Risk Management Strategy Review. Deloitte recommendations and Implementation Plan

Similar documents
Risk Management and Assurance Strategy

Board Assurance and Escalation Framework

BOARD ASSURANCE FRAMEWORK

GOVERNANCE SMART objectives / SUHFT board development programme

Risk Management Implementation Plan

BOARD OF DIRECTORS: 1 st June 2018 AGENDA ITEM: 5.1 SUBJECT: Performance Management & Accountability Framework Rebecca Brown Chief Operating Officer

Risk Management Strategy

The Kirkup report. Governance Project Mary Aubrey, Director of Governance May 2015

ASSURANCE FRAMEWORK. A framework to assure the Board that it is delivering the best possible service for its citizens SEPTEMBER 2010.

Identifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk

Revisions to the governance and committee structures will be updated in line with approvals at the December Trust Board.

Active Essex Risk Management Strategy

Response to Hard Truths - Action Plan Update Quarter 4 (March 26 th 2014)

Internal Audit Report Corporate Governance and Risk Management

Meeting Date 15 March 2018 Agenda Item 2b

Open Information Purpose of the Report

Hours of Work: 37.5 hours per week (part time hours negotiable)

ANNUAL GOVERNANCE STATEMENT 2016/17 AUDIT AND RISK COMMITTEE. 28 March Report by Chief Executive

Future-Focused Finance Accreditation

RISK MANAGEMENT STRATEGY

Well Led Governance Review

Externally Facilitated Board Effectiveness Review

For: Information Assurance Discussion and input Decision/approval. Ellen Bull, Deputy Director of Quality Author Contact Details: 3531

TRUST GOVERNANCE POLICY (formerly referenced as the CMFT Governance Strategy) - UPDATED NOVEMBER

Job description and person specification

RISK MANAGEMENT POLICY

Customer Support Group (CSG) Invoicing and Monitoring Arrangements. April 2016

CARBON REDUCTION AND SUSTAINABILITY POLICY

TRUST BOARD 26 MAY 2011 ANNUAL REVIEW OF BOARD COMMITTEES 2010/2011

Board Self-Assessment: Results Report

LONDON BOROUGH OF BARNET CODE OF CORPORATE GOVERNANCE

RISK MANAGEMENT STRATEGY

RISK MANAGEMENT STRATEGY

Job Description Assistant HR Business Partner Document Owner: Head of Human Resources & Organisational Development

Risk Register. Date 22/11/2013 Risk Status. Risk Area. Open. Restructure

Job description and person specification

OUR LEADERSHIP DEVELOPMENT JOURNEY

Draft Internal Audit Plan 2012/13 Audit Committee (September 2012) Airedale NHS Foundation Trust

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY MEETING ORGANISATIONAL DEVELOPMENT FRAMEWORK UPDATE 2018/2019

Risk Management Strategy

Cancer Programme Manager. Full time (37.5 hours per week)

Issues Management Policy and process

Board Assurance Framework Process and Standing Operating Procedure

Job description and person specification

Role Profile. Role Details. Grade 4 Business unit. Date produced or updated March 2017

JOB DESCRIPTION 1. GENERAL INFORMATION. Project Manager Pathway Group specific

Director of Patient Experience and Stakeholder Management

Board Assurance Framework

Freedom to Speak Report Update Self Assessment Review 1 October 2018

NOT PROTECTIVELY MARKED. HM Inspectorate of Constabulary in Scotland. Inspection Framework. Version 1.0 (September 2014)

Scheme of Delegation. Why does it matter? There are three core functions of effective governance:

TRUST-WIDE NON-CLINICAL POLICY DOCUMENT. Date Ratified: February 2015 Next Review Date (by): Interim Review August 2017 Version Number: 2015 Version 1

Structured Assessment Public Health Wales NHS Trust

COMMUNICATIONS STRATEGY

Quality Impact Assessment Procedure. July 2012

JOB DESCRIPTION. Head of Quality and Compliance. Director of Quality and Safety ORGANISATIONAL CONTEXT

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST STRENGTHENING GOVERNANCE ARRANGEMENTS. Report to the Trust Board 24 May 2016

Code of Corporate Governance

INFECTION PREVENTION CONTROL DOMAIN 4 LEADERSHIP AND MANAGEMENT

Marketing and Social Media Executive Summary

The Newcastle Upon Tyne Hospitals NHS Foundation Trust. Aggregating Data and Learning from Incidents, Complaints and Claims Policy

Corporate Governance Statement 2016/17

JOB DESCRIPTION. Manager Service Management Technical Systems & Proposed band. Job family

Item Name of. Finance. Committee. Dr John. many areas as 2017/18. forward. follows: The Trust. Additionally. care.

Job description and person specification

1.1 Contributes to the Trust s Organisational Development strategy to improve overall organisational performance and effectiveness

BOARD OF DIRECTORS TERMS OF REFERENCE OF SUB-COMMITTEES

SUSTAINABLE PROCUREMENT POLICY

CLINICAL & PROFESSIONAL SUPERVISION POLICY (replacing 033/Workforce)

GOVERNANCE STRATEGY October 2013

Trust Board Meeting. 2 July 2015

At Alternative Futures Group we define the quality of our services through

HUMAN RESOURCES POLICY Draft 3

Value For Money Strategy 2016/21

Equality, Diversity, Fairness and Opportunity Policy

Risk Management Strategy

APPENDIX 1 DRAFT REVIEW AGAINST THE CODE OF CORPORATE GOVERNANCE

The development of a quality scorecard to support primary care commissioning and contracting

Meeting Date 15 March 2018 Agenda Item 2d

Role Profile. Role Title: Head of Compliance. Directorate: Housing Services. Department: Property Services. Team: Compliance.

Risk Management Strategy, Policy and Guidance

CCG CO12 Policy and Framework for Partnership Governance

ID Title Location Inh > Res Owner/Manager Controls Actions (with Progress)

Item IG15/32 To improve health and provide excellent care

Belfast Health and Social Care Trust (BHSCT) Personal and Public Involvement (PPI) Monitoring Report September 2017

Policies, Procedures, Guidelines and Protocols

Title of Meeting: Governing Body Agenda Item: 7.4

Sub-section Content. 1 Preliminaries - Post title: Head of Group Risk - Reports to: CRO - Division: xxx - Department: xxx - Location: xxx

Quality Improvement and Performance Framework

Best Value in Public Services. Guidance for Accountable Officers

Board Governance Statements for Self Certification

JOB DESCRIPTION. Medical Director

AUDIT COMMITTEE: SELF ASSESSMENT CHECKLIST 2013/14

United Lincolnshire Hospitals NHS Trust. Governance Statement 2015/16. Scope of responsibility. The governance framework of the organisation

Organisational Development Strategy

Recruitment Consultant Level 3 End Point Assessment

29/11/2017. Risk Management Policy

LIVERPOOL HEART AND CHEST HOSPITAL EQUALITY AND INCLUSION STRATEGY

SHEFFIELD TEACHING HOSPITALS NHS FOUNDATION TRUST EXECUTIVE SUMMARY REPORT TO THE BOARD OF DIRECTORS. HELD ON 25 SEPTEMBER 2018

Workforce Race Equality Standard (WRES) Data and Action Plan

Transcription:

Risk Management Strategy Review Deloitte recommendations and Implementation Plan 1. Purpose 1.1. This paper provides the results of the annual review of the current Risk Management Strategy. The results of the review establish a benchmark from which CHUFT can measure risk maturity, and set a target for 2014/15. 2. Background 2.1. The Trust Board reviewed and approved version 9, of the Risk Management Strategy in March, 2014. The strategy sets out the requirement for a formal evaluation of the implementation of the Risk Management Strategy annually. 3. Review Methodology and Results 3.1. In order to fully review the Risk Management Strategy Implementation Plan consistently on an annual basis the Quality Hub has adopted a risk management maturity assessment based on a modified version of the HM Treasury Risk Management Assessment Framework. This self-assessment framework measures the extent to which good risk management policies are being practised across an organisation and is derived from the European Foundation for Quality Management (EFQM) excellence model. 3.2. It covers seven core areas with each category having an individual assessment that is then aggregated up to provide an overall rating for the Trust. 1.Risk leadership 2.Risk strategy and policies 3.People 4.Partnerships 5.Risk management process 6.Risk handling 7.Outcomes Category 4. Category and Weighting 4.1. In order to determine the Trust s Overall Risk Maturity Rating, weightings have been applied to categories (weights 1-5) indicating level of importance to the Trusts (5 being very important and 1 less so). Weightings applied to the Trust s core areas are: Category Weightings(w) Risk leadership 4 Risk strategy and policies 3 People 3 Partnerships 2 Risk management process 2 Risk handling 3 1

Outcomes 5 4.2. A baseline self-assessment using this methodology was undertaken in March (year 1) prior to version 9 of the Risk Management Strategy being approved. Category Weightings x Assessed Level (AL) Score Risk leadership 4 1 4 Risk strategy and policies 3 2 6 People 3 2 6 Partnerships 2 1 2 Risk management process 2 2 4 Risk handling 3 2 6 Outcomes 5 1 5 Total Score 33 5. Overall Assessment Levels / Rating 5.1 The overall Risk Maturity Matrix Score for the Trust was 33/110. The overall Risk Maturity Matrix Score for the Trust was 33/110. This translated to an overall risk maturity rating of Level 2: Approaches for addressing risks are being developed and action plan for implementation being devised Levels Score Descriptor 1 1-30 The organisation has an awareness and understanding of risk management 2 31-60 Approaches for addressing risks are being developed and action plan for implementation being devised 3 61-80 Risk management applied consistently and thoroughly across the organisation 4 81-95 The organisation is proactive in driving, and maintaining the embedding of risk management and integration in all areas of the organisation 5 95-110 The organisation sustains risk capability, organisational & business resilience and commitment to excellence in risk management, leaders regarded as exemplars 5.2 The following section describes in detail the assessment and implementation plan for CHUFT in 2014/15. The plan is constructed in a tabular format with levels of assessment, core weighting scores, summary evidence that is informed by the February, 2014 Deloitte risk report (denoted in red), additional summary evidence has been provided by the quality hub. 2

The plan has been designed to improve the CHUFT risk maturity from level 2 in 2013/14, to level 3 in 2014/15. 3

6. Risk Maturity Detailed Assessment and Implementation Plan (inclusive of Deloitte actions) A. Leadership Level 1 Awareness & understanding Level 2 Implementation planned & in progress Level 3 Implementation in all key areas Level 4 Embedding and improving Level 5 Excellent capability established Top management are aware of need to manage uncertainty and risk and have made resources available to improve Executive Directors and Non-Executives take the lead to ensure approaches for addressing risk are being developed and implemented Executive Directors act as role models to apply risk management consistently and thoroughly across the organisation Executive Directors are proactive in driving and maintaining the embedding and integration of risk management; in setting criteria and arrangements for risk management and in providing top down commitment to well managed risk taking to support and encourage innovation and the seizing of opportunities Executive Directors reenforce and sustain risk capability, organisational & business resilience and commitment to excellence. Leaders regarded as exemplars Leadership Self Assessment Score Level 1 4

Audit Commentary - Summary Evidence Implementation Plan Requirements 2014/15 With regard to the Risk Management Strategy ensure: suggested improvements are implemented to develop a comprehensive risk management strategy that is fit for purpose; that the draft is subject to widespread clinical and operational consultation prior to Board ratification and approval; and the document and the approach to risk escalation throughout the organisation is communicated to all staff. Ensure that the proposed Quality Impact Assessment process for CIP schemes is: developed in conjunction with clinical teams; Includes a requirement for clinical lead sign off for each quality impact assessment; and includes reference to quality indicators to allow tracking post implementation. Ensure communications regarding risks to the organisation are delivered effectively through a variety of platforms to ensure full understanding by all staff groups. Ensure improved communications to staff regarding changes that have been made as a result of their concerns, for example using You said, We did campaigns Review the scope for greater executive participation in operational sub-committees and for more scrutiny of papers at EMT meetings to ensure that there is appropriate Executive oversight prior to consideration of issues at the assurance committees. Implement suggested improvements to ensure that BAF is a useful tool and gives value to the Board. Version 9, of the Risk Management Strategy to be Board approved in March, 2014 New Corporate Risk Register to be developed maintained by the Executive Team and presented at each board subcommittee meeting. Board Assurance Framework to be designed and populated with 2014 strategic objectives/priorities. Board to review content and consider assurances from its sub-committees prior to amending risk rating Strategy to be launched and communicated to all staff and stakeholders 2014/15 Governance structure to be implemented Annual review of risk maturity to be presented to Risk and Assurance Committee Language of risk to be included as a part of the organisational dictionary Implement suggested improvements to ensure that the CRR is a useful tool and gives value to the Board. Senior manager do not know how to apply risk systems to identify or keep their respective risks current 5

Audit Commentary - Summary Evidence Implementation Plan Requirements 2014/15 Risk not used to support innovative service developments Accountability arrangements unclear Risk not proactively identified via horizon scanning 6

B. Risk Strategy and Policies Level 1 Awareness & understanding Level 2 Implementation planned & in progress Level 3 Implementation in all key areas Level 4 Embedding and improving Level 5 Excellent capability established The need for a risk strategy and related policies has been identified and accepted A risk management strategy & policies have been drawn up and communicated and being acted upon Risk strategy & policies are communicated effectively and made to work through a framework of processes Risk strategy & policies are communicated effectively and are an inherent feature of department policies and processes Risk management aspects of strategy and policy, making help to dive the risk agenda and are reviewed and improved, role model stratus Risk Strategy and Policies Self Assessment Score 2 Audit Commentary - Summary Evidence Implementation Plan Requirements 2014/15 Develop a risk appetite statement and then align expected behaviours to manage risk within the boundaries set by the appetite statement. Current risk strategy (Version, 8) is dated and does not reflect organisational structure or roles and responsibilities. Horizon scanning, treatment, risk profile, benchmarking. Link to risk domains or risk treatment not defined Risk Appetite statement to be written and communicated to all relevant staff. Implement Risk Management Strategy Version 9, 2014. Strategy not supported by plan for improvement or assessment 7

C. People Level 1 Awareness & understanding Level 2 Implementation planned & in progress Level 3 Implementation in all key areas Level 4 Embedding and improving Level 5 Excellent capability established Key people are aware of the need to assess and manage risks and they understand risk concepts and principles Suitable guidance is available and a training programme has been implemented to develop risk capability A core group of people have the skills & knowledge to manage risk effectively People are encouraged and supported to be innovative and are generally empowered to take well-managed risks. Most people have relevant skills & knowledge to manage risks effectively and regular training etc. is available for people to enhance their risk skills and fill any gaps All staff are empowered to be responsible for risk management and see it as an inherent part of the Divisional / Directorate business. They have a good record of innovation and well managed risk taking People Self Assessment Score 2 Audit Commentary - Summary Evidence Conduct risk management training for all current Board members, focusing on the NHS environment and Trust context. The training should focus on an effective risk management process with emphasis on risk treatment, how to make decisions about risk and using risk appetite. Implementation Plan Requirements All risk training to be evaluated, linked to appraisal system and made mandatory at induction Levels of risk training to reflect role and responsibilities of individuals and their respective banding 8

Audit Commentary - Summary Evidence Where necessary, design and implement more comprehensive and customised risk management training to meet the requirements of individual NEDs. Consider the need for a wider NED skill set and capability review to identify additional development requirements for NEDs. Determine the most appropriate Executive Director to be responsible for non-clinical risk management, to include due consideration of the benefits of combining risk management of clinical and non-clinical risks into a single portfolio. Proactively encourage an increase in uptake of training for clinical staff as incident investigators to ensure a wider and more appropriate resource pool for allocation of incidents. Implementation Plan Requirements Board development plan to consider risk management training Board risk workshop organised for March, 2014 Access to advice and support to create and maintain risk culture to be the remit of the quality hub. Guidance to be created and developed by the quality hub, on an integrated risk management toolkit Allocation/delegated overall responsibilities for Risk and Safety to agreed and reflected in risk management strategy, version, 9 2014. Review the training provision and content to all grades of staff in line with the revised Risk Management Strategy. Determine the most appropriate Executive Director to be responsible for non-clinical risk management, to include due consideration of the benefits of combining risk management of clinical and non-clinical risks into a single portfolio. Risk culture not evident, risk seen as bad news and failure Staff not confident risks will be treated or escalated in a timely fashion Risks are in silos, not integrated, linked or aligned to other HR issues. 9

D. Partnerships Level 1 Awareness & understanding Level 2 Implementation planned & in progress Level 3 Implementation in all key areas Level 4 Embedding and improving Level 5 Excellent capability established Key people are aware of areas of potential risk with partnerships and understand the need to agree approaches to manage these risks Approaches for addressing risk with partners are being developed and implemented Risk with partners is managed consistently for key areas and across organisational boundaries Robust risk management arrangements have been established. The most suitable: partnership arrangement (PFI, arms length etc.); partners; suppliers etc are selected in full knowledge of the risks, risk management capability & compatibility Excellent arrangements in place to identify and manage risks with all partners and to monitor and improve performance. Organisation regarded as a role model Partnerships Self Assessment Score 1 Audit Commentary - Summary Evidence Implementation Plan Requirements 2014/15 No common agreement (risk register, log, shared risk or risk information exchange with partners. No clarity about partnership risk accountability/responsibility identification and treatment. No agreement for access to risk information Negotiate and agree formal process with partners for risk and risk management arrangements.subject to CEO/Board approval 10

E. Risk Management Processes Level 1 Awareness & understanding Level 2 Implementation planned & in progress Level 3 Implementation in all key areas Level 4 Embedding and improving Level 5 Excellent capability established Some stand-alone risk processes have been identified Recommended risk management processes are being developed Risk management processes implemented in key areas. Risk capability self - assessment tools used in some areas Risk management is an integral part of the organisation s core processes (policy, planning, delivery etc.) and data are collected to monitor and improve risk management performance Management of risk & uncertainty is an integrated part of all business processes. Best practice approaches are used and developed. Selected as a benchmark site by other organisations Risk Management Processes Self Assessment Score 2 Audit Commentary - Summary Evidence Implementation Plan Requirements 2014/15 Ensure the accountability framework includes a clear understanding of the roles and responsibilities of the triumvirate leadership teams in relation to risk management. Ensure the Divisional Directors and their leadership teams have access to appropriate professional development support/training in relation to risk management and more Implementation plan to achieve level 3 for 2014/15 in place and agreed Risk data capture system (Datix) to be re-mapped against required data fields: Cause, Effect and Impact Risk Domains CQC Standards 11

Audit Commentary - Summary Evidence Implementation Plan Requirements 2014/15 generally. Consider the function and role of the Quality Hub, and the support to the divisions in conjunction with the Divisional Directors. Continue with the plans to introduce a robust and consistent performance management framework that enables the clinical divisions to operate on an earned autonomy basis, which is supported by the Executive Directors. Introduce a programme of education at the Ward, Service and Divisional level aimed at improving awareness around the recording of appropriate risks on the Risk Register. Ensure incidents and complaints are jointly analysed with the ability to identify local areas of concern through the process. Service, Divisional, and Corporate Risk Register Board Assurance Framework Integrated risk, safety Incidents and complaint reports to be generated from Datix and presented to relevant board subcommittee and stakeholders Validity, reliability and evidence for risk control/mitigation will be scrutinised by the relevant board sub-committee for assurance All board sub-committees will close with a request for any items for the risk register Audit and re-define use of LEAP process, focussing on SMART action planning. Introduce complaint and incident rates and benchmarking data to the suite of divisional management information. Expand the programme of internal inspections to ensure that wards are reviewed using the CQC essential standards. Introduce a list of minimum requirements for committee papers to comply with, including consideration of associated risks, and a clear and concise overview of the key issues focussing on providing assurance rather than operational detail. This should include a standardised cover sheet. Ensure incidents and complaints are jointly analysed with the ability to identify themes, trends and local areas of concern 12

Audit Commentary - Summary Evidence Implementation Plan Requirements 2014/15 through the process. Reconsider the criteria for the completion of LEAPs to ensure that they are meaningful and that staff are able to track implementation and audit to ensure embedded in practice. Also endeavour to look at the changes required for themes The Internal Audit forward plan should be developed to incorporate a robust programme around quality governance including review of the complaints and incidents handling processes rather than individual incidents where appropriate. Risk not routinely identified or recorded in: Safety and Compliance Project Management Operational Management Performance Management Business Planning Spending Review Risk not seen as good management practice Risk process does not demonstrate: Transparency Engagement (internal or external) Consistant activities Validity and reliability of evidence for risk control/mitigation Measurement of organisational risk performance/maturity not annually appraised. Business continuity risks not seen on risk registers 13

Audit Commentary - Summary Evidence Implementation Plan Requirements 2014/15 Risk escalation process not clear or evidenced Risk identification/description poorly defined F. Risk Handling Level 1 Awareness & understanding Level 2 Implementation planned & in progress Level 3 Implementation in all key areas Level 4 Embedding and improving Level 5 Excellent capability established No clear evidence that risk management is being effective Limited evidence that risk management is being effective in at least most relevant areas Clear evidence that risk management is being effective in all relevant areas Clear evidence that risks are being handled very effectively in all areas Risk Handling Self Assessment Score 2 Very clear evidence of excellent risk handling in all areas and that improvement is being pursued Audit Commentary - Summary Evidence Implementation Plan Requirements 2014/15 Reassess whether the responsibilities of the Quality and Patient Safety Committee are appropriate and manageable within the time available with a view to considering the need to reassign responsibility for performance to another Board Committee. Review the adequacy of the administrative support to the committees to ensure that this is not adversely impacting on the Implement 2014, governance arrangements Provide learning and sharing risk information to comms dept. for dissemination across the trust Quality hub to assist divisions in creating KPI matrix for risk 14

Audit Commentary - Summary Evidence Implementation Plan Requirements 2014/15 ability of members to deliver on agreed actions. Amend the Board agenda so that each committee chair provides a brief written and verbal summary of the key issues arising from the most recent committee meeting, specifically which matters are being escalated for the Board s attention and which have been referred to other committees. management Quality hub to assist divisions in creating risk registers and develop processes for onward reporting/escalation Consider organising the agenda so that any points for escalation are presented just prior to the relevant agenda item. For example, report from QPSC is reported immediately prior to quality agenda rather than at the end of the meeting. Provide regular updates to the Audit and Risk Committee on the status and use of Risk Registers at the Ward, Service and Divisional level to include a set of KPIs for the Risk Register. Ensure that all ward, departmental and service governance meetings are supported to meet on a monthly or bi-monthly basis and that core agenda items are discussed. Little evidence of risks being reduced or controlled Risk not being used as an enabler or decision making tool Risk outcomes not being utilised as a vehicle for learning and sharing across the organisation 15

G. Outcomes Level 1 Awareness & understanding Level 2 Implementation planned & in progress Level 3 Implementation in all key areas Level 4 Embedding and improving Level 5 Excellent capability established No clear evidence of improved outcomes Limited evidence of improved outcome performance consistent with improved risk management Clear evidence of significant improvements in outcome performance demonstrated by measures including, where relevant, stakeholders perceptions Clear evidence of very significantly improved delivery of outcomes and showing positive and sustained improvement Outcomes Self Assessment Score 1 Excellent evidence of markedly improved delivery of outcomes which compares favourably with other organisations employing best practice Audit Commentary - Summary Evidence Implementation Plan Requirements 2014/15 No evidence of risk being used for: Better public services Sustained improvements Fewer negative, more positive press reports on delivery Achievements of business/strategic objectives Project(s) success Improved value for money Delivery within budget Effective control of fraud Increased Public confidence Attract positive comments (staff, partners, stakeholders) Share risk management strategy, version 9, 2014 with stakeholders Implement 2014/15 risk plan Enter CHUFT for national ALARM award for risk management 16

9. Recommendations 9.1 The Committee is asked to note and discuss the content of this report. Kevin Street Associate Director of Governance (interim) 17

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback