Popular Search:Policies, Training, Staff Newsletter

Risk Management Policy

Updated on 6 November 2023 BrisDoc Governance Team

1.     Introduction

This policy provides a framework to assist BrisDoc and its staff to identify, assess, prioritise, manage, monitor, reduce and report risk. This in turn helps BrisDoc achieve agreed standards, reduce costs, increase patient and staff safety, and maintain and enhance the services that are provided. The management of risk supports BrisDoc’s ability to fulfil all of its core objectives. The BrisDoc Corporate Leadership Board will assess business risks in the context of its core values and corporate objectives. When determining its appetite for taking on a new risk, the Corporate Leadership Board will assure itself that the organisation can continue to provide safe, effective and high-quality patient care that delivers on key performance indicators and will take into account financial, health, recreational, ethical, social, environmental and information considerations. BrisDoc’s lowest risk appetite relates to safety and compliance objectives. BrisDoc has a higher risk appetite towards its strategic business objectives, so long as legal obligations are fulfilled. BrisDoc’s ability to take risk is the consequence of robust and comprehensive risk management being embedded into everyday working practice and processes.

 

2.    Definition and Scope

A hazard is a situation that has the potential to cause harm or pose a level of threat to life, health, property, service delivery, business objectives or the environment. Risk is defined as the probability or likelihood that harm will actually be caused. Risk is measured in terms of severity of consequence and likelihood of occurrence. An issue is a realised risk; it is no longer a risk because it is happening. Any adverse events that arise from hazardous situations are referred to as learning events.

The first step when a hazard has been identified is to attempt to eliminate it. If this is not possible, control measures need to be implemented to reduce, transfer or manage the risk of harm.

Risks can arise from:

  • The services provided by BrisDoc
  • The procurement of goods, equipment and services
  • The people employed by or visiting BrisDoc
  • The management systems of BrisDoc
  • The buildings occupied by BrisDoc
  • Any services that are commissioned, contracted or partnerships
  • Strategic policy decisions of BrisDoc
  • Any projects and research that BrisDoc is involved in
  • Any construction, renovation or demolition that BrisDoc is involved in

The scope of this policy covers all employees or co-owners of BrisDoc; bank, agency and locum staff; volunteers and trainees.

3.    Risk Management Framework

The risk management framework encompasses the systematic application of management policies, procedures and practices to identify, assess, manage, monitor and report risks.

Within the risk management framework, BrisDoc will:

  • Encourage and support staff to identify, analyse, record and review risks, and incorporate controls to avoid, adopt, reduce or transfer the risk
  • Use best practice and expertise to reduce risk
  • Encourage the reporting of hazards using BrisDoc’s learning event reporting process
  • Review BrisDoc’s policies and procedures in line with the risk management framework
  • Analyse statistical information and audit to learn from errors and reduce future risk
  • Maintain an organisational risks and issues register, as well as a risk assessment log
  • Ensure audit and monitoring performance procedures are in place
  • Comply with health and safety legislation
  • Understand and manage the interdependency of any new hazard identified with other risks.

4.    Risk Management Process

BrisDoc’s approach to managing risks is an ongoing process embedded within the management of the organisation, services and projects and includes:

  • Early identification and proper assessment and scoring of risks
  • Comprehensive identification, definition and evaluation of appropriate mitigation routes to adopt, avoid, transfer or reduce risks
  • Regular monitoring, review and updating of risk assessments
  • Clearly defined policy, standards, processes and procedures
  • Proper documentation and storage of information (risk assessments and risk registers) for audit and quality purposes The process is described in the diagram below:

5.    Roles and Responsibilities

BrisDoc Boards

The Corporate Leadership Board (CLB) holds corporate responsibility for the management of risk within the organisation but has delegated responsibility for the implementation of risk management to the Leadership and Operational Boards, Quality Board, Information Governance Board, People Board and Financial Governance Board. The CLB sets the tone and influences the culture of risk management within BrisDoc. It will determine the appropriate level of risk exposure for the organisation and will take major decisions affecting risk exposure. It will review significant risks and monitor their management. The CLB, and all other Boards, will review their risks and issues on the risk register at each meeting. Risks can only be closed in consultation with the relevant Board or the CLB.

The Leadership and Operational Boards

The Leadership and Operational Board (LOB) managers are responsible for risk management implementation. The LOB will review its risks monthly, to assure itself that risks are being identified and managed effectively. The LOB has delegated responsibility (from the CLB) to assess and manage operational and corporate risks to the organisation, and close amber risks.

The Quality Board

The Quality Board is responsible for: managing risk at a clinical level; establishing clinical policy and procedure; reviewing and evaluating incidents, complaints and significant events; and managing audit and review. It will systematically review themes to ensure clinical hazards are being identified and organisational learning is being taken forward and that actions are being taken.

The Information Governance Board

This Board is responsible for leading and evidencing the assurance that BrisDoc services are compliant with all information governance requirements. Information governance specific risks may be reviewed at this Board.

The People Board

This Board is responsible for ensuring that BrisDoc services have a workforce that has the knowledge, skills and competence to efficiently provide the levels of safe and effective care and support required by patients and staff.

Financial Governance Board

This Board is responsible for providing internal rigour to the leadership, oversight, and co-ordination of all financial activity and risks within BrisDoc services. Finance specific risks may be reviewed at this Board.

6.    Services

Within each service the Service/Practice Manager/Lead Clinician is the owner of their service risks and is responsible for ensuring risk assessments are completed and that any risks are included on BrisDoc’s risk register and regularly reviewed. Service/Practice/Team Managers are responsible for compliance with the risk management policy and ensuring that remedial action is taken wherever key risks are identified within their area of responsibility. This includes responsibility to:

  • Ensure attendance of statutory and mandatory training by all staff thereby improving knowledge and understanding that supports hazard management
  • Ensure risk assessments are undertaken and resulting action plans implemented
  • Ensure learning events are reported, as well as taking action to prevent or minimise reoccurrence
  • Ensure the service risks are regularly reviewed and updated via the risk register
  • Provide an overall project risk score for inclusion in the corporate risk register for the duration of a project
  • Ensure that, upon completion of projects, residual risks are included on the risk register
  • Undertake an annual review of their risk assessments

Director of Nursing, Allied Health Professionals and Governance

The Director of Nursing, Allied Health Professionals and Governance is accountable to the Managing Director and is responsible for:

  • Developing and implementing the risk management strategy, the risk assessment tool and the learning event reporting process
  • Maintaining the corporate risk register
  • Maintaining the risk assessment log
  • Providing Board reports
  • Ensuring Service/Practice Managers review their risks and issues
  • Providing support and advice to all staff about risk management processes including risk assessment and incident reporting
  • Providing training on all aspects of risk management
  • Providing support to all staff regarding health and safety matters
  • Providing support and advice to all staff about security matters

Risk Owners

Risk owners are responsible for:

  • Routinely reviewing and updating their risk controls, actions and ratings no less frequently than quarterly
  • Notifying new risks to the Director of Nursing, AHPs and Governance for inclusion in the register following assessment of that risk.

All BrisDoc Staff

It is the responsibility of all staff to consider risk and take steps to achieve the objectives of this strategy and policy.

All staff have the responsibility to:

  • Demonstrate their understanding of risk and BrisDoc’s processes to manage such
  • Immediately report hazards, learning events and near misses • Complete risk assessments • Action risk mitigation strategies
  • Take reasonable care for their own health and safety and of others
  • Follow policies, procedures, and guidelines
  • Not intentionally or recklessly interfere with or misuse any equipment provided for the protection of health and safety
  • Be aware of the emergency procedures relating to relevant work locations
  • Attend induction, mandatory and statutory training to ensure continued competence
  • Identify any additional training areas at their individual performance and development review
  • Take immediate action when a hazard is identified to reduce the risk of an incident.

7.     External reporting of significant risks

Significant risks need to be reported to external agencies as appropriate. External agencies include:

  • Health and Safety Leadership (RIDDOR) – death, major injury, over 7-day injury, near miss occurrence, occupational diseases
  • Medical and Healthcare products Regulatory Agency (MHRA) – adverse reaction to drugs, adverse incident due to faulty device
  • NHS England and Improvement (previously NHS Improvement and previously National Patient Safety Agency) – an incident which could or did cause harm to a patient
  • Commissioner/CQC – serious Untoward Incidents that resulted in serious harm or potential serious harm and death
  • NHS Resolution/relevant Insurance Company – an incident from which a claim might arise

8.    Reporting of Learning Events

A hazardous situation from which an event arises will be reported as a learning event in accordance with BrisDoc’s Learning Event Reporting Policy.

9.    Risk Assessment

Introduction to Risk Assessment

BrisDoc has an assessment matrix that provides a framework for assessing and measuring identified risks. A risk assessment is a careful examination of what could cause harm to people, the environment, the organisation etc., to enable a review of whether enough precautions are in place or whether more can and should be done to prevent harm.

BrisDoc has a legal responsibility to identify and categorise risks and either eliminate or reduce them to the “lowest level that is reasonably practicable”.

The 5 steps in the risk assessment process are:

  1. Identify the hazard
  2. Decide who or what might be harmed and how
  3. Evaluate the risks and take action to prevent them where possible
  4. Record your findings on the Risk Assessment Form and communicate the risks and control measures to those who need to know, including adding details to the Risk Assessment Log
  5. Review the assessment

 

Identifying the risk

Some examples of when it is appropriate to undertake a risk assessment are:

  • Before introducing new equipment i.e., cars or computer systems
  • Before a change in environment i.e., new treatment centre, renovation or relocation
  • When developing a new service or changing an existing one
  • When making strategic policy decisions
  • When initiating a project
  • Following a near miss or adverse event
  • Following an incident or learning event
  • Following a complaint
  • In line with monthly Health and Safety checks on equipment and rooms to ensure equipment and premises are safe to use. This particularly involves electrical and sanitary equipment. A health and safety checklist is available for this purpose
  • For any new starter as part of their induction.

Describing the risk

Failure to describe the risk can be a problem in risk management. Consider describing the risk in terms of cause and effect or using the following sentence structure: “There is a risk that… This is caused by… And would result in…Leading to an impact upon …”

Assessing the risk and calculating risk scores

The level of risk associated with each hazard is assessed in accordance with the Risk Scoring Matrix. Risk scores are calculated based on the likelihood of occurrence multiplied by the severity of consequence. The aim of the risk scoring is to systematically establish relative priorities.

Using the definitions staff need to decide how they will score the severity of the incident either from 1 (negligible) to 5 (catastrophic) and its likelihood of re-occurring from 1 (rare) to 5 (almost certain). Multiplying the numbers together will give the risk score.

For every incident reported, the Line or Service/Practice Manager will undertake a risk assessment (Appendix 1) and will include a record of such on the Risk Assessment Log and a headline on the Risk Register by contacting the Corporate Administrator (corporate.administrator@nhs.net).

 

 

 

 

 

Scoring the severity of the consequences:

 

Scoring the likelihood:

 

Scoring the risk:

10.                       Managing the risk

Having identified, assessed and scored the risk, the next stage is to determine what will be done in response to the risk and who will be responsible. Risk management converts the risk assessment into an action plan. This information is then recorded in the Risk Register and Risk Assessment Log.

There are four possible responses to manage a risk:

  • Avoid the activity causing risk
  • Adopt the risk if it is considered tolerable, e.g., if the risk score is within the risk appetite or whether BrisDoc’s ability to mitigate or avoid the risk is constrained
  • Reduce the risk by taking mitigating action and implementing controls
  • Transfer the risk to another party, e.g., a risk identified by BrisDoc may be transferred to the Integrated Care Board

The Risk Assessment encourages the identification of actions to manage the risk. Once these actions have been completed, a residual risk score may be calculated. The residual risk score is the threat that remains after efforts have been made to control and manage the risk. A reduced risk score will come about because the likelihood or consequence of the risk has been reduced through actions and controls. There may also be further actions to undertake, and these should be recorded in the ‘further action required’ column, and the above process can be repeated once these have also been actioned, in hopes of bringing down the risk score further.

Once the initial Risk Assessment is complete, the assessor/owner needs to inform the Corporate Administrator (corporate.administrator@nhs.net), so that they can update the Risk Assessment Log and include a headline on the Risk Register. It is the risk owner’s responsibility to provide the headline for the Register.

11.                        Reviewing the risk

A robust monitoring and review system is essential to ensure actions are followed through and risks are effectively managed. Risk management is therefore an ongoing process and must be embedded into normal management processes. When undertaking the assessment, the date of the next review must be recorded. For annual Risk Assessments, this will be one year later. For ad hoc Risk Assessments, such as for projects, the review date will need to be appropriately set dependent on the nature of the associated risks and timescale of the work.

12.                        Risk Score Analysis, Recording and Reporting

Regardless of score, all Risk Assessments must be recorded on the Risk Assessment Log and a headline risk added to the Risk Register.

Risk Score 1 – 4: Low Risk (Green)

Risks of this magnitude are considered low level risks and are well within BrisDoc’s risk appetite. They are usually those which are experienced on a daily basis, are managed and actioned as part of the normal managerial risk assessment process, and monitored regularly. Quick and easy controls can be implemented immediately and further action planned for when resources permit or no further action may be required.

Risk Score 5 – 8: Moderate Risk (Yellow)

These risks are within BrisDoc’s risk appetite. The risk owner will need to closely monitor them with consideration of additional risk mitigation measures. Actions to control moderate risks will be implemented as soon as possible.

Risk Score 9 – 12: High Risk (Amber)

Urgent risk mitigating actions are required. The risk is borderline for BrisDoc’s risk appetite. Amber risks can only be closed by the Head of Service. Actions to control high risks will be implemented as soon as possible and no later than within 3 months of the risk being identified. The Corporate Leadership Board must be made aware.

Risk Score 15 – 25: Extreme Risk (Red)

Extreme risks require emergency action and a contingency plan. They are beyond BrisDoc’s risk appetite. Where reasonable, activity generating red risks should be stopped. All red risks are to be reported to the Managing Director, CLB and normally Commissioners.

13.                       Assurances

Various governance meetings and delegated Board responsibilities assure BrisDoc that its risks are managed, escalated and reviewed as appropriate. The Risk Assessment Log and Risk Register are used as a management tool in accordance with this policy. BrisDoc has internal audit functions in place to support the risk management strategy and audit of risk management is also undertaken every other year by Audit South West as part of the UHUK Core Review audits.

 

 

 

 

 

 

 

 

 

 

 

 

 

Appendices

Risk Assessment Form

 

Once you have completed the Risk Assessment, please provide details of the headline risk below, so that it can be added to the Risk Register

 

 

14.                       Change Register

Date Reviewed and amended by Revision details Issue number
25/10/16 CLN Inclusion of new values slide, role of the Leadership Board, Financial Governance Board, risk assessment log, reporting to insurers. Change of risk register review to quarterly. 4.1
31/01/20 Clare-Louise Nicholls, Cecilia Price, Sarah Forde Update to reflect the new governance structure, revised risk matrix ratings to creating alignment for Severnside IUC and inclusion of issues and risk owners’ responsibilities, update of aims and objectives, risk assessment section. 4.2
04/08/22 Millie Collins Full review of policy 4.3
       

 

Attached Files
#
File Type
File Size
Download
1 .pdf 269.00 KB Risk Management Policy v 4.3
Related Articles

Can't find what you're looking for? Contact Us

  

  

Popular Search:Policies, Training, Staff Newsletter