CQC Strategic and High level Risk Register

Transcription

1 Impact and quality R1 We do not have impact in encouraging improvement innovation and sustainability in care resulting in loss of confidence in CQC (significantly this risk could materialise because financial constraints on providers and challenges of recruiting key staff may limit their ability to maintain quality and improve) ET Imp H 5 Lh M 3 15 Controls: Undertake inspections in response to risk or potential improvements in quality, taking enforcement action, including prosecution, to protect people who use services and hold providers to account Performance reporting and management including evidence whether improvement in health and social care is happening, and the extent to which providers consider CQC helps them improve. Impact reports. State of Care and thematic reports. ET, Board and Committee scrutiny and challenge (Regulatory Governance Committee). Providers / Trade Association engagement. (Mitigations and their owners are set out in Directorates Business Plans) Engaging locally with providers, commissioners and other stakeholders to ensure they play their part in enabling improvement to take place both ongoing and around specific thematic reports Work with partners including the National Quality Board; National Information Board; National Improvement and Leadership Development Board; and others; to encourage improvement Work with key stakeholders on developing the Adult Social Care Quality Commitment Through our Development and Co-production groups with providers, regularly survey how we can improve how we encourage improvement Continuing to develop our strategic measures of success so we have evidence to inform us and improve Applying our change framework that ensures our changes support us to encourage improvement Through our Academy develop training for inspectors focusing on skills needed in this area Imp H () LH M(3) R2.1 We do not implement our Operating Model effectively (Register; Monitor; Inspect &Rate; Enforce; Independent Voice) including because we do not: encourage people who use services, their relatives and carers to engage with CQC respond quickly and effectively to public concerns; R2.2 We do not implement our Operating Model effectively (Register; Monitor; Inspect &Rate; Enforce; Independent Voice) including because we do not: make accurate; insightful; reliable; timely; cost effective & legal regulatory decisions; implement improvements to how we deliver our Operating Model in response to management and quality information C.I.s Imp H 5 Lh M 3 15 C.I.s Imp H () Controls: Quality assurance (sampling) and Sector Continuous improvement Groups. Guidance; CQC s website and reports for providers. NCSC processes for concerns. Performance reporting and management including evidence whether we are meeting our KPIs for Safeguarding; response times to calls and contacts; Risk reporting within CRM. Register; Monitor; Inspect and Rate; Enforce Local engagement at all levels with community groups including using areas of interest leads (ASC), and local Healthwatch Develop Share your Experience - and evaluate how successful the process is Working with partners, share information to identify and respond to risk ensuring that timely action can be taken to protect people who use services Develop systems to support cross sector working and embed cross sector risk and planning meetings Controls: Quality assurance (sampling) and Sector Continuous improvement Groups. Guidance; quality and management assurance frameworks; skills training. Scheme of Delegation, Clear Operating Model, Legal support, Enforcement policy. Appeals; representations and complaints processes. Performance reporting and management including evidence whether we are meeting our KPIs for delivery, timeliness; and complaints ET, Board and Committee scrutiny and challenge (Regulatory Governance Committee). Internal audit. Aggregated: 15+ High 5- Med 1- Low Individual: 5 very high high 3 med 2 low 1 v low 1

2 and other recommendations Register; Monitor; Inspect and rate; Enforce Use quality sampling, evaluation and other evidence to inform improvements and drive this through Continuous improvement groups Deliver training programmes and mentoring across Register, Monitor, Inspect and Rate and Enforce Manage how timely we are in responding to representations Register Develop further KPIs for registration ie: relating to different types of Registration Inspect and rate Consultancy support to Inspection reports process actions and KPIs to follow Managing our organisation Embed a quality framework across CQC Directorates Undertake two Management assurance self-assessments in each Directorate and challenge and scrutinise the evidence presented at ET and Audit and Corporate Governance Committee R3 A difficult to replace Adult Social Care provider fails and CQC hadn t spotted it to give early warning to local authorities. C.I. ASC Director, Corporate Provider & Market Oversight) Imp H () Controls: Market oversight function; information on the function in performance reporting Agreed processes in place for when failure occurs Closer working between Market Oversight, Inspection and Registration teams Information sharing with providers / local authorities and CCGs Relationship with DH and Treasury Imp H () Lh L (2) 8 Implementing our Strategy R We do not effectively collect and process the information we need to be an effective intelligence-driven regulator and accurately predict quality S&I Intelligenc e) Imp H () Lh H () 16 Controls: Medium Term Strategy Group; Medium term plan; Programme Board structure; Change framework; Organisational Development Committee Develop and roll out CQC Insight Develop and roll out Provider Implementation Collection (PIC) Develop intelligence analytical tools and dashboards Work with our Public partners so they know how to gather information for people who use services or the public in a way we can use in Insight. Operational staff use these methods effectively in our inspection work, and this is measured through quality sampling (see Risk 2.2) Deliver learning and development for Inspectors in use of CQC Insight Develop in , for reporting in subsequent years, the Strategic Measures of success for our Intelligence driven approach which the Board has Imp H () LH M (3) R5 We fail to implement an agile approach to emerging and new models of care S&I Policy and Strategy) Imp H () Lh H () 16 Controls: Medium Term Strategy Group; Medium term plan; Programme Board structure; Change framework; Organisational Development Committee; Surveys of providers registering with CQC (how easy was it to register?) and other Strategic measures; Integration Pathways and Place Board; Use of Cygnum to coordinate inspection and external specialist resource Aggregated: 15+ High 5- Med 1- Low Individual: 5 very high high 3 med 2 low 1 v low 2

3 Implement the next phase of our approach for inspect and rate, as it applies to new models of care: Develop and apply scenarios for combined providers to ensure the appropriate alignment of approaches between sectors and their feasibility for inspection Consult on the strategy for the levels of registration (flexible registration levels and architecture will in future accommodate changing models of care), and agree proposals going forward Work with evolving models of care to test our thinking with respect to registration, to include the controlling mind Work with partners and evolving models of care to develop and adapt our inspection approach, testing a coordinated approach in up to areas, with a focus on emerging place-based models of care Work with partners in relation to understanding and responding to the transformation agenda for local health economies R6 We are unable to deliver our Strategy because we are unable to agree or deliver joint approaches with partner organisations Imp H () S&I Policy and Strategy) Controls: Clear Strategy, MOUs and agreements with partners, FYFV; National Quality Board; National Information Board; National Improvement and Leadership Development Board; Health and Social Care Regulators Forum; Adult Social Care Quality Matters Implement the next phase of our approach for inspect and rate, as it applies to new models of care Ensure appropriate partnerships and projects are in place to support the delivery of CQC s strategic priority to promote a single shared view of quality by including sector bodies; ALBs and other partners including the National Quality Board; National Information Board; National Improvement and Leadership Development Board; Undertake Co-production activity with key stakeholders before public consultations Pilot and refine approach before roll-out R7 We are unable to deliver our Strategy because we have inefficient processes S&I/ Planning Programm es and Performan ce) Imp H () Controls: Medium Term Strategy Group; Medium term plan; Programme Board structure; Change framework; Organisational Development Committee Use new professional services contract to manage change Impact assess all changes to our operating model R8 A change of external environment in health and social care or more widely could have implications for CQC s role Imp H () S&I Policy and Strategy) Controls: Board representing CQC with senior stakeholders, including Ministers and MPs; Senior engagement with Department of Health; Horizon scanning by Policy & Strategy; Work with partners and other stakeholders; Working with other regulators; ongoing engagement with a range of organisations as part of Strategy roll out Demonstrate impact through national reports State of Care, Annual report and Impact report; engage with the public, providers and stakeholders, building confidence Aggregated: 15+ High 5- Med 1- Low Individual: 5 very high high 3 med 2 low 1 v low 3

4 Information management and technology R9 We are unable to deliver our Strategy because we are not well supported by IT technologies and systems Imp H () CCS Lh H () Chief Digital 16 Officer) Controls: Change control process and governance, Engaging operational staff in changes, Change and project management capability, Investment Committee approval of business cases Imp M (3) LH M (3) 9 Digital Operations (Interim) appointed to coordinate activities across Digital behind a coherent change plan Digital Operations and Enterprise Architect recruitments underway expected to conclude mid-june (with staff joining at dates based on notice periods) Chief Digital Officer priority developments for initial focus with ET, reported to the Board and shared across senior leadership within CQC Prioritisation concluded in collaboration with business change and consultation across CQC to align to strategic objectives; business plan impact assessment underway Portfolio plans (high-level) to be completed by end of May to manage and align all activities within Digital behind 6 transparent workstreams Initial review of the data management area concluded with recommendations for early wins and long-term change outlined to inform early focus on key capability gaps Outline budget shared with investment committee and initial business cases due for completion in early June to fill gaps in capability and capacity rapidly Integrated procurement approach being defined to expedite timelines for delivery with lean workshops set up First procurement for a major initiative (information collection for ASC PIR, SYE and Intranet) complete with Agile mobilisation beginning end of May Collective and individual meetings held with suppliers to outline expected modifications to ways of working with positive feedback and general willingness to expedite change Cross ALB Board established and dedicated team created to design and progress the Future Services Programme to replace IMS3 (Dedicated CQC representation) Review of CQC and NHSI data warehouses conducted to identify quick wins to reduce duplication and increase speed of collective delivery R10 There is a cyber security incident/ attack causing service disruption or a major data security alert Imp H () CCS Chief Digital Officer; Dir of Gov and Legal services) Controls: Business continuity arrangements We have a second data centre to mitigate main data centre being lost Introduction of software to block all adverts on websites, this will reduce our exposure to this risk We continue to provide information security and cyber awareness training to all staff via intranet announcements, mandatory training on ED and other methods of delivery. Regular discussions take place with our infrastructure (IMS3) provider and other partners to this service to ensure that security protections remain in place, are effective and maintained and updated. Our people Aggregated: 15+ High 5- Med 1- Low Individual: 5 very high high 3 med 2 low 1 v low

5 R11 We fail to respond adequately where our people feel we are not developing a high performing culture and embedding our values Imp H () CCS Lh H () Dir of People) 16 Controls: People policies; staff survey; grievance process; counselling Undertake a cultural assessment to understand CQC's current culture and how it needs to evolve in support of the CQC strategy and values, engaging people at all levels of CQC All Directorates actions to improve staff engagement in each Directorate and overall in CQC inc. engagement and experience of homeworkers, and equality of opportunity for our staff Develop leadership skills of all line managers across CQC through the Inspire programme Put in place a talent management and succession planning strategy to support career development at all levels Implement a staff enabled approach to Quality Improvement R We do not have the skills and capability to regulate effectively CCS Imp H () Dir of People) Controls: L+D strategy and plans Develop and deliver learning programmes including supporting our people to work across sectors Develop our coaching and mentoring approach across CQC Imp L (1) LH L (1) 1 R13 We are unable to deliver our programme of public commitments as a result of CQC s own capacity issues ET Imp H () Dir of People) Controls: Workforce planning group; processes to support recruitment; Use of Cygnum to coordinate inspection and external specialist resource Recruit and deploy Specialist Advisors and Bank Inspectors to meet CQCs organisational needs Identify the future requirement for the flexible workforce to support the inspection programme across all Inspection Directorates Provide a well-managed induction for all new starters - and ensure people leaving CQC have a positive and well managed exit Our organisation R1 We are unable to reduce our costs in line with our reduced budget or our fees are not received in a timely way CCS Dir of Finance Commerci al and Infrastruct ure) Imp H () Controls: Budget has been set for , capital allocation is considered to be adequate. Budgetary and recruitment controls introduced and tracked regularly by Directorates and at ET and Board. KPI for Directorate budget variance (< 2% + - variance) Mitigating actions: Undertaking a further drive to keep increasing the number of providers on our direct debit scheme. We are now able to offer this to NHS providers. Processes are being reviewed to ensure we are and SBS target providers that are starting to slip and to concentrate our efforts in the most needed areas. Aggregated: 15+ High 5- Med 1- Low Individual: 5 very high high 3 med 2 low 1 v low 5

6 R15 We are not protecting or securely managing our information in accordance with regulatory requirements, standards and legislation Imp H (5) CCS Dir of Legal and 15 Governan ce) Controls: Information management and governance policies, Induction and mandatory annual awareness training, Access and security controls, Senior Information Risk Owner supported by the Information Governance Group (IGG), Internal audit programme Annual information governance assessment Mitigating actions: Monitor mandatory training compliance (All Directorates) Ensure management assurance standards reflect current expectations Aggregated: 15+ High 5- Med 1- Low Individual: 5 very high high 3 med 2 low 1 v low 6

7 Controls listed in the risk register Accountable Director Undertake inspections in response to risk or potential improvements in quality, taking enforcement action, including prosecution, to Chief Inspectors protect people who use services and hold providers to account Providers / Trade Association engagement Risk information within CRM Sector Continuous improvement Groups Market oversight function Chief Inspector Adult Social Care and Registration Enforcement policy Performance reporting and management Executive Director Strategy and Intelligence Impact reports. Surveys of providers and other Strategic measures State of Care and thematic reports Quality and management assurance frameworks Scheme of Delegation Operating Model; Change framework; Organisational Development Committee; Programme Board structure Medium Term Strategy Group; Medium term plan Use of Cygnum to coordinate inspection and external specialist resource Strategy, MOUs and agreements with partners, FYFV; National Quality Board; National Information Board; National Improvement and Leadership Development Board; Health and Social Care Regulators Forum Internal audit. Horizon scanning by Policy & Strategy Work with partners and other stakeholders Working with other regulators ongoing engagement with a range of organisations as part of Strategy roll out Guidance for people contacting CQC on our website Change and project management capability Business planning Quality assurance (sampling) NCSC processes for concerns Executive Director Customer and Corporate Services Appeals; representations and complaints processes Legal support Investment Committee Business continuity arrangements People policies; staff survey; grievance process; counselling L+D strategy and plans Workforce planning group; processes to support recruitment Budget setting, Budgetary and recruitment controls Information management and governance policies, training, access and security controls, Senior Information Risk Owner supported by the Information Governance Group (IGG) Board and Committee scrutiny and challenge (RCG). The CQC Board Board representing CQC with senior stakeholders, including Ministers and MPs The CQC Board Senior engagement with Department of Health Chief Executive Aggregated: 15+ High 5- Med 1- Low Individual: 5 very high high 3 med 2 low 1 v low 7