Professional Documents
Culture Documents
Author:
Asset Number:
819
Page 1 of 24
Risk Register & Risk Assessment Policy and Procedure
Information Asset
Register Number
Rights of Access
Type of Formal Paper
Category
Format
Language
819
Subject
Document Purpose
and Description
Author
Ratification Date
Publication Date
Review Date and
Frequency of Review
Disposal Date
Job Title of Person
Responsible for
Review
Target Audience
Public
Procedure
Corporate
Microsoft Word 2003 and PDF
English
How to pro-actively manage identified risks locally and when to
escalate it.
This document underpins the Risk Management Strategy,
describes the responsibilities and procedures associated with
the process of risk assessment and promotes dynamic use and
maintenance of Risk Management Workbooks enabling formal
PCH risk management processes.
Assistant Director of Risk and Safety
27th September 2012. Policy Ratification Group.
12/11/2012
Review at least two-yearly
The Policy Ratification Group will retain an e-signed copy for
the database in accordance with the Retention and Disposal
Schedule; all previous copies will be destroyed.
Health, Safety & Security Manager
Page 2 of 24
Risk Register & Risk Assessment Policy and Procedure
New document
By post:
Tel:
Fax:
Publisher (for
externally produced
information):
N/A
V1
Details
i.e. updated
or full
review
New
document
Date
July 2012
Originator of
Change
Risk
Management
Advisor
Description of
and reason for change(s)
Formal PCH procedure to
support statutory
requirements, strategy, health
and safety policies, and inhouse training provision.
Page 3 of 24
Risk Register & Risk Assessment Policy and Procedure
Page
Introduction
Purpose
Definitions
10
10
11
11
11
5.5 Resources
12
12
13
Escalation of Risk
13
Training Implications
13
Monitoring Effectiveness
13
10
Associated Documentation
14
Appendix A
15
Appendix B
20
Appendix C
21
Appendix D
23
Page 4 of 24
Risk Register & Risk Assessment Policy and Procedure
Introduction
1.1
This policy is part of a suite of policies that enables the delivery of Plymouth
Community Healthcares (hereafter referred to as PCH) Risk Management
Strategy. It describes the responsibilities and procedures associated with the
process of risk assessment and the development and maintenance of risk registers
in PCH.
1.2
Proper risk assessment can help all NHS organisations, teams and individuals set
their priorities and improve decision-making to reach an optimal balance of risk,
benefit and cost. Risks can be described as clinical, environmental, financial,
political or affecting public perception and reputation (NPSA, 2006).
1.3
Risk assessment is a risk management and clinical governance tool which the
organisation uses to:
a)
b)
c)
d)
e)
f)
g)
Gather facts about various activities and services and their associated
hazards and risks;
Assist in the identification of risks that are a threat to the achievement of
strategic objectives;
Highlight the need to eliminate or manage identified hazards and risks, in
order to protect the safety and well-being of staff, patients, visitors and the
organisation as a whole;
Take corrective actions when new risks are identified or existing risks are not
adequately controlled;
Assess the likelihood and consequence of risks causing harm or damage;
Gauge the consequence of non-compliance;
Consider the consequences of not meeting key objectives.
1.4
1.5
1.6
PCH will face a number of risks which will potentially affect achievement of its aims
and objectives; these include:
a)
b)
c)
Page 5 of 24
Risk Register & Risk Assessment Policy and Procedure
d)
e)
Health and safety risks ~ ensuring the well being of staff and patients whilst
providing or using services;
f)
g)
1.7
In PCH, the Risk Registers are populated through the organisations risk
assessment and evaluation process. This process enables risks to be quantified
and ranked. It provides a structure for collecting information about risks that will
assist both in the analysis of risk, and in decisions about whether or how these
risks must be controlled, managed and monitored.
1.8
Risk Registers can also support decision making on how resources should be
allocated. Ideally, all decisions such as changes in policy, procedures or practices,
service developments, enterprises such as new projects and all associated
resource commitments should result in reductions to the organisations highest
priority risks. At all levels, proposals to make changes or commit resources must
include reference to the effect this may have on the risk profile of the organisation.
1.9
In PCH, risk assessments must be recorded in Risk Registers which are located in
Risk Management Workbooks found locally on the Groups:\ network drive.
Purpose
In addition to supporting the Risk Management Strategy and Health & Safety
Policy, the purpose of this document is to ensure that PCH has a general
assessment process which:
a)
b)
c)
Specifies how they will be considered, prioritised and managed within PCH;
d)
Is simple to use;
e)
Provides consistent scores when used by staff from a variety of roles and
professions;
f)
Page 6 of 24
Risk Register & Risk Assessment Policy and Procedure
Definitions
3.1
Hazard is anything with the potential to cause harm, loss or damage. Hazards
can be broken down into Biological, Chemical, Physical, Ergonomic, Psychosocial,
Financial and Clinical.
3.2
Risk the chance of suffering harm caused by a hazard, loss or damage or the
possibility that PCH will not achieve one or more of its objectives.
3.3
3.4
3.5
3.5
3.6
Escalation of Risk the route through which risks, unable to be resolved at local
level, may be escalated for Board level ownership into the Corporate Risk
Register.
3.7
3.8
Safe System of Work is a formal and approved procedure with safe working
methods stated that employees must follow in order to control or eliminate work.
3.9
Risk Issues/Types are problems that face PCH (i.e. clinical, health and safety,
business, etc).
3.10
Risk Management is the pro-active (i.e. internal and external audits, risk
assessments, self-assessment of risk, central alert system (CAS), etc) and
reactive management (incidents, complaints, litigation, external and internal audits,
etc) of uncertainty that may impact upon PCH to deliver its services in a safe and
appropriate way
3.11
Local for the purposes of this policy, local refers to activities undertaken at
services / units / wards / departments level.
3.12
Page 7 of 24
Risk Register & Risk Assessment Policy and Procedure
4.1
4.2
4.3
a)
b)
ensure each manager has read and understand the Risk Management
Strategy and associated health and safety policies;
c)
d)
b)
must familiarise themselves with this policy and procedure, which should be
read in conjunction with the Risk Management Strategy and health and safety
policies;
c)
ensure they understand the risk process and how risk registers are used to
identify, record and address risk issues;
d)
use risk assessment to pro-actively manage risk issues within their area of
responsibility, and ensure that sufficient and suitable controls are
implemented that are proportionate to the level of risk;
e)
f)
g)
ensure new risks or changes to existing risk assessments are recorded in the
Risk Register, monitoring remedial actions to eliminate, reduce or control
risks until the issue is resolved;
h)
involve staff in the review and completion of risk assessments and the Risk
Register;
Page 8 of 24
Risk Register & Risk Assessment Policy and Procedure
4.4
4.5
i)
j)
complete the Care Quality Commission (CQC) column (yellow) assuring their
Risk Assessors that risk assessments inputted by them have been duly
reviewed;
k)
ensure that their staff are aware of the process and content of the Risk
Register.
attend Health and Safety Risk Assessor Training with subsequent regular
refresher training / support deemed as required;
b)
c)
will provide all risk management training, including Risk Register and Risk
Assessor training in order to facilitate undertaking of risk assessments at local
level;
b)
provide appropriate advice, support and extra 1:1 tuition to staff as required;
c)
d)
4.6
All PCH employees are responsible for ensuring they understand the process of
and findings of risk assessments, and follow the controls and identified actions
outlined in the Risk Register and risk assessments. They must make managers
aware of any risks to patient safety, health and safety or other risk issues.
4.7
Staff Health & Wellbeing should be consulted on risk assessment issues where
they may be an impact on the health of staff.
Page 9 of 24
Risk Register & Risk Assessment Policy and Procedure
5.1
5.1.1
Only competent persons can carry out risk assessments. By definition, this is
someone with relevant knowledge, training and experience of the hazards and risk
associated with the processes to be assessed.
5.1.2
All staff will have access to risk management and health and safety information,
instruction and training, including how to effectively use the Risk Management
Workbook; the level and nature of the training will vary according to local need.
5.1.3
PCHs Executive Team will collate the annual training needs of the Board, such as
risk management training incorporating Risk Registers and Risk Assessor Training
delivered at the appropriate level.
5.1.4
Locality / Deputy Locality Managers and all local managers will receive Risk
Register & Risk Assessor Training for Managers, and to attend refresher sessions
on a two-yearly basis; course dates are available from the Professional Training &
Development Department.
5.1.5
Local managers are to nominate at least one member of staff from each of their
teams to attend Health & Safety Risk Assessor Training, and to attend refresher
sessions on a two-yearly basis; course dates are available from the Professional
Training & Development Department.
5.1.6
Training programmes will consist of the legal requirements behind the need for risk
assessments, the methodology for assessing and recording risks, an introduction
to the Risk Management Workbook, and live undertaking of practical risk
assessments in line with local health and safety self-audits.
5.1.7
Risk management and incident reporting are introduced in the corporate induction
training.
5.1.8
5.2
5.2.1
Only staff who have attended Risk Register and Risk Assessor training have
access to their local Risk Register, which is an Excel workbook located on the
Groups:\ network drive (i.e. G:\District Nurse_C&NE). Either the Locality Manager
or their deputy will also have access to the Risk Management Workbooks (RMW)
within the remit of their responsibility, provided they too have received, or are
scheduled to receive, Risk Register and Risk Assessor training.
Page 10 of 24
Risk Register & Risk Assessment Policy and Procedure
5.2.2
Risk Register
Self Audits (Health and Safety issues i.e. clinical waste, infection prevention
and control, display screen equipment, manual handling, etc)
Equipment Register (a log of all equipment held locally, which will
automatically populate a MEMS worksheet)
Quarterly Fire Checklists
Fire Risk Assessment
Workplace Assessment
Action Status Report
5.3
Risk Register
5.3.1
Health and
Safety
Workforce
Planning
Quality /
Complaints /
Audit
Business
Interruption
Risk Register
Business
Objectives /
Projects
Adverse
Publicity /
Reputation
Finance
including claims
5.3.2
5.3.3
There are two levels of Risk Register within PCH; local and corporate. There are
Risk Registers set up on the Groups:\ network drive for all PCH services/teams
managed locally, however, there is only one Corporate Risk Register managed by
the Risk Management Team on behalf of the Board.
5.4
Risk Assessments
5.4.1
Staff
Development /
Competence
Do nothing; review
occasionally to ensure
position remains the same.
What can
go
wrong?
How
bad?
How
often?
No
Is there a
need for
action?
Yes
Identify and implement
actions to reduce the harm or
likelihood of recurring.
Page 11 of 24
Risk Register & Risk Assessment Policy and Procedure
5.4.2
A suitable and sufficient risk assessment can be undertaken by following the five
steps, in brief, from the HSEs guidance 5 Steps to Risk Assessment:
Step 1 Identification of hazards and associated risks (i.e. use of syringe and
potential for inoculation injury or severe staffing shortages impacting on
patient care and service delivery)
Step 2 Decide who or what might be affected and how (injury, loss or damage).
Step 3 Evaluate the risks and decide whether the existing control measures /
precautions in place are adequate or whether more should be done. A
risk-scoring matrix is available to assist with the evaluation of the severity
and likelihood of the risk. Treat the risk (i.e. decide what additional
remedial action can be taken); this could range from to eliminating,
reducing or controlling the risk, to accepting the risk if it is minimal.
Step 4 Record your findings in and communicate the risk and controls measures
to those who need to know (i.e. all people who could be affected).
Step 5 Review the assessment looking at the effect of the risk and any actions
taken.
5.4.3
Further information is also available from Healthcare Risk Assessment Made Easy
published by the National Patients Safety Agency (NPSA).
5.4.5
PCH utilises the NPSA Risk Scoring Matrix (Appendix A) with minor amendment to
restrict the risk gradings to low, medium and high risk, the use of which within Step
3 (see above) is discussed in detail during training of Risk Assessors. Further
information can also be found in NPSAs publication: A risk matrix for risk
managers.
5.4.6
Risk assessments should be retained whilst they remain current, and for six years
following the date of their review.
5.5
Resources
5.5.1
5.6
5.6.1
Once trained, every Risk Assessor irrespective of grade or role will also have
access to the Risk Management Workbook Manual; a detailed pictorial guide to
support learning from training sessions, covering all topics as detailed in 5.2.2
above.
Page 12 of 24
Risk Register & Risk Assessment Policy and Procedure
5.6.2
All trained Risk Assessors have access to the Risk Workbook Manual, available on
the Groups:\ network drive. This manual is a detailed and pictorial tool to further
support Risk Assessors navigate their way around the Risk Management
Workbook, including the Risk Register and risk assessments.
5.6.3
In addition to the manual, verbal risk management advice, information and support
are freely available from the Risk Management Team, together with additional 1:1
tuition for trained Risk Assessors upon request.
6.1
All Risk Registers (within RMWs) are on the Groups:\ network driving allowing
central monitoring of Risk Registers and statutory health and safety compliance
(i.e. completion of self-audits on RMWs) by the Risk Management Team.
6.2
The Risk Management Team will undertake exception reporting to the Risk
Management Committee of statutory non-compliance and risks recorded as high,
in order to identify whether advice, support and extra 1:1 tuition is required to
reduce the risk to a more appropriate level (i.e. perhaps risk has been scored too
high, or more remedial actions are required, or whether risk is unable to be
managed with local resources).
7.1
Trained Risk Assessors undertake risk assessments locally. Risks that need
further controls are entered onto their local Risk Register, which is regularly
reviewed and maintained through team meetings (using print outs of the Action
Status Reports). Risks requiring action outside the remit of the local service / unit /
ward / department should be referred to the Risk Management Team, following
discussion with the relevant Locality / Deputy Locality Manager.
7.2
The Risk Management Team will determine whether it can offer appropriate advice
and support and may refer it on to the Risk Management Committee (a sub-group
of the Board) for wider consultation and, if not, will forward it to the Executive
Team to discuss whether or not to place it upon the Corporate Risk Register.
Monitoring Effectiveness
9.1
Locality / Deputy Locality Managers and their managers are responsible for
regularly reviewing local Risk Registers within all areas of their remit.
9.2
9.2.1
The commercial insurers of PCH are keenly interested in the risk management
process for the organisation and, in particular, statutory compliance. Therefore,
Risk Registers have been created and placed on the Groups:\ network drive to
enable regular effective monitoring of local risk issues by the Risk Management
Team.
Page 13 of 24
Risk Register & Risk Assessment Policy and Procedure
9.2.2
9.2.3
Compliance will also be monitored by internal auditors and external agencies (i.e.
CQC, HSE, etc) as part of periodic reviews / inspections.
With effect from October 2012, exception reporting on a quarterly basis will
commence to the Risk Management Committee, as a standing agenda item.
9.2.4
The Health, Safety & Security Committee will receive assurances on a quarterly
basis that the Risk Register is effectively implemented and managed locally.
9.2.5
The Safety & Quality Committee, on behalf of the Board, will review the Corporate
Risk Register on a quarterly basis.
10
Associated Documentation
Risk Management Strategy
Information Governance Strategy
*Health and safety policies
Clinical policies
Workforce Development policies and guidance
Page 14 of 24
Risk Register & Risk Assessment Policy and Procedure
Appendix A
PCHs RISK SCORING MATRIX
Plymouth Community Healthcare CIC has chosen to continue using the NPSA risk matrix
as its standard method of grading risk.
Levels of Consequence
Choose the most appropriate domain for the identified risk from the left hand side of the
table Then work along the columns in same row to assess the severity of the risk on the
scale of 1 to 5 to determine the consequence score, which is the number given at the top of
the column.
Consequence score (severity levels) and examples of descriptors
Domains
Impact on
the safety
of patients,
staff or
public
(physical /
psychological
harm)
1
Negligible
Minimal injury
requiring
no/minimal
intervention
or treatment.
No time off
work
2
Minor
Minor injury or
illness, requiring
minor
intervention
3
Moderate
Moderate injury
requiring
professional
intervention
Increase in length
of hospital stay
by 1-3 days
Increase in length
of hospital stay by
7-15 days
RIDDOR/agency
reportable incident
An event which
impacts on a small
number of patients
Quality /
complaints
/ audit
Peripheral
element of
treatment or
service
suboptimal
Informal
complaint /
inquiry
Overall treatment
or service
suboptimal
Formal complaint
(stage 1)
Local resolution
Single failure to
meet internal
standards
Treatment or
service has
significantly
reduced
effectiveness
Formal complaint
(stage 2) complaint
Local resolution
(with potential to go
to independent
review)
Minor
implications for
patient safety if
unresolved
Repeated failure to
meet internal
standards
Reduced
performance
rating if
unresolved
4
Major
Major injury
leading to longterm
incapacity/disa
bility
5
Catastrophic
Incident leading
to death
Requiring time
off work for >14
days
Increase in
length of
hospital stay by
>15 days
Mismanagement of patient
care with longterm effects
Noncompliance
with national
standards with
significant risk
to patients if
unresolved
Multiple
complaints/
independent
review
Low
performance
rating
Multiple
permanent
injuries or
irreversible
health effects
An event which
impacts on a
large number of
patients
Totally
unacceptable
level or quality
of treatment /
service
Gross failure of
patient safety if
findings not
acted on
Inquest/ombud
sman inquiry
Gross failure to
meet national
standards
Critical report
Page 15 of 24
Risk Register & Risk Assessment Policy and Procedure
Human
resources /
organisational
development /
staffing /
competence
Short-term
low staffing
level that
temporarily
reduces
service
quality (< 1
day)
Uncertain
delivery of key
objective /
service due to
lack of staff
Non-delivery of
key objective /
service due to
lack of staff
Ongoing
unsafe staffing
levels or
competence
Unsafe staffing
level or
competence
(>5 days)
Loss of several
key staff
Loss of key
staff
No staff
attending
mandatory
training / key
training on an
ongoing basis
Statutory
duty /
inspections
No or
minimal
impact or
breech of
guidance /
statutory duty
Breech of
statutory
legislation
Reduced
performance
rating if
unresolved
Single breech in
statutory duty
Enforcement
action
Multiple
breeches in
statutory duty
Challenging
external
recommendations /
improvement notice
Multiple
breeches in
statutory duty
Prosecution
Improvement
notices
Complete
systems
change
required
Low
performance
rating
Zero
performance
rating
Critical report
Severely critical
report
Adverse
publicity /
reputation
Rumours
Potential for
public
concern
Local media
coverage
short-term
reduction in
public confidence
Local media
coverage
long-term reduction
in public confidence
Elements of
public
expectation not
being met
National media
coverage with
<3 days service
well below
reasonable
public
expectation
National media
coverage with
>3 days service
well below
reasonable
public
expectation.
MP concerned
(questions in
the House)
Total loss of
public
confidence
Page 16 of 24
Risk Register & Risk Assessment Policy and Procedure
Business
objectives /
projects
Insignificant
cost increase
/ schedule
slippage
Schedule
slippage
Schedule slippage
Noncompliance
with national
1025 per cent
over project
budget
Incident leading
>25 per cent
over project
budget
Schedule
slippage
Schedule
slippage
Key objectives
not met
Key objectives
not met
Finance
including
claims
Small loss
Risk of claim
remote
Loss of 0.10.25
per cent of
budget
Claim less than
10,000
Loss of 0.250.5
per cent of budget
Claim(s) between
10,000 and
100,000
Uncertain
delivery of key
objective/Loss
of 0.51.0 per
cent of budget
Non-delivery of
key objective/
Loss of >1 per
cent of budget
Failure to meet
specification/
slippage
Claim(s)
between
100,000 and
1 million
Purchasers
failing to pay on
time
Loss of
contract /
payment by
results
Claim(s) >1
million
Service /
business
interruption
Environmental
impact
Loss /
interruption of
>1 hour
Minimal or no
impact on the
environment
Loss/interruption
of >8 hours
Loss/interruption of
>1 day
Minor impact on
environment
Moderate impact
on environment
Loss /
interruption of
>1 week
Permanent loss
of service or
facility
Major impact
on environment
Catastrophic
impact on
environment
Page 17 of 24
Risk Register & Risk Assessment Policy and Procedure
Descriptor
Rare
Unlikely
Possible
Likely
Almost
certain
This will
probably never
happen/recur
Do not expect it
to happen/recur
but it is possible
it may do so
Might happen or
recur
occasionally
Will probably
happen/recur but
it is not a
persisting issue
Will
undoubtedly
happen/recur,
possibly
frequently
Frequency
How often
might it/does it
happen
Rare
Unlikely
Possible
Likely
5 Catastrophic
10
15
20
Almost
certain
25
4 Major
12
16
20
3 Moderate
12
15
2 Minor
1 Negligible
2
1
4
2
6
3
8
4
10
5
For grading risk, the scores obtained from the risk matrix are assigned grades as follows:
14
5 12
15 - 25
Low risk
Medium risk
High risk
Page 18 of 24
Risk Register & Risk Assessment Policy and Procedure
KEY:
Low risk
Medium risk
High risk
Page 19 of 24
Risk Register & Risk Assessment Policy and Procedure
Appendix B
New Risk Identified at Service/Unit//Ward/Department
Record risk assessment on Risk Register
(incorporated within the Excel based Risk Management Workbook)
Yes
No
Manage risk
Yes
Manager monitors Local
Risk Register as part of
normal governance
arrangements along with
feedback on reported
incidents.
No
No
Risk accepted by
Plymouth Community Healthcare CIC
Intervention / Control
Page 20 of 24
Risk Register & Risk Assessment Policy and Procedure
Appendix C
Date
[i.e. 3 Jul
date will
automatic
ally
format)
CQC
Outcome
Controls in Place
Outcome 1:
Respecting
and involving
people who
use services
Hyperlink
Likelihood
Consequence
Risk
Score
Likely - 4
Moderat
e-3
12
Medium
REMEDIAL ACTIONS
1st Remedial Action
Discuss proposed changes re
document organisation to team
members, with a flow chart, if
required
Owner
Due Date
Team Manager
[state their name]
[i.e. 3 Jul
date will
automatic
ally
format)
Date
Completed
[i.e. 3 Jul
date will
automatically
format)
Owner
Due Date
Date
Completed
MOS
[state their
name]
[i.e. 3 Jul
date will
automatically
format)
[i.e. 3 Jul
date will
automatically
format)
Page 21 of 24
Risk Register & Risk Assessment Policy and Procedure
Blank template Risk Assessment from Excel Risk Register in Risk Management Workbook
Date
CQC
Outcome
Controls in Place
Hyperlink
Likelihood
Consequence
Risk
Score
REMEDIAL ACTIONS
1st Remedial Action
Owner
Due Date
Date
Comp
Owner
Due Date
Date
Comp
Page 22 of 24
Risk Register & Risk Assessment Policy and Procedure
Appendix D
Quick Risk Assessment Reference Guide
For ease of reference, and in support of training provided by the Risk Management Team,
the guide below is a summary of actions required. This does not negate the need for those
involved in the process to be aware of and follow the detail of this procedure. The purpose
of a risk assessment is to identify risks associated with legal, moral and financial duties in
relation to your service activities, removing them where possible, or otherwise adopting all
the control measures and precautions that are reasonable and practical in the
circumstances.
1)
Identify the risk - risks may be identified through a variety of mechanisms from:
Walking around your workplace and looking afresh at what could reasonably be
expected to cause harm (i.e. change in practice / new equipment / relocation)
Business / Service Delivery Plans / Eligibility Criteria
Incident Forms / Serious Incidents
Complaints / Litigation
Health & Safety Risk Self-Audits / Workplace Inspections
External Assessment / Audit including: Care Quality Commission, Environmental
Health, Internal Audit, Audit Commission
National Confidential Enquiries, National Service Frameworks, Recommendations
from other external high level enquiries and reports
NB:
Dont forget to consider who could be at risk of harm / what could be at risk of loss or
damage.
2)
Assess the Risk - once a risk has been identified a risk assessment should be
completed directly onto the Risk Register, incorporated within the Risk Management
Workbook, the risk evaluated and scored in accordance with the risk scoring matrix
(Appendix A), the outcome of which will identify whether more needs to be done to
reduce or control the risk accordingly. Record appropriate remedial actions where
they have been identified as being required to further reduce the risk of the harm /
loss / damage being realised, giving each remedial action an owner and a deadline
to be completed this becomes the Action Plan. When considering remedial
actions, ask yourself:
3)
Monitoring / Reviewing the Risk - all risks recorded on local Risk Registers
(incorporated within the Risk Management Workbook) will require regular monitoring
by the service / unit / ward / team manager and communicated to your staff. In
addition to this local monitoring, quarterly monitoring and exception reporting will be
undertaken by the Risk Management Team to the Operational Risk Management
Committee.
Page 23 of 24
Risk Register & Risk Assessment Policy and Procedure
Date:
Page 24 of 24
Risk Register & Risk Assessment Policy and Procedure