Risk Management Implementation Plan

Similar documents
Risk Management Strategy Review. Deloitte recommendations and Implementation Plan

Active Essex Risk Management Strategy

Open Information Purpose of the Report

Belfast Health and Social Care Trust (BHSCT) Personal and Public Involvement (PPI) Monitoring Report September 2017

Risk Management and Assurance Strategy

Organisational Development Plan

Role Title: Chief Officer Responsible to: CCG chairs - one employing CCG Job purpose/ Main Responsibilities

GOVERNANCE SMART objectives / SUHFT board development programme

OUR LEADERSHIP DEVELOPMENT JOURNEY

Meeting Date 15 March 2018 Agenda Item 2b

The 9 Characteristics of Successful Multi Academy Trusts. Sir David Carter South West Regional Schools Commissioner July 2015

Tenant and Customer Engagement Strategy

ASSURANCE FRAMEWORK. A framework to assure the Board that it is delivering the best possible service for its citizens SEPTEMBER 2010.

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY MEETING ORGANISATIONAL DEVELOPMENT FRAMEWORK UPDATE 2018/2019

Risk Management Strategy

Advancing Workforce Race Equality in Sheffield Teaching Hospitals NHS Foundation Trust: A Precursor Paper

Board Training and Development Programme

COMMUNICATIONS STRATEGY

Best Value in Public Services. Guidance for Accountable Officers

BOARD ASSURANCE FRAMEWORK

Risk Management Strategy

RISK MANAGEMENT POLICY

The 10 Characteristics of Successful Multi Academy Trusts

Southern Health and Social Care Trust (SHSCT) Personal and Public Involvement (PPI) Monitoring Report September 2017

Impact of Agile on Change Management

Aberdeen City Health and Social Care Partnership. Strategic Risk Register 2017/18

TA Corporate Risks - Ethical Business Practice and Modern Compliance Framework Technical Annex. September 2018 Version 1.0

LIVERPOOL HEART AND CHEST HOSPITAL EQUALITY AND INCLUSION STRATEGY

Risks, Strengths & Weaknesses Statement. November 2016

pwc.co.uk Enterprise Risk Management

Customer Service Strategy. Adelaide City Council. Contents

SM&CR Culture Measurement Toolkit

Vision + Values + Leadership = Performance

Internal Audit Report Corporate Governance and Risk Management

the council initiative on public engagement

Appendix 1. Draft. Organisational Development Strategy November 2015 March 2017

Highways England People Strategy

Involvement Plan Involving People, Improving Services

WORKFORCE STRATEGY UPDATE NOVERMBER 2017

Cultivating a Risk Intelligent Culture A fresh perspective

Strategic Objectives and Organisational Behaviours Report for the AWP NHS Trust Board Meeting Time: 12:00

This policy establishes the approach to risk management at Sunshine Coast Council (Council) and outlines the guiding principles and framework.

TRUST BOARD HIGHLIGHT REPORT FROM THE CHAIR OF THE AUDIT COMMITTEE

Stakeholder Engagement Strategy Version: 1.2 Issue Date: November 2016 Status Draft

CHRISTIAN AID GLOBAL COMPETENCY MODEL

Risk appetite and internal audit

Customer Service strategy

Our strategy Supporting our communities to live life well

Commissioning Director, Children and Young People (DCS)

Report of the workshop on facilitating shared ownership on health and wellbeing boards

Governance, Risk Management & USE Workshop. 1 & 3 March 2011

Cascading change throughout an organisation

Freedom to Speak Report Update Self Assessment Review 1 October 2018

Putting our behaviours into practice

Employee Engagement: getting the best from your people A Roevin recruitment guide

ICAAP. Engaging the business in risk management. A presentation to FIDE Forum by Penny Fosker. 10 January towerswatson.com

APPOINTMENT OF CHIEF OPERATING OFFICER APPOINTMENT BRIEF MARCH 2019

Auditing culture and risk culture in financial services firms. Making the intangible, tangible and auditable

Audit Committee Annual Report. Director of Corporate Governance. Stage 1 only (no negative impacts identified)

Performance Risk Management Jonathan Blackmore, May 2013

Northern Devon Healthcare Trust. Organisational Development Plan

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

National Commissioning Board. Leading Integrated and Collaborative Commissioning A Practice Guide

Aberdeen City Health and Social Care Partnership. Strategic Risk Register 2017/18 Approved at Audit & Performance Committee

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP INNOVATION POLICY

SCOTTISH AMBULANCE SERVICE Interim Strategic Workforce Plan Towards 2020

STRATEGIC PLANNING AND STRATEGIC CHANGE REPORT. Director of Planning and Performance. Director of Planning and Performance

May DfE Revised WT 2018 Guidance expected to be published and enactment date known

Bank of Ireland. Service Integration as a means to govern a multivendor. 11 th October 2013

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST STRENGTHENING GOVERNANCE ARRANGEMENTS. Report to the Trust Board 24 May 2016

The Kirkup report. Governance Project Mary Aubrey, Director of Governance May 2015

Boardroom behaviour and the QCA Corporate Governance Code

Interim Review of the Public Engagement with Research Catalysts Programme 2012 to 2015

HUMAN RESOURCES STRATEGY HUMAN RESOURCES STRATEGIC PLAN

Auditing Governance at Board level October 2017

EAST OF ENGLAND AMBULANCE SERIVCE NHS TRUST HUMAN RESOURCES STRATEGY 2011 TO 2016

Health and Social Care Information Centre (ENDPB) Board Meeting Public Session

LEADERSHIP COMPETENCY FRAMEWORK

Chairman of Hillingdon HealthWatch. Recruitment Pack

Response to Hard Truths - Action Plan Update Quarter 4 (March 26 th 2014)

Head of Education, Continuous Professional Development and Standards. Social Work England

Implementing Improvement. The Quick Guide to. Making the safety of patients everyone s highest priority

The Medical Leadership Competency Framework

BACKGROUND pages 1-2 CASE STUDY pages 3-5 TEMPLATES pages 6-18

Certificate in Enterprise Risk Management

Feedback and analysis of the Staff Engagement Index Pulse Survey

HEALTH PURCHASING VICTORIA STRATEGY. December 2017

Engaging Health Staff. An Introduction

Community Housing Cymru s Code of Governance

Head of Registration Social Work England

Supporting all NHS Trusts to achieve NHS Foundation Trust status by April 2014

Assuring Delivery Excellence in the Public Sector through Smarter Programme Delivery

Business plan

Business Partnering Skills and Capabilities Model Electrocomponents - Case Study

Equality and Diversity Policy

CGMA Competency Framework

A PEOPLE STRATEGY FOR THE HOUSE OF LORDS ADMINISTRATION

Transcription:

41 07 Management Author: Dr Kevin Street; Interim Chief Officer Date: 20 November 2015 Version: 1 Sponsoring Executive Director: Rhiannon Beaumont-Wood Who will present: Kevin Street Date of Board / Committee meeting: 1 December 2015 Committee/Groups that have received or considered this paper: Pre-Board Executive Meeting The Board / Committee are asked to: (please select one only) Approve the recommendation(s) proposed in the paper. Discuss and scrutinise the paper and provide feedback and comments. Receive the paper for information only. Link to Public Health Wales commitment and priorities for action: (please tick which commitment(s) is/are relevant) Priorities for action include relevant priority for action(s) Date: 20 November 2015 Version: 1 Page: 1 of 13

Management Framework 1 Introduction This paper follows the integrated risk management framework, and sets out, how at a high level, the framework is to be implemented over the life cycle of the Public Health Wales strategic plan. 2 Background The need to prepare an implementation plan is to ensure that evidence of improving risk performance becomes a measurable achievement. Essential to the plan and highlighted through the framework are the requirements to create and use a board assurance framework, corporate risk register, and local risk registers. These systems and processes support escalation and deescalation of risk. 3 Timing Progress has already been made, but there is a recognition that some urgency in establishing critical processes and systems require attention. Although the plan coincides with 3 year Public Health Wales strategic plan, it is expected that we will be reporting a much improved position in 2015/16. 4 Description This paper describes the start of our risk journey taking the reader through some of the context and theories which have been outlined in the framework and now need to embedded in the organisation. 5 Financial Implications Whilst there is an expected initial increase in organisational workload, the correct use of risk and risk management are expected to facilitate efficiency and effectiveness. Additional, resource for risk personnel are indicated in this paper. 6 Recommendation(s) The Board is asked to approve this paper. Date: 20 November 2015 Version: 1 Page: 1 of 13

Management Framework Purpose of this document This document sets out our approach and plan to support the implementation of the Integrated Management Framework Objective The primary objective of the implementation plan is to support the continued implementation of Integrated Management Framework throughout Public Health Wales. Summary Since the introduction of risk management as an explicit concept into the Public Sector, it has often been viewed as all risk is bad and therefore it must be eliminated or worse still that risk management stifles innovation. At Public Health (Wales) our approach to risk was to begin by explicitly acknowledging that our role in healthcare, and everything involved in running a large and complex organisation comes with risk that, in some cases, can never be fully eliminated. Success comes from creating a risk aware and risk responsive organisation. It is not about being risk averse but without the right culture and leadership it could easily become so. We recognise that to create a positive culture for risk management, you have to first create the right leadership. Ensuring that everyone within the organisation lives and breathes good risk management is something that has to come from the Chairman, Chief Executive and wider Board. That is not to say that we are all about risk, rather it is about our commitment to using risk as a decision making tool We considered the components required for creating a positive environment for risk management. In terms of leadership it is essential that the vision for risk management comes from the whole Board and that the Executive has the skills and experience to truly champion risk. In terms of culture our attitude to risk and the development of our risk appetite statement set the tone for the whole organisation. We then set out the key steps we took in transforming the risk landscape of our organisation. This began with measuring our starting point by making a critical assessment of our risk maturity to identify the changes needed to our processes so they went beyond the tick box and translated into a robust new integrated risk management framework. To truly embed risk management effectively takes time. In the first year of our implementation plan we will be educating and training staff; developing Date: 20 November 2015 Version: 1 Page: 2 of 13

our risk appetite statement; and ensuring we have clear processes for identifying and describing risks, dealing with escalation and de-escalation and managing and monitoring risks. We are only six months into a three year journey but already we have seen the positive impact in improvements to our risk maturity and have gained a clear understanding of the next steps that we need to take to continue to transform our risk landscape. Introduction management goes to the heart of what we do in Public Health (Wales). In large, complex organisations like ours managing risk can seem a daunting task. However, it is inherent in everything we do and we manage it successfully every day. It is not a new challenge and because it forms an intuitive part of our daily work, the key is to manage risk in a simple, effective and consistent way. We are not alone in managing these risks which means we must work continuously with other partners involved in the delivery of strategic objectives. Our risk management systems should be designed to enable this to happen effectively. s occur in every area of business and we recognise that there is much to learn from other sectors outside of the health arena. By comparing our approach with that of other sectors, we can identify what works best and what needs to change. This in turn enables us to bring our risk management processes to life in an effective and meaningful way and ensures they are class-leading. Creating a Positive Environment for Management Given that culture and leadership are intrinsically linked, we decided to implement a number of key actions to allow a positive environment to flourish: Leadership Our response to the leadership challenge was to create a dedicated senior risk professional with significant accountability, a role that reports directly to the Executive Director of Quality, Nursing and Allied Health Professionals. The job portfolio includes Information Governance and Management, reflecting the essential links between these important but emerging agendas. Date: 20 November 2015 Version: v1 Page: 3 of 13

The Executive Team felt strongly that this role had to provide an independent voice on assurance and should have the relevant skills and experience to champion risk at board level. Involving our Non-Executive Directors, who bring a wealth of other experiences to the Board, added new insights and strengthened our overall commitment to high visibility leadership for the risk agenda. The Chair of our Audit Committee will work in partnership with the Head of and Assurance to develop and promote a broader understanding of risk management, leading to more informed debate on how it should work in Public Health Wales We have redefined the accountability and responsibility in the integrated framework for risk management at all levels of the organisation, by engaging staff in understanding their role in creating a positive risk culture. We have mapped the different responsibilities to ensure clarity of ownership and authority to act, linked to the management structure. Culture Having established a clear direction of travel on our leadership agenda, the implementation plan turns its attention to influencing the existing culture in relation to risk management in Public Health Wales. We have invested significant amounts of time and effort in improving our knowledge and understanding of risk management in our organisation. As well as conducting detailed diagnostics of the existing systems, we held several Executive and Board meetings to create a collective vision for how we wanted risk to be managed in our Organisation. culture is a term describing the values, beliefs, knowledge and understanding about risk shared by a group of people with a common purpose, in particular the employees, teams, or groups within an organisation. Public Health Wales will use a simple A-B-C approach (Institute of Management, 2012) in understanding how culture, and hence risk culture, works in practice. The Culture of a group arises from the repeated Behaviour of its members The Behaviour of the group and its constituent individuals is shaped by their underlying Attitudes Both Behaviour and Attitudes are influenced by the prevailing Culture of the group culture refines the concept of organisational culture to focus particularly on the collective ability to manage risk, but the wider Date: 20 November 2015 Version: v1 Page: 4 of 13

organisational culture itself is an active backdrop determining, and itself influenced by, risk culture. Taking each step in the model: attitude is the chosen position adopted by an individual or group towards risk, influenced by risk perception and pre-disposition behaviour comprises external observable risk-related actions, including risk-based decision-making, risk processes, risk communications etc. culture is the values, beliefs, knowledge and understanding of risk, shared by a group of people with a common intended purpose, in particular the leaders and employees of an organisation. Our implementation plan will focus on creating ownership at every level within the organisation by involving our staff in designing the tools to manage risk. We will encourage staff to be more risk aware by promoting openness and supporting them to manage risks locally where possible. We will train, encourage and support staff, managers and the board to create a risk culture suitable for our organisation. Transforming the Landscape in Public Health Wales To achieve a collective broad understanding of the level of transformation required to truly embed risk management in a meaningful way, we recognised that we needed to implement a programme of work over the course of three years. Since we began in June, 2015 we have invested considerable effort and resources into the review of risk management a process that has taken six months to reach this point. To ensure we maintained a focus on the final outcome of a fully embedded risk management system, we have developed a three year project plan (starting at Year 0 in October 2015 with an end point at Year 3 in July 2018. YEAR 0: Diagnosis and Strategy Development Date: 20 November 2015 Version: v1 Page: 5 of 13

Diagnosis and Framework Development ( June 2015 November 2015 ) June 15 July 15 Aug 15 Sep 15 Oct 15 Dec 15 Interviews Register Executive Team Presentation Maturity Framework Consultation Sub-committees Background Research Best Practice completed and accepted 1st draft Framework Board 2nd draft Framework Understanding our Starting Point Although we had a risk strategy in place, we felt it wasn t being used effectively as a management tool, but was sometimes seen by staff as a tick-box exercise. Our first step was to carry out a critical analysis of the existing risk management systems and processes. This involved: tolerance levels; hierarchy of Registers; escalation and de-escalation of individual risks and risk profiles. Our review of others practice identified some subtle but significant differences in the way in which risks were described and managed. We learned the importance of accurately describing risks in terms of their cause, the effect and the consequence of this risk materialising Interviews were conducted with Executive Directors, Non-Executive Directors and divisional directors to establish how successfully the current system was operating. Additionally a detailed review of the existing Registers at all levels of the organization alongside an examination of practice from both NHS and other materialising organizations determined the need for a formal risk management review. In order for us to form a baseline assessment we undertook a risk maturity assessment. The criteria used for this were based on those included in HM Treasury Management Assessment Framework, which was adapted, in part, for our organisation. Date: 20 November 2015 Version: v1 Page: 6 of 13

Information gleaned from the critical analysis was used to facilitate a number of discussions with various sub-committees. These focused on key issues for debate such as: the risk statement; risk appetite and risk description It is important that risks are clearly articulated so that they accurately identify the right controls and contingency plans. Using the following sub-headings helps to clearly describe risks. For example: Cause: Inability to release clinical staff for mandatory training due to staffing levels Effect: Results in staff not receiving compulsory training in resuscitation or blood safety Creating an Once our new integrated risk management framework is incremental in design, aligned to our IMTP strategic plan we have developed a project plan with defined intervals for measuring progress and adjusting our approach if necessary, recognising that organisations do not stand still. The plan is designed to help make the risk framework feel real for staff. It is essential that these new changes are communicated in detail to key staff and time will be spent talking to them to explain how the new system would work and the role they would play in making it happen Year 1 ( Oct 2015 Sep 2016 ) Oct 15 Nov 15 Dec 15 Feb 16 June 16 Sep 16 Year 1 BAF & CRR Development BAF & CRR approved by Exec/Board Training material, tools and escalation process development Toolkit approved by Exec Team Appetite Development Register Development Toolkit approved by Board Effectiveness Date: 20 November 2015 Version: v1 Page: 7 of 13

Year 2 ( Oct 2016 Sep 2017 ) Oct 16 Nov 16 Dec 16 Feb 17 June 17 Sep 17 Year 2 Effectiveness Present to Exec Team Refresh training material Deliver update training Quality of all Registers and address common themes Appetite updated Annual of Appetite by Board Effectiveness Year 3 ( Oct 2017 Sep 2018 ) Oct 17 Nov 17 Dec 17 Feb 18 June 18 Sep 18 Year 3 Effectiveness Present to Exec Team Appetite updated Annual of Appetite by Board Business as usual Effectiveness Date: 20 November 2015 Version: v1 Page: 8 of 13

Management Framework Resources Inevitably any process and system design of this size, scale and complexity will require additional resources. Our model and plan will promote decentralization with the provision of support focused on training staff to manage risk at their location with limited but slightly increased capacity from the centre; this is intended to be met in the recruitment of a risk training lead/analyst in 2016/17. Implementing the Plan A number of key actions formed the basis of us getting started in the first year and included: educating and training staff; developing our risk appetite statement; identifying and describing risks; dealing with escalation and deescalation of risks; and managing and monitoring risks via the Register and Board Assurance Framework. Educating and Training Staff We recognise the amount of time and energy we need to help the Board s understanding of risk and to involve staff in the design and creation of the tools necessary to implement the new framework and to enable them to do this in an effective way, we have developed specific training materials to increase their own knowledge and understanding of risk management, regardless of their level of experience to date. Developing our Appetite statement Traditionally Public Sector organisations have not always explicitly articulated their risk appetite or individual risk tolerance levels. Our risk appetite statement will describe our appetite for each of our seven strategic priorities. This appetite statement will be reviewed and updated on an annual basis. In developing the risk appetite statement, through a series of debates at the Board sub-committees, we recognise that sometimes there is a difference in perspectives between Executive Directors and Non-Executive Directors. This we hope will stimulate significant debate with contributions from all Board members resulting in a risk appetite statement that was agreed and owned by the full Board. Date: 20 November 2015 Version: 1 Page: 9 of 13

Management Framework Identifying and Describing s from Board to Service By approving the integrated risk management framework, the Board makes a decision to use our strategic objectives and compliance with all relevant legislation.as the foundation stone of our approach to identifying risks. This approach will enable us to more fully debate and understand our organisational structure and establish a clear hierarchy of Registers from Board to Service. This will make a deliberate connection risks on our registers and our Management decision-making processes that facilitate the integration of risk management into our performance management framework. Dealing with Escalation and De-escalation of s Managing and monitoring risks via Registers and the Board Assurance Framework Starting with the development of objective-based risks explicitly linked to the business planning process and framed around key domains will mean that our Registers will become more rounded management tools.the Registers will form an integral part of our divisional performance reports and will be reviewed through performance monitoring process. Other organizations appear to have struggled with understanding the difference between the Board Assurance Framework (BAF) and the Corporate Register (CRR). The CRR contains key operational risks that have been escalated from directorates unable or unauthorized to introduce adequate control or mitigation, this register is managed by the Executive Team. Escalation/ De-escalation BAF Corporate Register Directorate Register BAF Corp Service Escalate with options Treat Terminate Transfer Tolerate Escalate with options Board ET unable to authorise Service treatment option Executive Team Meeting Directorate authority cannot adequately control Directorate Successfully Mitigated/ ET able to authorise preferred treatment option Date: 20 November 2015 identified Managed locally Version: 1 Page: 10 of 13 Audit / Committee

The Board has responsibility for managing key strategic risks. All the risks in our BAF are of a strategic nature and are assigned to an individual lead Executive Director and allocated to a specific Board sub-committee. Each sub-committee is responsible for reviewing those risks in detail, with the Audit Committee retaining the review of the entire BAF and CRR. To support a robust level of scrutiny we have developed a process of deep dives to enable the individual risks to be examined in more detail. The process and schedule of scrutiny for these deep dives will be agreed by each sub-committee for the year and these will be programmed into the cycles of business of the committees. Similarly with our Register we wanted to create a simple system to gain an at a glance understanding of our risk profile. To support this we developed a Register on a page summary. This summary (dashboard) offers views, showing risk profile, the risk score the movement in risk scores. This enables a more focused discussion around the content of the Register. Next Steps We started by conducting an assessment of risk maturity to provide us with a baseline from which to demonstrate improvement. At the end of the first year of the project plan we will re- assess our risk maturity. This will provide the board with a clear view on the positive impact of the actions taken in year one in relation to the implementation of the framework across the following key categories: leadership, strategy & policy, people, partnerships, process, risk handling and outcomes. To ensure we succeed we will produce detailed how to guidance documents with narrative, questions and answers and supporting standard operating procedures. These will include: Assessment Registers Corporate Register Board Assurance Framework Additionally, we see training inclusive of Board development as integral to improving our risk performance. The aim is to show that our risk maturity level will have increased but also provided us with a set of clear actions to build into years two and three of project plan. The focus of our work for the next two years is on ensuring our risk appetite is applied to the business case process and is then extended Date: 20 November 2015 Version: v1 Page: 11 of 13

into a set of divisional-level risk appetite statements. Our training package and the materials are being reviewed and updated to further enhance the knowledge of all our accountable leads and to extend awareness beyond these staff to all staff across the organisation. We are also considering how best to review and report on the positive impact of the risk management process on the organisations risk profile, the aggregation of risks and the cumulative effect of accepting risks. We are a continuous learning organisation that aspires to achieve excellence. One of the key learning points for us was is that we have to be honest with ourselves and rather than turning stones, finding a problem and then replacing the stone, we have to deal with what we found. The challenges we faced may not be exactly the same for other Public sector organisations, but we recognise that there is no such thing as a short-term fix. Long-term views must be considered, whilst also being realistic about what can be achieved. Date: 20 November 2015 Version: v1 Page: 12 of 13

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback