Risk Management Report to the Board - November 2003
1. Risk Registers and the Assurance Framework
The Corporate Risk Register
? The structure of the corporate risk register has been revised and now
features columns for residual risk [the projected risk rating after risk
management controls have been implemented], and a traffic light score for
progress against the risk management control plan. The Risk Management
Committee reviews all risks where there is little or no progress against the
plan. Risk owners are asked to account for red traffic lights.
The updated corporate risk register can be found at Appendix A.
The Corporate Risk Register comprises:
? Trust-wide risks, identified through current and previous Risk Register
updates, scoring 12 and above
? Risks relating to Controls Assurance standards scoring 12 and above
? Locally identified risks scoring 12 and above which have a Trust-wide
Over the past three months all Corporate risk owners have been asked to
verify ownership of risks and the accuracy of entries in the register. A small
number of updates/changes have been notified and these are shown in red
on the November update attached at Appendix A.
Each risk is traffic-lighted according to progress with Risk Treatment Plans
(Green = progression to plan or plan complete; Amber = plan behind
schedule; Red = plan not started or no plan in place).
The following risks were allocated red traffic-lights at the September Risk
? EF17 Environment Management
? TW4 Adherence to observation Policy (see below)
? CA59 Infection Control – infection surveillance policy
? EF3 Control of Building Contractors
? EF6 Security – in patient sites
? SCA14 Cashiers security – staff injury/loss of cash (see below)
The risk owners were asked to provide brief update reports on the current risk
treatment plans, blockage/s to achieving the plans and actions
proposed/required to overcome the blockages.
Risk TW4 - Adherence to observation policy - has since been downgraded to
amber as the policy is now being reviewed.
Risk SCA14 - Cashiers Security - has also been downgraded to amber as
there has been significant progress in undertaking risk assessments at the
three sites (Bethlem, Maudsley and Lambeth Hospitals), the results of which
are being referred to the relevant site steering groups for prioritisation and
allocation of capital funding.
Local Risk Registers
? No new “local” risks have been escalated to the Corporate Risk Register at
? Responsibility for maintaining local Risk Registers and monitoring all locally
identified risks (irrespective of rating) rests with the relevant
Service/Department, via its established Risk Management (or equivalent)
Committee. Local Registers will be used as a Risk Management tool and
integrated with the annual Business Planning cycle.
? The strategic risks identified at the workshop in June are a good basis for
broad planning and change management. The next phase is to develop these
at Executive level to become inclusive of all significant risks that can be
categorised as strategic, and agree where controls are needed and
assurance is lacking. Zoë Reed has agreed to be responsible for taking this
forward with the Trust Executive and Board.
? The DoH definition of Assurance is “Confidence, based on sufficient evidence,
that internal controls are in place, operating effectively and objectives are
being achieved”. Judgement on the level of assurance for each risk on the
Corporate and Strategic Risk Register should be endorsed by Non-Executive
Directors of the Trust.
? The risk register in its current format will form the basis of the assurance
framework. There is more work to do to identify sources of assurance for
each identified risks, and rate levels of assurance. A system rating the level
of assurance has to be in place by Jan 2004 to satisfy the internal control
? The inclusion of local risk registers and significant risks within the
performance management framework is under discussion.
2. Incident Management
? From the 1st October new corporate arrangements for supporting the management of SUIs have been established. A central incident team is based at the Maudsley. The team will co-ordinate the reporting of SUIs, distribute internal and external SUI notifications, track investigations, continue to support the Directorate SUI panels, and will advise Managers and facilitate systematic methods of investigation and identification of corrective actions [recommendations]. Michelle Davis, Board Level Inquiry Co-ordinator is based at Trust HQ.
? Aspects of the incident process are under review with the objective of improving the way in which the organisation learns the lessons from incidents in order to reduce the risk of recurrence, and improve safety and quality.
? Risk Pooling Scheme for Trusts - RPST
Compliance at RPST Level one was achieved in September, as a result of independent assessment. Scores of 75% and above across a range of general risk management indicators, were awarded. They were;
Corporate Accountability 82%
Risk Management Strategy 77%
Organisational Structure 86%
Incident Reporting and Management 76%
Complaints and Claims Management 79%
Risk Management Process 78%
Risk Management Training 86%
Independent Assurance 93%
? Clinical Negligence Scheme for Trusts – CNST
NHS Litigation Authority Assessors have confirmed that the Trust will be assessed against the CNST standards in March 2004. Written evidence supporting compliance against the standards will be submitted in early December.
The Trust Executive will decide whether to submit evidence supporting a level two assessment or maintenance at level one, on the basis of progress made against the plan.
CNST Mental Health clinical risk management standards are currently being developed – the Trusts Claims Manager has a place on the National working
group for this. The NHS Litigation Authority will be inviting Mental Health Trusts to become pilot sites for the new standards.
The principal obstacle to maintaining compliance at level one remains the tracking of multiple records problem. The SPINE project to identify patients registered on more than one Trust information system is the planned solution to this problem.
CNST standard two requires a separate policy for responding to Major
Clinical Incidents, this includes the setting up of help lines for press and public
enquiries. This policy is currently being developed.
4. Risk Management Training
? Risk management training includes all statutory, mandatory and required
training [fire, Health and Safety, manual handling, violence and aggression,
? A risk management training sub-group of the Training and Education
Committee has been established to develop risk management training,
and ensure that risk management training opportunities are taken up by
those staff whose roles are identified as carrying particular risks.
? Applications to and attendance at risk management training is now
captured on a risk management training database. Attendance reports
are circulated to Trust Managers.
? Two issues are emerging as immediate priorities for the group
- the volume of risk management training necessary to meet the
- non-attendance at risk management training.
? A one day introduction to risk management study day will be piloted in