery plans, which describe how commissioners and Trusts intend to use their resources to, respectively, commission services for their resident populations and deliver health and social care services to service users, carers and families. As approved, commissioning and delivery plans form the basis of the relevant organizations comprehensive business plans. The latter documents will include other, more local, service objectives as well as those needed to deliver corporate commitments. Since the Assurance Framework is essentially though not exclusively a board-level instrument, it will be the objectives contained in the organisation s business plan that will form the spine of the framework. But it is important that, within each arm s length body, the organizational objectives should cascade to directorate and unit/team level, where more detailed targets and actions will be set in order to support or help meet South Eastern Health & Social Care Trust Page 10 of 42

11 overall aims and objectives. Individuals should, in turn, be able to translate the unit/team level information into personal objectives thereby establishing the final link between their own jobs, the objectives of their organization, and the Department s objectives as laid down in the PfG. 3.2 Objective Setting with South Eastern Health & Social Care Trust: Corporate Plan (and addendum, May 2016) The Corporate Plan (and addendum, May 2016), the second to be produced by the Trust, sets out the vision for the services we provide to our population and outlines key priorities for the next three years. The plan gives an overview of the priorities the Trust wishes to pursue under six headings ie:- Safe & Effective Care; Access; Health & Well Being; Efficiency and Service Reform; Workforce; and Stakeholder Engagement. This plan is complemented by an annual Corporate Management Plan which provides detail with regards to the objectives for the current year and highlights how all of our work will be delivered under the six themes. These themes are broken into objectives that flow across all of the Trust, such as promoting independence, ensuring high standards of governance and stabilising our workforce. The themes also identify specific objectives for each Directorate, thereby providing a clear statement with regards to how services will be improved. The Corporate Management Plan and the Trust Delivery Plan set out annual targets to progressively deliver these corporate objectives. The Trust Delivery Plan is developed annually and takes account of the Health and Social Care Board/Public Health Agency Commissioning Plan and the targets within the Health and Social Care (Commissioning Plan) Direction (NI) and other associated relevant documents. While the Corporate Plan and the Trust Delivery Plan incorporate these Departmental/Commissioner targets, they take a wider view of the organisational responsibilities of the Trust, setting a range of local targets under each corporate objective. The corporate objectives and associated annual targets (regional and local) are cascaded throughout the Trust by: Performance Improvement Reviews; Corporate Management Plan; Corporate Score Card; Directorate Management Plans (incorporating Score Cards); Individual objectives; This process forms an integral part of the Trust s Performance Management and Operating Cycle and ultimately the Assurance Framework. South Eastern Health & Social Care Trust Page 11 of 42

12 3.3 Accountability: the four domains Performance of the service-related obligations that flow from the PfG constitutes just one strand of the accountability lines between each arm s length body and the Minister/Department. Looked at in the round, there are four broad domains of accountability. The first of the four may be classified as Corporate Control i.e. the arrangements by which the individual organization directs and controls its functions and relates to stakeholders. This domain encompasses the policies, procedures, practices and internal structure which are meant to give assurance that the entity is fulfilling its essential obligations as a public body. It follows that most of the requirements reflect those in place across the public sector, but a few have been instituted for reasons peculiar to the field of health and social care notably the statutory duty of quality created by Article 34 of the HPSS (Quality, Improvement and Regulation) (NI) Order 2003, and the statutory duty to seek views from, and consult with, the recipients of health and social care created by sections 19 and 20 of the HSC (Reform) Act (NI) The staple public sector requirements include the existence of appropriate board roles, structures and capacity; compliance with prescribed standards of public administration, with national or regional policy on procurement and pay, operation of a professional internal audit service, and corporate and business planning approvals. The accounting officer letter of appointment will spell out the principles underlying many of these obligations, while the letters appointing chairs and non-executive members of board will also give due emphasis to this aspect of the appointees duties. The second domain is Safety and Quality the arrangements for ensuring that health and social care services, and public safety services, are safe and effective and meet people s needs. Self-evidently, this covers a broad field and applies to all programmes of care (including health improvement and health protection) and to infrastructure. In addition to the numerous operational/professional requirements that concern or touch on safety and quality, there are more general requirements with which compliance is demanded. In the latter category, those issued by the Department include the Quality Standards 9, Care Standards, and most of the Controls Assurance Standards, but the most notable such item has already been mentioned; it is, of course, the statutory duty of quality created under the HPSS (Quality, Improvement and Regulation) (NI) Order It is to be expected that any organization s Assurance Framework will attach the highest priority to safety and quality. Finance, i.e. the arrangements for ensuring the financial stability of the Department s arm s length bodies, for securing value for money and for ensuring that resources 9 The Quality Standards for Health and Social Care: supporting good governance and best practice in the HPSS (DHSSPS, March 2006) South Eastern Health & Social Care Trust Page 12 of 42

13 allocated by the Minister/Department are deployed fully in achievement of agreed outcomes, is the third accountability domain. Maintaining financial balance is essential. Apart from the accountability and probity problems associated with not living within one s means, concern for service users also points towards the need for strong budgetary control. Failure in financial duties would reduce the Department s claims to an appropriate share of resources. This would damage the longer-term interests of patients, clients, carers, families and others who depend on our services. Through prudent use of resources, the HSC is able to demonstrate delivery of real improvements to service users, not only in productivity (through efficiency and higher levels of activity), but also in terms of quality and modes of delivery. Boards must therefore be satisfied that the financial information they receive is accurate and that financial controls and systems of risk management are robust and defensible. When considering what it would be justifiable to tolerate by way of risks, boards need to compare the cost (financial or otherwise) of minimising the risk against the cost to be borne should the risk materialise; as in other aspects of risk management, an acceptable balance must be struck. Likewise when considering opportunities, and how much risk can be taken in order to capture their benefits, it is a matter of weighing the value (financial or otherwise) of potential benefits against the losses which the organization might suffer. As with corporate control matters, the accounting officer s letter of appointment, and those of the chair and other non-executive board members, will stress the probity and related expectations in respect of finance. The fourth domain covers Operational Performance and Service Improvement fulfilling the Departmental requirements for ensuring achievement of PfG and Ministerial objectives espoused in PFA and other standards and targets. In that connection, the detailed accountability arrangements between the Department and its arm s length bodies will hinge on the terms of the Framework Document 10 to be produced under section 5 of the Health and Social Care (Reform) Act (Northern Ireland) This section of the Assurance Framework guidance will, therefore, have to be amplified in light of those decisions. In the meantime, board members should note that the six principles set out below should underpin the approach to assurance and the performance of corporate responsibilities post-march 2009:- the Minister and the Department have ultimate accountability for the effective functioning of the HSC across the four domains; the Minister and the Department will provide the HSC with a clear direction across each of the four domains, specifying outputs and outcomes that are appropriate, affordable and achievable. This direction will be developed with the involvement of 10 HSC (Reform)Act 2009 Framework Document, September 2011 South Eastern Health & Social Care Trust Page 13 of 42

14 the HSCB, PHA and other HSC organizations, consistent with their stated roles and responsibilities; local accountability for organizational performance across the four domains and for ensuring that appropriate assurance arrangements are in place rests wholly with each organization s board of directors. It is the responsibility of these boards to manage local performance and to manage emerging issues in the first instance; the assurance arrangements and associated information streams within individual HSC organizations will, as far as possible, be used to meet the assurance requirements of the HSCB and PHA, and those of the Department, subject to such additional independent verification as may be deemed necessary; the Department, and in turn the HSCB and PHA, will seek to build a relationship with other HSC organizations based on open communication and no surprises, adopting an informal, supportive approach to clarify and resolve issues as they arise, minimizing the need for formal intervention; there will be a continuing need for the Department to engage with Trusts to ensure sound financial management and for other matters, but the Department will ensure that such engagement is undertaken with proper regard for the roles, responsibilities and effectiveness of the HSCB (and the PHA). 4.0 Key Elements of Safety and Quality Clinical and social care responsibilities are underpinned by a statutory duty of quality and these responsibilities must be taken into account when signing the Statement of Internal Control. Sound governance arrangements are essential if Boards are to reach an informed opinion on robustness of controls in place for clinical and social care. A number of new initiatives have been introduced to support improvement in clinical and social care, such as quality standards, care standards, a safety framework and links with national and professional standard-setting bodies. The continuing operation of controls assurance standards, in particular substantive compliance with the three core standards of governance, risk management and financial management, is integral to the effective operation of the assurance framework. The Trust is fully committed to the controls assurance programme and regular reports are made to both the Executive Management Team and the Corporate Control/Governance Assurance Committees in this regard. 5.0 The Assurance Framework in Practice 5.1 Key stages in building the Assurance Framework The assurance framework (see Figure A below) provides the organisation with a simple but comprehensive method for effectively managing the principal risks to meeting its objectives. It also provides a structure for acquiring and examining the evidence to support the SIC. By contributing to more pertinent Board reporting and the prioritisation of action plans, the framework will, in turn, allow for more effective performance management. South Eastern Health & Social Care Trust Page 14 of 42

15 Figure A the key stages in building an assurance framework Principal Objectives Principal Risks Key Controls Sources of Independent Assurance on Controls and their co-ordination Board Reports positive assurances gaps in control gaps in assurance Board Action Plan ORGANISATION AND DIRECTORATE LEVEL OBJECTIVES Management checks, Internal Audit, Clinical and Multi-professional Audit, DHSSPS Quality and Service Standards, Circulars and Guidance, RQIA, Professional and Staff Regulatory Bodies, External Audit, Counter Fraud Unit Central Services Agency and other reviews To improve control, ensure delivery of principal objectives and gain assurance Summary of the Key Stages on Building the Assurance Framework 1 st step identifying principal objectives to achieve outcomes across all relevant business areas clinical & social care, financial and organisational 2 nd step identifying principal risks which threaten achievement of the principal objectives and managing these risks effectively through the organisation s risk management arrangements 3 rd step documenting the key controls in place to manage risk 4 th step determining the independent assurance required for the organisation to be governed effectively. Consider types of assurance available, co-ordinate these effectively and identify areas where further assurance is required tailoring assurance to the organisation s needs 5 th step reporting key information to the board, including positive information on controls and assurance, identification of inadequate controls or where insufficient assurance exists 6 th step action plan to be agreed by the board to address gaps in controls and assurance with proposals to take corrective, restorative or remedial steps, as required This assurance framework provides a comprehensive and systematic approach to effectively managing the risks to meeting our objectives. The framework illustrates the wide range of assurances from internal and external sources. The most objective South Eastern Health & Social Care Trust Page 15 of 42

16 assurances are those derived from independent reviewers which will include the Regulation and Quality Improvement Authority, Departmental special enquiries or reviews and Internal and External audit. These are supplemented from nonindependent sources such as performance management, multi-disciplinary audit, selfassessment reports and professional monitoring and review processes within legislative and professional regulatory guidance. It is important that as information is collated and evaluated across the Trust that this is done in a consistent and efficient way, is proportionate and minimizes duplication of work by different reviewers. This framework provides a structure for acquiring and examining the evidence to support the Statement of Internal Control. 5.2 Assurance and co-ordination In implementing a system to gain assurances about the effectiveness of the controls in place to manage principal risks, the Board will wish to have a system that provides good co-ordination and assessment of the work of the auditors, inspectors and reviewers and which will bring increased benefits to both the organisation and the review bodies. Such a system will help minimize the burden on the organisation by reducing overlap and allow potential gaps in assurance to be identified and closed. In considering regular reports, the Board will need to consider the adequacy of the assurances on the management of their principal risks and be proactive in addressing the issues that arise. In summary the Board will need to assess whether a review: o Provides full assurance: there are sufficient, relevant, positive assurances to confirm the effectiveness of key controls and the objectives are met. o Reveals gaps in control: there is a clear conclusion, based on sufficient and relevant work, that one or more of the key controls on which the organization is relying are not effective. o Reveals gaps in assurance: there is a lack of assurance, either positive or negative, about the effectiveness of one or more of the key controls. This may be as a result of lack of relevant reviews, or concerns about the scope or depth of reviews that have taken place. 5.3 Assessing the Assurance Framework It is important for the quality and robustness of the assurance framework itself to be evaluated by the Board, which should also have arrangements in place to keep itself updated in the light of evidence from reviews and achievements. For example, if the Trust s actual or apparent performance in a particular area seems at odds with the assessment from the assurance framework reports, the reasons for the discrepancy need to be investigated. Leaving aside the possibility of, for example, inaccurate reporting, it may be that: The objectives themselves need to be revised; South Eastern Health & Social Care Trust Page 16 of 42

17 The risks reassessed and evaluated; or The assurance on the effectiveness of the controls reviewed. Action plans should be updated to reflect the remedial or corrective steps to be taken. Two checklists (from the Department Board Assurance Framework) to aid with the completion of the Trust s assessment of the Assurance Framework were completed in - October 2016 and approved by the Governance Assurance Committee on - 21 December 2016 (see Appendices 5 and 6). The self assessment concluded:- An Assurance Framework has been established which is designed and operating to meet the requirements of the SIC and provides reasonable assurance that there is an effective system of internal control to manage the principal risks identified by the organisation. 6.0 Organisational Arrangements for Board Assurance In March 2010, following a comprehensive review of its Governance and Risk Management arrangements, the Trust Board approved new structures for Governance which were fully aligned to the four domains as reference in the Department s Assurance Framework document. For ease of reference these are listed below and illustrate in diagrammatic format at Appendix 2a and 2b (last updated in September 2016) They are also set out in the Trust s Governance and Risk Management Strategies:- Corporate Control; Safety & Quality; Finance; Operational Performance and Service Improvement. An important element of the Trust s arrangements is the need for robust governance within Directorates. This will be tested through the performance management and accountability review processes, which are developed and currently being further embedded within the organisation. There are a number of internal mechanisms that will support this. 6.1 The Board of Directors is responsible for: Establishing the organisation s strategic direction and aims in conjunction with the Executive Management Team; Ensuring accountability to the public for the organisation s performance; Assuring that the organisation is managed with probity and integrity. The membership of the Board of the Trust is defined in the Establishment Order and listed in Appendix 4. South Eastern Health & Social Care Trust Page 17 of 42

18 6.2 The Executive Management Team The Executive Team is responsible for ensuring that the sequence of performance reports, audits and independent reports, required by the Board of Directors as part of the performance management and assurance processes, is available. The Executive Team (see Appendix 4) ensures that governance and service improvement is embedded at all levels within the organisation and that risk management is an integral part of the accountability process. The Executive Management Team will prepare and regularly update a corporate risk register, which will inform the management planning, service development and accountability review process. 6.3 The Audit Committee The Audit Committee is a non-executive committee of the Trust Board and has no executive powers, other than those specifically delegated in the committee s Terms of Reference. Committee membership is appointed by the Trust Board from amongst the Non-Executive Directors and one of these members is appointed as chairman. The Director of Finance and appropriate Internal and External Audit representatives normally attend meetings. However, at least once a year the Committee should meet privately with the External and Internal Auditors, if required. 6.4 The Governance Assurance Committee The Governance Assurance Committee is responsible for reviewing the development and maintenance of an effective system of integrated governance (ie, risk management, finance and clinical and social care) and internal control, across the whole of the organisation s activities (both clinical and non-clinical) that supports the achievement of the organisation s objectives. The committee is also responsible for ensuring effective governance arrangements are in place both at strategic and operational level across the organisation and for ensuring that key governance priorities are addressed. Membership of the Governance Assurance Committee comprises all Directors, five Non-Executive Directors including the Chairman of the Trust Board. The Board Secretary is in attendance at the meetings. Meetings are held on a quarterly basis with report made to the next Trust Board meeting via the Chairman of the Committee. It is the responsibility of the Non-Executive Directors to provide an assurance to Trust Board as to the effectiveness of the Trust s governance arrangements. 6.5 The Corporate Control Committee The role of the Corporate Control Committee is to be the overarching strategic committee responsible to the Governance Assurance Committee on all matters South Eastern Health & Social Care Trust Page 18 of 42

19 pertaining to integrated governance issues ie, Financial Governance, Corporate Governance and Risk Management (including Organisational Controls). Clinical and Social Care Governance remains within the responsibility of the Safety and Quality Committee It will support the governance and risk management accountability arrangements within the organisation and ensure that all significant risks are properly considered and communicated to the Governance Assurance Committee and/or the Trust Board, as appropriate. The Corporate Control Committee reports to the Governance Assurance Committee and acts as the strategic vehicle for the review of clinical and non-clinical risks. It comprises representation from Executive Directors, Assistant Directors and appropriate managerial and professional representation. The group is chaired by the Chief Executive and is supported by the Lead Director for Governance and meets on a quarterly basis. A number of clinical and non-clinical sub committees have been established to support the work of the committee Safety, Quality Improvement & Innovation Committee The role of the Committeeis to be the main sub-committee of the Governance Assurance Committee responsible for leading the safety, quality, and patient/client experience, improvement and innovation agenda across the Trust. The committee is chaired by the Chief Executive and meets on a quarterly basis. The Safety, Quality Improvement & Innovation Committee reports to the Governance Assurance Committee and is responsible for leading and directing a series of subcommittees focusing on the standard and quality of care provided to patients and clients, - the professional and workforce issues relating to staff and improvement and innovation agendas across the Trust. 7.0 Accountabilities and Responsibilities for Assurance within the Trust The following section outlines the roles and responsibilities of the Trust Board, Non- Executive Directors, Chief Executive, Directors and Operational Governance leads in respect of Governance. Good governance requires all concerned to be clear about the functions of governance and their roles and responsibilities. Good governance means promoting values for the whole organisation and demonstrating the value of good governance through behaviour; taking informed and transparent decisions, and managing risk; developing the capacity and capability of the Board of Directors to be effective and engage in stakeholders and making accountability real. 7.1 The role of the Board The role of the Board is defined as collective responsibility for adding value to the organisation by directing and supervising the Trust s affairs. It provides active leadership of the organisation within a framework of prudent and effective controls, which enable risks to be assessed and managed. It sets the Trusts strategic aims and ensures the necessary financial and human resources are in place for the Trust to meet its objectives and review management performance. By setting the Trusts values South Eastern Health & Social Care Trust Page 19 of 42

20 and standards the Board ensures that the Trust s obligations to patients, the community and staff are understood and met. 7.2 The role of the Chairman The Chairman is responsible for leading the Board and for ensuring that it successfully discharges its overall responsibility for the organisation as a whole. It is the Chairman s role to:- - provide leadership to the Board; - enable all Directors to make a full contribution to the Board s affairs and ensure that the Board acts as a team; - ensure that key and appropriate issues are discussed by the Board in a timely manner; - ensure the Board has adequate support and is provided efficiently with all the necessary data on which to base informed decisions; - lead Non-Executive Directors through a formally appointed Remuneration Committee of the main Board on the appointment, appraisal and remuneration of the Chief Executive and (with the latter) other Executive Directors; - appoint Non-Executive Directors to an Audit Committee of the main Board; and - advise the Minister, through the Department, on the performance of Non- Executive Directors of the Board. A complementary relationship between the Chairman and the Chief Executive is important. 7.3 The role of the Non-Executive Directors Non-Executive Directors assure themselves and the Trust Board that the Assurance framework and the Governance Committee and its related sub committees are addressing key governance issues within the organisation. Their responsibilities include strategy, by constructively challenging and contributing to the development of strategy; performance, through scrutiny of the performance of management in meeting agreed goals and objectives; risk, by satisfying themselves that financial and other information is accurate and that financial controls and systems of risk management are robust and defensible. Non-Executive Directors are responsible for ensuring the Board acts in the best interests of the public and is fully accountable to the public for the services provided by the Trust. 7.4 The role of the Chief Executive South Eastern Health & Social Care Trust Page 20 of 42

21 The Chief Executive is accountable to the Chairman and Non-Executive members of the Board for ensuring that its decisions are implemented, that the organisation works effectively, in accordance with government policy and public service values and for the maintenance of proper financial stewardship. The Chief Executive, through his leadership, creates the vision for the Board and the Trust to modernise and improve services. He is responsible for the Statutory Duty of Quality. He is responsible for ensuring that the Board is empowered to govern the Trust and that the objectives it sets are accomplished through effective and properly controlled executive action. His responsibilities include leadership, delivery, performance management, governance and accountability to the Board to meet their objectives and to the Department of Health as Accountable Officer. As Accountable Officer, the Chief Executive has responsibility for ensuring that the Trust meets all of its statutory and legal requirements and adheres to guidance issued by the Department in respect of governance. This responsibility encompasses the elements of financial control, clinical and social care governance, risk management (including organisational controls). 7.5 The Director of Finance (Lead Director responsible for Financial Governance) The Director of Finance is accountable to the Chief Executive for ensuring that effective processes and systems are in place to ensure good financial governance within the Trust. 7.6 The Director of Human Resources and Corporate Affairs (Lead Director responsible for Governance) The Director of Human Resources and Corporate Affairs is accountable to the Chief Executive for the overall strategic management and delivery of the Trust s corporate governance and risk management (including organisational controls) agendas. She is responsible for ensuring that a comprehensive organisation-wide system of risk management is introduced at all levels within the organisation. He is also the Lead Director for Governance. 7.7 The Medical Director (Lead Director/Clinician responsible for Clinical Governance) The Medical Director is accountable to the Chief Executive for the overall strategic management and delivery of the Trust s clinical and social care governance programme. The Medical Director is responsible for ensuring that effective processes and reporting mechanisms are in place in order to ensure safe and effective care. He is also responsible for setting the direction of clinical risk management within the organisation. He will work closely with the Director of Human Resources & Corporate Affairs on this matter South Eastern Health & Social Care Trust Page 21 of 42