Directorate of Performance Assurance

RISK MANAGEMENT STRATEGY

Reference: DCP086
Version: 7.0
This version issued: 24/07/15
Result of last review: Minor changes
Date approved by owner
(if applicable): 23/07/15
Date approved: 31/03/15
Approving body: Trust Board
Date for review: March, 2016
Owner: Wendy Booth, Director of Performance Assurance
Document type: Policy
Number of pages: 28 (including front sheet)
Author / Contact: Wendy Booth, Director of Performance Assurance /
Jill Mill, Head of Risk Management

Northern Lincolnshire and Goole NHS Foundation Trust actively seeks to promote equality of opportunity. The
Trust seeks to ensure that no employee, service user, or member of the public is unlawfully discriminated
against for any reason, including the “protected characteristics” as defined in the Equality Act 2010. These
principles will be expected to be upheld by all who act on behalf of the Trust, with respect to all aspects of
Equality.
Reference DCP086 Date of issue 24/07/15 Version 7.0

Contents

Section............................................................................................................. Page

1.0 Introduction & Purpose ................................................................................ 3

2.0 Area ............................................................................................................. 4

3.0 Philosophy ................................................................................................... 4

4.0 Definitions .................................................................................................... 5

5.0 Risk Management Process - Actions ........................................................... 6

6.0 Risk Management Process - Local Level Actions ...................................... 12

7.0 Risk Management Duties & Responsibilities .............................................. 13

8.0 Strategy Approval and Ratification Process ............................................... 14

9.0 Strategy Review and Revision ................................................................... 14

10.0 Strategy Implementation ............................................................................ 15

11.0 Strategy Dissemination .............................................................................. 15

12.0 Monitoring Compliance and Effectiveness ................................................. 16

13.0 Further Reading / Associated Documentation............................................ 17

14.0 References................................................................................................. 18

15.0 Equality Act (2010)..................................................................................... 18

Appendices:

Appendix A - Risk Management Objectives 2015 / 18 .......................................... 19

Appendix B - Governance / Risk Management Structure (Revised) ..................... 22

Appendix C - Governance / Risk Management Strategy – Designated

Responsibilities ............................................................................... 23

Appendix D - Governance / Risk Management Meeting Structure (Revised) ....... 28

Printed copies valid only if separately controlled Page 2 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

1.0 Introduction & Purpose

1.1 As with any organisation the NHS carries a number of risks, which if not properly
managed/controlled have the potential to cause harm to patients, staff and visitors
and loss to its assets and reputation.

1.2 It is accepted that given the nature of the service provided by the NHS, some risks
may never be totally eliminated. However it is essential that NHS Trusts have in
place good risk management systems and practices which eliminate risk wherever
possible and reduce the impact of those risks which cannot be eliminated to an
‘acceptable level’.

1.3 The Northern Lincolnshire & Goole NHS Foundation Trust takes a holistic approach
to the management of risk, in accordance with the principles of ‘Integrated
Governance’, and this document sets out the commitment of the Trust to managing
risk (both clinical and non-clinical) and the Strategy for achieving this objective. In
respect of patient safety, the Risk Management Strategy and indeed the Trust’s risk
management arrangements also reflect the NPSA’s ‘Seven Steps to Patient Safety’
principles.

1.4 The Trust acknowledges that the provision of a strong system of governance and risk
management can enhance the care and well-being of patients and those staff who
look after them and is a key driver for change and modernisation. The Risk
Management Strategy is an integral part of the Trust’s approach to continuous quality
improvement and is intended to support and assist the organisation in delivering the
key objectives within the Trust’s Quality Strategy as well as ensuring compliance with
external standards, duties and legislative requirements including those relating to the
Trust’s License with Monitor as a Foundation Trust.

1.5 The Trust agrees annual risk management objectives (see Appendix A), which are
shared through the business planning and performance management frameworks.
However, the overall objective of the Risk Management Strategy is to have an
organisation which:

 is fully ‘risk aware’ – where risk management is embedded within the

organisation’s culture, is integrated into the working practices of all grades
and disciplines of staff and encourages and empowers those staff to identify
and control risk which may affect the Trust’s ability to achieve its objectives

 encourages the open reporting of mistakes made, within a ‘fair blame’ culture,
and ensures that lessons are learnt from those mistakes and that measures to
prevent recurrence are promptly applied

 accepts that Risk Management is everyone’s responsibility

This in turn will assist in ensuring the achievement of the organisation’s overall
objective which is to provide quality healthcare for the local health community.

1.6 The Trust’s Governance & Assurance Committee is responsible for overseeing the
ongoing development and implementation of the Risk Management Strategy.

1.7 The Trust Board will be responsible for the ratification and annual review of the Risk
Management Strategy.

Printed copies valid only if separately controlled Page 3 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

2.0 Area

2.1 This Strategy applies to all staff employed by or contracted to the Trust.

3.0 Philosophy

3.1 The Northern Lincolnshire & Goole NHS Foundation Trust is committed to the
management of risk (both clinical and non-clinical) in order to:

 improve the quality of care

 provide a safe environment for the benefit of patients, staff and visitors by
reducing and, where possible, eliminating the risk of loss, harm or damage

 protect its assets and reputation

 meet statutory and regulatory requirements (e.g. Monitor, CQC, HSE)

3.2 This will be achieved through a process of identification, analysis, evaluation, control,
elimination and transfer of risk.

3.3 The Trust aims to be pro-active in its approach to the management of risk and will
endeavor to identify, control and, where possible, eliminate the risk before incidents
of actual loss, harm or damage have occurred.

3.4 For this approach to be effective it is recognised that there must also be:

 an ongoing raising of awareness of risk management

 involvement/participation of all staff

 integration of risk management into operational management

 early escalation and mitigation/resolution of risk issues

 a ‘live’ and meaningful organisational wide Risk Register which is populated

with all types of risk e.g. financial, strategic, clinical and non-clinical and is
regularly updated and reviewed through the Trust governance structure
through to the Trust Board

 clear, communicated arrangements/designated responsibilities for risk

management

 training in risk assessment/management

 a robust incident reporting system

 development of risk management within a ‘fair blame’ culture. The Trust’s

approach following adverse incidents will therefore focus on ‘what went
wrong, not who went wrong’

Printed copies valid only if separately controlled Page 4 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

 sound clinical practice which is:

 evidence based

 undertaken by appropriately skilled & equipped staff

 undertaken in accordance with policies, procedures and guidelines

 effective communication within and between Directorates and also with

patients and the public

 safe systems of work & safe practices which are undertaken in accordance
with up to date policies, procedures and guidelines which are known and
understood by the staff concerned

 ongoing monitoring of actions/controls put in place to minimise the

organisation’s risk exposure

 pro-active management of complaints and claims

 routine and ongoing ’learning of lessons’/‘closing the loop’ when things do go

wrong

 ongoing audit and monitoring of the effectiveness of the Trust’s risk

management/governance arrangements and appropriate escalation and
remedial action where shortfalls are identified

4.0 Definitions

4.1 Risk is defined as a “hazard/exposure to danger/chance of loss or harm”. As the

consequences of taking risks can be damaging, steps must be taken to manage or
minimise these risks. (*Harm is defined as 'injury (physical, emotional or
psychological), disease, suffering, disability or death.)

4.2 Risk Management is defined as “the systematic process of risk identification,

analysis, evaluation and correction of potential and actual risks to which an
organisation is exposed (whether affecting patients, visitors, staff or property)”.
Clinical Risk Management concentrates on identifying and correcting risks associated
with direct patient care, whilst Non-Clinical Risk Management is associated with all
other Trust activities.

Printed copies valid only if separately controlled Page 5 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

5.0 Risk Management Process - Actions

5.1 Risk Identification

5.1.1 It is self-evident that risk management requires risk identification and inevitably,
through risk assessments/audits, workplace assessments, complaints/claims, day to
day practice, etc. many risks will be identified and appropriate action taken before
instances of loss, harm or damage have occurred. These risks will be recorded, as
appropriate, as part of the relevant Directorate/Group Risk Register, which in turn will
inform the overall organisation-wide Risk Register. However, in an organisation as
large and complex as the NHS, it is accepted that an element of risk management is
reactive and that some risks will not be identified until something has gone wrong and
therefore an essential part of the Trust’s Risk Management Strategy is the system for
identifying/reporting untoward incidents/accidents. The effectiveness of the Trust's
Incident Reporting arrangements requires the participation and co-operation of all
staff.

5.1.2 The Trust’s Incident Reporting arrangements, which have been developed with an
emphasis on ‘fair blame’, places on staff the requirement to report any “accident,
incident or potential incident (i.e. a ‘near miss’) that could adversely affect the
individual(s) involved (i.e. lead to loss, harm or damage), lead to further action and
ultimately loss to the Trust’s reputation and/or assets”.

5.1.3 Risks identified from the incident reporting process (and indeed the complaints and
claims management processes) will also inform Directorate/Group and, in turn, the
organisation-wide Risk Register; details of the numbers and severity of related
incidents which occur informing the grading/ranking of a particular risk on the Risk
Register.

5.1.4 The Trust has adopted a ‘universal’ Incident Report Form which is used for the
reporting of all incidents/accidents (whether clinical or non-clinical) involving patients,
members of staff or visitors to the Trust.

5.1.5 The Trust recognises that analysis and review of incident data is essential in order to
inform the process of learning and change. Whilst Directorates/Groups will regularly
review information on incidents in their individual areas within their Governance
Groups (or equivalent forums within Non-Clinical Directorates), review of central
aggregate incident data (and also data on complaints/concerns and claims) will also
be undertaken in order to:

 identify Trust-wide patterns or trends not noticeable or seen as significant

from individual analysis reports
 provide additional valuable information for learning
 assure the Trust Board that risks of all kinds are being identified and managed

5.1.6 The Trust's Incident Reporting System will be continually reviewed and refined in
order to meet the needs of the organisation and ensure that all areas and all staff
groups are reporting incidents (including the use of on-line reporting facilities) and in
order to ensure compliance with National requirements; not least the requirement to
report ‘patient safety’ incidents to the NHS England National Reporting & Learning
System (NRLS) and the requirement to report security incidents to the National
Security Management Services via the Security Incident Reporting System (SIRS).

Printed copies valid only if separately controlled Page 6 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

5.1.7 The Trust also has in place a ‘Policy for Dealing with Serious Untoward Incidents
(Clinical and Non-Clinical)’. This outlines specific responsibilities of key individuals
on identification of a serious untoward incident including communication with
patients, relatives and staff and, where appropriate the wider public, notification to
external stakeholders and organisations including the Commissioners, NHS England
and, where appropriate, Monitor and the CQC, and investigation and follow-up of the
incident.

5.1.8 The Trust also receives information on risks/hazards from a number of external
sources (i.e. Confidential Enquiry Reports, Medicines and Healthcare Products
Regulatory Agency (MHRA), NHS England, Department of Health (DOH), the Care
Quality Commission (CQC) as well as from high level enquiries and feedback from
stakeholders (e.g. Commissioners) etc). On receipt of this information the Trust will
respond appropriately, ensuring that the necessary controls are in place to minimise
and, where possible, eliminate the risk of loss, harm or damage or other impact to
patients, members of staff and visitors to the Trust. Where controls may be
inadequate, the risk faced by the organisation will be included on the Risk Register.

5.1.9 The Trust recognises that as new risks are constantly emerging, the identification of
risk needs to be an on-going and pro-active process, which involves all staff and
ensures that action is taken before incidents/actual loss, harm or damage have
occurred. The Trust has in place general and specific Risk Assessment Tools –
which use a generic assessment/grading matrix – to assist staff in identifying and
assessing risk.

5.1.10 All risks identified, whether from reactive or proactive or internal or external sources
will be recorded as part of the relevant Directorate/Group Risk Register, which in turn
will inform the overall organisation-wide Risk Register. This in turn will enable risk to
be quantified and ranked. Further, it will provide a structure for collating information
about risks that will help both in the analysis of risks and in the process of making
decisions about whether or how these risks should be treated, including the allocation
of resources. Review and monitoring of risks on the risk register will be an ongoing
process and will be undertaken via the Trust’s governance framework. A Trust-wide
Risk Register – ‘Confirm or Challenge’ Group, comprising representations from all
Directorates has been set up for this purpose. This group is responsible for
confirming or challenging the entry of new risks on the risk register and the grading
attached to them and for monitoring the achievement of agreed action plans. Details
of those strategic risks faced by the Trust and associated action plans will be
provided, for review and monitoring, in quarterly reports to the Trust Governance &
Assurance Committee and Trust Board. In order to provide robust challenge in
respect of the Trust’s response to risks on the risk register, the strategic, high level,
risks on the risk register are reviewed at each meeting of the Trust Governance &
Assurance Committee and quarterly by one of the Non-Executive Directors (the chair
of the Trust Governance & Assurance Committee), who provides comments to the
Board as part of the quarterly feedback report allowing any further required action to
be agreed.

Printed copies valid only if separately controlled Page 7 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

5.2 Evaluation / Analysis or Assessment of Risk

5.2.1 This involves an estimate of the probability of the risk occurring, the frequency of the
risk occurring and the impact or severity if it does.

5.2.2 An assessment of the risks attached to a particular practice or activity may be

undertaken using the Trust’s generic Risk Assessment Tool/Grading Matrix (see
Figure 3 below) by mapping the likelihood of recurrence (Figure 1) against the
severity/impact (Figure 2) to determine the risk grading/score. This can be used as
the basis of identifying acceptable and unacceptable risk.

Figure 1: Likelihood of Recurrence Ratings

Descriptor Description

CERTAIN Will undoubtedly recur, possibly frequently

Will probably recur, but is not a persistent

LIKELY
issue

POSSIBLE May recur occasionally

Do not expect it to happen again but it is

UNLIKELY
possible
Cannot believe that this will ever happen
RARE
again.
Figure 2: Severity / Impact / Consequence Ratings
Actual or potential unintended or
Level Descriptor unexpected impact on individual(s)
(Examples Only)
5 Catastrophic
(including Any patient safety incident
Death)
that directly resulted in the
death (related to the incident
rather than a natural course
of the patient’s illness or
underlying condition
4 Severe
Any patient safety incident
that appears to have
resulted in permanent harm
(permanent lessening of
bodily, sensory, motor,
physiologic or intellectual
functions, including removal
of the wrong limb or organ or
brain damage).
Actual or potential impact on organisation
(Examples Only)
COMBINED
(Clinical, Financial, Quality, Litigation, Reputation, Equity)
 International adverse publicity/severe loss of confidence in the
organisation
 Extended service closure (i.e. 8 days+)
 Litigation >£1 million
 Other financial loss >£1 million
 Significant lost staff working days
 Definite notification to Monitor, NPSA, NHSLA/other external agencies
(e.g. HSE, Police, Coroner etc.)
 Probable external investigation/ interventions/sanctions by Care Quality
Commission, HSE etc.
 Executive Officer Imprisoned
 Removal of Executive control / authorisation
 Public enquiry
 Serious breach of confidentiality (potential for ID theft or over 1000
people affected)
 National adverse publicity/major loss of confidence in the organisation
 Possible temporary service closure/disruption to service (i.e. 2-7 days)
 Complaint
 Litigation £500k - £1 million
 Other financial loss > £500k
 Increased length of stay >15 days
 Increased level of care >15 days
 Significant lost staff working days
 Definite notification to Monitor, NPSA, NHSLA/other external agencies
(e.g. HSE, Police etc.)
 Possible external investigation/ intervention/sanctions/prosecution by
Care Quality Commission, HSE, Police etc.
 Extended failure to meet national targets
 Executive officer fined
 Loss of major civil case
 Loss of Human Rights Act (HRA) or Disability Discrimination Act (DDA)
case
 Critical Care Quality Commission report

Printed copies valid only if separately controlled Page 8 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

 Serious breach of confidentiality (up to 1000 people affected)

3 Moderate Any patient safety incident
that requires a moderate
increase in treatment
(unplanned return to
surgery, an unplanned re-
admission, a prolonged
episode of care, extra time in
hospital or as an outpatient,
cancelling of treatment, or
transfer to another treatment
area (such as intensive care)
and which caused
significant, but not
permanent harm. Prolonged
psychological harm which
means psychological harm
which a service user has
experienced, or is likely to
experience, for a continuous
period of at least 28 days.
2 Low Minor effect on care or wellbeing, health
& safety of any person
Non-permanent harm requiring
observation or minor treatment
1 None/ No obvious harm/injury
’Near Miss’
 Moderate service disruption
 Local adverse publicity/moderate loss of confidence in the organisation
 Probable complaint
 Probable litigation £50k - £500k
 Other financial loss £100k-£499k
 Increased length of stay 8-15 days
 Increased level of care 8-15 days
 Lost staff working days
 Probable notification to Monitor, NPSA, NHSLA etc.
 Failure to meet national targets 2 Qtr’s
 Improvement notice
 Recruitment difficulties in key specialties
 Persistent same issue complaints
 HRA or DDA claim
 Serious potential breach of confidentiality (up to 20 people affected)
 Minor impact/service disruption (i.e. up to 1 day)
 Possible complaint
 Possible litigation < £50k
 Other financial loss <£99k
 Increased length of stay 1-7 days
 Increased level of care 1-7 days
 Possible lost staff working days
 Failure to meet national targets 1 Qtr
 Minor civil case
 Minor breach of confidentiality (less than 5 people affected)
 Minimal impact/no service disruption
 No or low financial loss
 No lost staff working days
 No litigation
 No loss of reputation
 No loss of equity
 Minor breach of confidentiality (single individual affected)

Figure 3: Risk Assessment Matrix

Severity / Impact / Consequence

Likelihood None / Near

Low Moderate Severe Catastrophic
of Miss
(2) (3) (4) (5)
recurrence (1)

Rare (1) 1 2 3 4 5

Unlikely (2) 2 4 6 8 10

Possible (3) 3 6 9 12 15

Likely (4) 4 8 12 16 20

Certain (5) 5 10 15 20 25

RISK Green – Yellow – Orange – Red –

Risk Very low Risk Low Risk Moderate Risk High
Score 1-3 Score 4-6 Score 8-12 Score 15-25

Printed copies valid only if separately controlled Page 9 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

5.2.3 It is recognised that the above approach will not be routinely required for all
risk assessments and that the professional judgement of the staff working in
the areas concerned will continue to be the chosen/most appropriate and
indeed acceptable means of assessment.

5.3 Risk Control

5.3.1 Following identification and analysis of the risk, a decision will need to be made as to
whether the Trust can avoid, reduce, eliminate, accept/retain or transfer the risk:

 Avoid: whether a particular task can be undertaken a different way so that the
risk does not occur

 Reduce: whether action can be taken to reduce, as far as possible, the

probability or impact of the risk exposure

 Eliminate: whether definitive action can be taken to eliminate the risk

exposure

 Transfer: the most common form of risk transfer is insurance

 (As part of its approach to minimising financial risk and liabilities, the Trust
has joined the NHSLA’s clinical and non-clinical risk pooling schemes)

 Accept/retain: if the risk is small or cannot be reduced, avoided or

transferred (it may be that the cost of insurance cover is prohibitive), the Trust
will need to accept it and prepare an action plan in order to minimise the
effects of the risk exposure

5.3.2 ‘Acceptable risk’ can be defined as ‘the residual risk remaining after controls
have been applied to associated hazards that have been identified, quantified,
analysed, communicated to the appropriate level of management and accepted
after proper evaluation’.

5.3.3 As indicated in 5.2.2 above, a simple approach is to quantify risk in terms of

frequency and severity using the Trust's Risk Assessment Tool/Grading Matrix. This
allows construction of a risk matrix, which can be used as the basis of identifying
acceptable and unacceptable risk.

5.3.4 Acceptability may be defined as those risks that have a score of six or less, although
this may depend on the specific risk. It must also be borne in mind that there are
some instances where a risk may be deemed unacceptable yet still be tolerated by
the Directorate/Group/organisation. For example, a risk may be tolerated, as its
removal may prove detrimental to service provision. Similarly, the risk may be
untreatable or the cost of treatment/control may be prohibitive. As outlined above
(5.3.1), where the Directorate/organisation decides to accept the risk, action will need
to be put in place to minimise as far as possible the effects of the risk exposure. N.B.
In such instances, the risk should also be added to the Risk Register.

Printed copies valid only if separately controlled Page 10 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

5.3.5 Whilst all staff within the Trust have some responsibility for risk management, where
a risk cannot be controlled or eliminated at a specific level, relevant Managers should
ensure escalation to the next level for a decision to be made. In line with the
principles of devolution within the Northern Lincolnshire & Goole NHS Foundation
Trust, responsibility for the management/control and funding of a particular risk rests
with the Directorate/Group concerned. However, where action to control a particular
risk falls outside the control/responsibility of that Directorate/Group, where local
control measures are considered to be potentially inadequate or require significant
financial investment or the risk is ‘significant’ and simply cannot be dealt with at that
level, such issues must be referred to the Trust Governance & Assurance Committee
or Executive Team/Trust Board. N.B. A ‘significant’ risk could be defined as one
with a risk grading/score of ‘high’ (red) determined using the Risk Grading
Matrix at Figure 3 above (5.2.2).

5.3.6 Whilst the above groups will consider the implications of not managing the risk and
will make recommendations for action, they will not routinely be responsible for the
allocation of resources. Requests for funding (where this cannot be managed within
the Directorate/Group) will be considered against the Capital Programme and other
designated ‘risk’ or other allocations. Where there are several risks to consider, all of
which may have a cost to control, priorities will have to be made if resources are
finite. The grading/ranking of risks using the Trust’s Risk Register will assist with this
process. The above system will avoid, as far as possible, a situation where
‘unacceptable’ risks are not managed due to financial constraints.

5.4 Risk Review / Follow-up

5.4.1 As risks can change over time and new ones can emerge actions taken to control the
risk exposure will be reviewed/audited to ensure they are effective. The frequency of
review will depend on the severity of the risk involved.

5.4.2 When ‘significant’ risks have been identified, Directorates/Groups will be required to
produce an action plan for addressing these. Implementation of agreed action
measures in such instances will be escalated to and monitored by the Trust’s
Governance & Assurance Committee and ultimately the Trust Board.

5.4.3 Where a risk has been identified in one area of the Trust but has the potential to
occur elsewhere, lessons learned will be widely shared. The Trust has in place a
range of mechanisms to support this sharing of information (e.g. Internal Risk
Management ‘Safety Alerts, ‘Learning the Lessons’ Newsletter, Quarterly
Governance Updates, Governance Liaison Group, Health & Safety Leads Network
etc.).

5.4.4 The Trust will also work with relevant stakeholders (e.g. Commissioner colleagues) to
ensure appropriate learning from and follow-up of incidents and risk issues and the
achievement of agreed quality objectives and targets.

Printed copies valid only if separately controlled Page 11 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

6.0 Risk Management Process - Local Level Actions

6.1 Directorates/Groups will identify and manage risk in accordance with the principles
and processes outlined within this Strategy and will:

 designate Governance Leads to lead the development and implementation of

effective governance and risk management arrangements within the
Directorate/Group. N.B. In discharging those responsibilities, Directorates /
Groups will be supported by a central governance support team, most notably
the Risk & Governance Facilitators, who will assist in co-ordinating
governance and risk management activities

 convene an appropriate group with overarching responsibility for governance

and risk management within the Directorate/Group and ensure that regular
meetings of this committee are held and that there are links between these
committees and the Trust Governance & Assurance Committee (see also 7.6
and Appendix D below) and that issues are escalated to the Trust
Governance & Assurance Committee, as required, through the quarterly
‘highlight’ reports and, convene relevant sub-committees to consider specific
risk issues, as necessary/appropriate

 implement relevant local governance and risk management policies,

procedures and guidance as necessary/appropriate

 identify and assess risks of all types, in accordance with the requirements of
the Trust’s ‘General Risk Assessment Procedure’ and other risk assessment
requirements in relation to specific risk issues (e.g. moving & handling,
violence and aggression, lone working etc.) and ensure that, where controls
are not adequate and action is required, these are recorded on the relevant
Directorate Risk Register, which in turn will inform the overall organisation-
wide Risk Register, and ensure that action plans are in place and these are
regularly reviewed and updated. In some areas this will be achieved by
having in place specific risk register review groups

 ensure that, where risk has a cost to control, these requirements are included
in the Directorate’s Capital Programme or bids are submitted against other
designated ‘risk’ or other allocations

 ensure that risks which cannot be managed within the Directorate are
appropriately escalated

 ensure the effective management of complaints/concerns and claims with an

emphasis on learning lessons and ensuring changes in practice occur as
necessary/appropriate

 ensure that all areas and all staff groups report adverse incidents (in
accordance with the Trust’s Incident Reporting Policy) and ensure that this is
monitored

 be open with patients/relatives when things go wrong (in accordance with the
Trust’s ‘Being Open’ Policy and the ‘Duty of Candour’)

Printed copies valid only if separately controlled Page 12 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

 learn lessons when things go wrong and ensure that follow-up/’closing of the
loop’ occurs in order to prevent recurrence and that feedback and support is
provided to patients/relatives and staff

 share lessons learned within the Directorate/Group or across the wider

organisation, utilising the various mechanisms in place within the Directorate
or wider Trust (e.g. Trust-wide Risk Management ‘Learning Lessons’
Newsletters)

 analyse and review data on incidents, complaints/concerns and claims in

order to ensure that trends are identified and remedial action is taken as
necessary/appropriate and that where risks are identified from this process,
these are included on the Risk Register

 escalate and follow-up serious untoward incidents within agreed timescales

and targets

 respond to internal and external alerts and recommendations (e.g.

Confidential Enquiry reports, safety alerts, NICE guidance etc.)

7.0 Risk Management Duties & Responsibilities

7.1 In line with the requirements of Clinical Governance, the Chief Executive carries
ultimate responsibility for assuring the quality of the services provided by the
Northern Lincolnshire & Goole NHS Foundation Trust just as he is for the proper use
of resources. Detailed Clinical Governance arrangements are in place within the
Trust.

7.2 The Chief Executive, on behalf of the Trust Board, is also ultimately accountable for
ensuring the implementation of Corporate Governance. This imposes a requirement
for Trusts to be in a position to provide, in the Annual Governance Statement, an
overall assurance that the organisation has in place the necessary controls to
manage its risk exposure. In order to make such a statement, the Chief Executive
and Trust Board will need to have evidence that the Risk Management Strategy is
being actively implemented, that systems/procedures are being regularly reviewed
and that, where required, developments and improvements are being made. The
Trust’s Governance & Assurance Committee will oversee this process, although the
Internal Audit function will also be required to audit the arrangements in place, not
least by verification of evidence captured as part of the Trust Assurance Framework,
and provide independent verification of the system of internal control.

7.3 Within these arrangements:

 The Director of Performance Assurance & Trust Secretary has delegated

lead responsibility from the Chief Executive for the co-ordination of the
Trust’s governance, quality governance and risk management arrangements
and for supporting the Medical Director and Chief Nurse in delivering the
quality governance and improvement agenda. However, responsibility for the
day-to-day management of risk at local level has been devolved to
Directorates/Groups – see section 6.0. The Director of Performance
Assurance & Trust Secretary will however be responsible for assuring the
Chief Executive and the Trust Board that the arrangements at corporate and
local level are robust

Printed copies valid only if separately controlled Page 13 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

 Directors/Managers are responsible for ensuring the implementation of

effective governance and risk management arrangements within the areas for
which they are responsible – which are consistent with the principles outlined
in the Trust-wide Risk Management Strategy – and for ensuring that staff are
aware of their responsibilities and are engaged in the risk management
process

 The Director of Finance is responsible for financial risk management and for
providing regular, timely and accurate financial reporting to the Board and
Monitor. This in turn will enable the Board to provide in the Trust’s Annual
Accounts an assurance of the safeguarding of assets and the maintenance of
proper accounting records and the reliability of financial information

7.4 The Trust’s Risk Management Structure is shown at Appendix B.

7.5 Appendix C sets out the duties and responsibilities of staff within the Trust’s risk
management arrangements including those key staff with specific responsibilities for
leading and co-ordinating the Trust’s governance and risk management
arrangements.

7.6 A Risk Management meeting structure, to drive the Trust’s risk management agenda
(both clinical and non-clinical) is also in place and is shown at Appendix D. These
arrangements ensure that there is full involvement across all Directorates and that
the management of clinical and non-clinical risk issues involves the most appropriate
personnel and that staff feel both supported and involved in the process and further,
provide assurance to the Trust Board that risk issues are being identified, escalated
and controlled.

8.0 Strategy Approval and Ratification Process

8.1 The Trust’s Governance & Assurance Committee is responsible for overseeing the
ongoing development and implementation of the Risk Management Strategy.

8.2 The Trust Board will be responsible for the ratification of the annual review of the Risk
Management Strategy.

9.0 Strategy Review and Revision

9.1 This Strategy will be reviewed annually or sooner should the need arise.

Printed copies valid only if separately controlled Page 14 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

10.0 Strategy Implementation

10.1 Training

10.1.1 In order to ensure that staff have sufficient awareness of risk management and are
competent to identify, assess and manage risk within their working environment and
thus ensure that the Risk Management Strategy is effectively implemented and its
objectives met, risk awareness/assessment training as well as other risk management
training is made available to all staff as part of the Trust’s comprehensive Risk
Management Training Programme. Managers (and ultimately Directors) with
responsibility for the management of staff will be responsible for ensuring that an
assessment of the risk management training needs of their staff, as part of individual
personal development plans and training needs analysis, is undertaken and that staff
are able to access and attend relevant training.

10.1.2 In respect of new staff, information on risk management including information on

incident reporting is included in the corporate and local induction arrangements for all
staff.

10.1.3 For further details of the Trust’s requirements in respect of risk management training,
staff should refer to the Trust’s Mandatory Training Policy and Training Needs Analysis.

11.0 Strategy Dissemination

11.1 The Trust’s Risk Management Strategy will be disseminated to:

 Trust Board

 Council of Governors

 Directorates/Groups

 All staff

 Commissioners*

 Monitor*

 CQC*

 Patients and the public*

 User groups (on request and via the Trust Intranet site)

 Patient Forums*

 Commissioners*

 Ambulance Services*

 Local Authority Scrutiny Lead(s)*

*on request and/or via the Trust’s Internet site

Printed copies valid only if separately controlled Page 15 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

11.2 Amendments to the Strategy will be communicated to the above as and when they
occur.

11.3 The Strategy will also be made available via the Intranet to ensure ease of access and
to ensure that changes made are quickly communicated.

11.4 A copy of the ‘Risk Management Summary Leaflet for Staff' will be made available in
hard copy to all existing staff and new staff at induction. Managers of staff will however
be responsible for ensuring that new staff are able to access the full version of the
Strategy – either electronically or in printed, hard copy format.

11.5 A leaflet entitled 'Risk Management Summary Leaflet for Patients & Visitors' will be
displayed in all areas of the Trust. This invites comments and suggestion on how the
Trust may further reduce risk.

12.0 Monitoring Compliance and Effectiveness

12.1 The Trust Board will receive an annual report on progress against key
governance/risk management objectives.

12.2 The Trust’s Governance & Assurance Committee and the Trust Board will also
monitor the Trust’s progress against the following key performance indicators, on an
ongoing basis:

 compliance with internal and external risk management standards including

the Health and Social Care Act 2008 (Registration Requirements)
Regulations 2009/CQC Essential Standards of Quality & Safety;

 annual and in-year monitoring by the Trust Board of compliance with the
Trust’s License as part of Monitor’s compliance regime through the approval
of the annual plan and associated self-certifications and the monthly
performance reports;

 quarterly monitoring of trends/demonstrable ‘learning of lessons’ from

incidents, complaints and claims;

 monthly monitoring of complaint response times/performance;

 ongoing risk assessment & development of the Trust-wide Risk Register and
the receipt for review of quarterly risk register reports to the Trust Governance
& Assurance Committee and the Trust Board;

 monitoring of risk management training attendance levels;

 monitoring of the outcome and follow-up of in-year reviews and audits of the
Trust’s risk management/governance arrangements.

N.B. The above is not an exhaustive list but represents ‘key’ performance indicators.

12.3 Individual Directorate/Group performance in achieving governance/risk management

objectives and targets is monitored through the formal performance monitoring
arrangements led by the Chief Executive.

Printed copies valid only if separately controlled Page 16 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

13.0 Further Reading / Associated Documentation

13.1 The above represents the Trust’s Risk Management Strategy and does not provide
detailed information on the management of a specific area of risk or risk topic. It is
recommended, therefore, that this document be read in conjunction with other key
documents in place within the Trust including:

 Trust Constitution/Standing Financial Instructions/Standing Orders

 Trust Assurance Framework

 Directorate/Group Risk Management Strategies

 Policy for Dealing with Serious Untoward Incidents (Clinical & Non-Clinical)

 Incident Reporting Policy and associated documentation

 ‘Being Open’ and Duty of Candour Policy

 ‘Speaking Out’ Policy

 Risk Register Policy

 Health & Safety Policy Statement

 General Risk Assessment Procedure

 Trust Governance & Assurance Committee Terms of Reference

 Risk Register Confirm or Challenge Group Terms of Reference

 Learning Lessons Review Group Terms of Reference

 Audit Committee Terms of Reference

 Quality & Patient Experience Committee Terms of Reference

 Mortality Performance Committee Terms of Reference

 Business Continuity Policy

 Emergency Preparedness, Resilience and Response Steering Group –

Membership and Terms of Reference

13.2 The above is not an exhaustive list but represents key documents, which outline
arrangements and processes which compliment the approach outlined in this
Strategy.

13.3 The above and other risk related policy documents can be accessed on the Trust's
Intranet site.

Printed copies valid only if separately controlled Page 17 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

14.0 References

14.1 Guidance about compliance with Health and Social Care Act 2008 (Registration
Requirements) Regulations 2009.

14.2 NPSA. (2004). Seven Steps to Patient Safety. London: NPSA.

14.3 Health & Safety at Work Act 1974.

14.4 Australian/New Zealand Standard AS/NZS 4360:1999.

14.5 NHS Appointments Commission. (2003). Governing in the NHS: A Guide for NHS
Boards. London: NHS Appointments Commission.

14.6 NPSA. (2008). A Risk Matrix for Risk Managers. London: NPSA.

14.7 Monitor. (2011). Compliance Framework. London: Monitor.

14.8 Monitor. (2010). NHS Foundation Trust Code of Governance. London: Monitor.

14.9 DOH. (2006). Integrated Governance Handbook: A Handbook for Executives and
Non-Executives in Healthcare Organisations. London: DOH.

14.10 NHSLA. (2012). Risk Management Standards for Acute Trusts. London: NHSLA.

14.11 Audit Commission (2009) “Taking it on Trust: A Review of How NHS Trusts and
Foundation Trusts get their Assurance”. London: Audit Commission.

14.12 National Patient Safety Agency (2007) “Healthcare Risk Assessment Made Easy”.
London: NPSA.

14.13 HSE. (2010). “Leading Health & Safety at Work: leadership Actions for Directors and
Board Members”. London: HSE.

14.14 FTN. (2011). The Foundations of Good Governance: A Compendium of Best

Practice.

15.0 Equality Act (2010)

15.1 In accordance with the Equality Act (2010), the Trust will make reasonable adjustments
to the workplace so that an employee with a disability, as covered under the Act, should
not be at any substantial disadvantage. The Trust will endeavour to develop an
environment within which individuals feel able to disclose any disability or condition
which may have a long term and substantial effect on their ability to carry out their
normal day to day activities.

15.2 The Trust will wherever practical make adjustments as deemed reasonable in light of an
employee’s specific circumstances and the Trust’s available resources paying particular
attention to the Disability Discrimination requirements and the Equality Act (2010).

_________________________________________________________________________
The electronic master copy of this document is held by Document Control,
Directorate of Performance Assurance, NL&G NHS Foundation Trust.

Printed copies valid only if separately controlled Page 18 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

Appendix A
RISK MANAGEMENT OBJECTIVES 2015 - 2018

The following represent the key risk management objectives for the Trust for 2015 -2018:

Objectives of the central governance / assurance team:

 to support the delivery of the Quality Development Plan including assurance

internally and externally regarding the embedding of these actions;

 to continue to embed Governance Structure working with Directorates & Groups to

ensure that these arrangements support the emphasis on outcomes and improved
quality & safety;

 to further develop and strengthen the Trust Assurance Framework ('Board to Ward')
and the development and implementation of a ward/department quality & patient
safety dashboard and in order to ensure that there is sufficient granularity of
information across the Trust that ensures the prompt reporting of downward trends in
performance. To further develop the Trust’s health & safety and fire safety
arrangements – including the ongoing monitoring of risk assessments, ensuring that
the appropriate controls are in place and the provision of health & safety training
including IOSH ‘Managing Safely’ training and fire training to relevant Trust staff;

 to further develop the Trust’s Incident Reporting System through the use of
DatixWeb;

 to further cascade Root Cause Analysis Training and to provide refresher training for
those staff who received this training more than three years ago;

 to continue to support Directorates / Groups in learning lessons/‘closing the loop’

following complaints/concerns, claims and incidents /SUIs in order to reduce the
occurrence of ‘same type’ incidents and which avoids the occurrence of ‘never
events’;

 to undertake a comprehensive review and further develop systems for sharing

lessons learned/feedback to staff following incidents, complaints/concerns and claims
via the ‘Learning Lessons’ Review Group;

 to support Directorates/Groups to ensure compliance with relevant external

standards and guidance e.g. Confidential Enquiries, NICE etc;

 to continue to strengthen the Trust's emergency planning, resilience and business

continuity arrangements and ensure that the Trust is discharging its responsibilities
under the Civil Contingencies Act 2004 and other relevant guidance and continues to
meet the requirements of its Terms of Authorisation. Further to ensure that the Trust
has the necessary arrangements in place under the PREVENT agenda;

 to continue to develop and refine the Trust’s Risk Register to ensure that it remains
an accurate and up to date reflection of the organisation’s risk profile and ensuring
this is more closely aligned with the performance management system;

 to ensure that the Trust achieves a minimum of Level 2 performance against the key
requirements of the Information Governance Statement of Compliance (IGSoC) in

Printed copies valid only if separately controlled Page 19 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

the Department of Health’s Information Governance Toolkit and to maintain or

progress towards achievement of Level 3 compliance;
 to ensure that the Trust meets its obligations under Freedom of Information Act and
responds to requests for information within specified time periods.
 to continue to develop the Risk Management Training Programme, in the light of
national changes and developments, and work with Directorates/Groups to agree
methods of delivery which meet the needs and demands of staff and the service and
ensure maximum take-up and to include a review of the Trust’s Mandatory Training
Policy;

 to strengthen the Trust’s arrangements for dealing with complaints and concerns and
ensuring ownership and accountability across the organisation;

 to continue to support Directorates/Groups to achieve compliance with the 95%

complaints response target;

 to continue to develop the arrangements for the management of claims with an

increased emphasis on learning lessons/‘closing the loop’;

 To continue to provide advice and support to Trust staff to ensure compliance with
the requirements of Mental Capacity Act (MCA) 2005 & Mental Capacity Act
Deprivation of Liberty Safeguards (MCA DOLS) 2007 and Mental Health Act 2007,
not least through the development and implementation of relevant local policies and
training / awareness programmes. Further to respond appropriately to the outcome
of MCA and MCA Audit reports; and CQC Guidance

Printed copies valid only if separately controlled Page 20 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

Wider organisational risk management objectives

 to ensure that the Trust continues to comply with its License and the NHS
Constitution. Where risks to compliance with the Trust’s Authorisation have been
identified to ensure that these are addressed – or ensure there are appropriate action
plans in place to address the issues in a timely manner;

 to continue to demonstrate compliance with Monitor’s Quality Governance

Framework;

 to achieve compliance with Monitor performance targets and the requirements of the
Trust’s License;

 to ensure the achievement of relevant external accreditation of clinical services e.g.

Stroke Accreditation;

 to achieve the agreed CIP target;

 to ensure that the Trust remains a ‘Going Concern’;

 to ensure that the recommendations of internal and external audits are acted on in a
timely manner;

 to ensure that the Trust meets the agreed attendance targets for safeguarding adults
and children training;

 to ensure the delivery of the CQUINS scheme;

 to ensure all medical practitioners providing care on behalf of the Trust have met the
relevant revalidation requirement;

 to ensure that the Trust meets its obligations under equality, diversity and human
rights legislation through the provision of:

 a visible lead to promote awareness of equality and diversity amongst existing

staff through effective communications and awareness;

 the testing of knowledge of new staff through the recruitment process;

 the monitoring of the Trust’s compliance with these obligations via an

appropriate assurance system.

 to ensure that the Trust continues to be compliant with the Climate Change Act, the
Carbon Reduction Commitment and Energy Performance Directive through the
development and implementation of a Carbon Management Plan;

 ensure the Trust meet its legislative requirements in the management of its estate
and information.

Printed copies valid only if separately controlled Page 21 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

Appendix B
GOVERNANCE / RISK MANAGEMENT STRUCTURE (Revised)

TRUST BOARD

CHIEF EXECUTIVE

Organisational Estates & Strategy &

Finance Development Facilities Planning Medical Operations Pathlinks Chief Nurse
Directorate & Workforce Directorate Directorate Director Directorate
Directorate

Lead Nurse for

Infection Control/
Community Women & Surgery / Medicine Diagnostics, Path Deputy DIPC
& Therapy Children’s Critical Care Governance Pharmacy & Links
Governance Governance Governance Group Central Governance
Group Group Group Operations
Governance

Governance Head of
Leads Safeguarding

Safeguarding Team
TRUST GOVERNANCE Director of
& ASSURANCE PA Performance Assurance
COMMITTEE & Trust Secretary

*Operations Centre
& Resilience
Deputy Director of Manager
Performance
Secretary Assurance & Assistant
Trust Secretary **Emergency Planning
Officer

Head of Claims &

Membership Head of Head of Risk Head of Quality Quality & Audit Fire, Health, Secretary Legal Services
Manager Performance Management Assurance Manager & Safety Manager
Assurance

Membership Officers Performance Trust Q&A Facilitators Complaints Local Security

X2 Co-ordinator Document x5 Manager Management
Controller Specialist

Q&A Project Complaint Fire Safety

Performance NICE Support Facilitators Advisor
Assistant Administrator Officer x2 X5
Risk & Governance
Facilitators x8
Q&A
Assistant Complaints Systems
Apprentice Assistants Administrator /
X2 Analyst

Secretary Q&A Filing

Clerk x2
PALS Team Leader Claims Facilitator
-

Claims Assistant
PALS Assistants
X4

* Post sits in Directorate of Operations structure, but post holder reports to the
Director of Clinical and Quality Assurance & Trust Secretary in respect of the
Emergency Preparedness and Resilience element of the role.
** Post sits in Directorate of Clinical and Quality Assurance & Trust Secretary
structure, but post holder reports to the Operations Centre & Resilience Manager.

Printed copies valid only if separately controlled Page 22 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

Appendix C
GOVERNANCE / RISK MANAGEMENT STRATEGY – DESIGNATED
RESPONSIBILITIES

All staff within the Trust have responsibility for identifying and managing risk. The following
sets out the duties and responsibilities of staff within the Trust’s risk management
arrangements including those key staff with specific responsibilities for leading and co-
ordinating the Trust’s governance and risk management arrangements (the latter are
highlighted in italics):

(i) Trust Board

The Trust Board is responsible for ensuring that the Trust has in place the necessary
controls to manage its risk exposure. (N.B. In addition, in order to provide robust
challenge and assurance in respect of the Trust’s response to risks on the risk
register, The Trust Board is responsible for identifying a Non-Executive Director to
lead this challenge – see also 5.1.10 above.)

(ii) Chief Executive

The Chief Executive carries ultimate responsibility for risk management including the
implementation of Clinical and Corporate Governance.

(iii) Director of Performance Assurance & Trust Secretary (*)

The Director of Performance Assurance & Trust Secretary carries delegated

responsibility from the Chief Executive for all elements of Governance /Risk
Management and Assurance, including security and fire safety and for supporting the
Medical Director and Chief Nurse in delivering the quality agenda. The Director of
Clinical and Quality Assurance & Trust Secretary is the organisation’s Caldicott
Guardian.

The Director of Performance Assurance & Trust Secretary is also responsible for:

 raising the profile of governance and quality governance;

 ensuring that governance, quality & safety are seen as the responsibility of all
staff who, in discharging those responsibilities, have access to, and support
from, an appropriately skilled and responsive governance support team;

 ensuring that the Trust’s governance, quality & infection control resource is
targeted in the right place at the right time with an emphasis on outcomes
rather than process and improved quality and safety;

 ensuring that this expertise is maximised by the organisation through

structured training programmes and effective communication.

(iv) Chief Nurse

The Chief Nurse is the Board lead for quality and patient experience.

Printed copies valid only if separately controlled Page 23 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

(v) Medical Director

The Medical Director is the Trust’s designated Director of Infection Prevention &
Control (DIPC) and leads on specific quality initiatives e.g. Mortality.

(vi) Director of Strategy & Planning

The Director of Strategy & Planning carries specific responsibility for financial risk
management, and is the organisations Senior Information Risk Owner (SIRO).

(vii) Director of Estates & Facilities

The Director of Estates & Facilities has delegated responsibility for the management
of the estate.

(viii) Deputy Director of Performance Assurance & Assistant Trust Secretary (*)

The Deputy Director of Performance Assurance & Assistant Trust Secretary assists
the Director of Performance Assurance & Trust Secretary in developing an integrated
Strategy for Governance incorporating issues of corporate and clinical governance,
risk management (clinical and non-clinical) and quality improvement including audit.

(ix) Senior Nurse Infection Prevention & Control and Assistant Director of Infection
Prevention & Control (*)

The Senior Nurse Infection Prevention & Control and Assistant Director of Infection
Prevention & Control is responsible for ensuring that systems are in place for the
prevention, monitoring, investigation and control of infection within the Trust.

The Senior Nurse Infection Prevention & Control and Assistant Director of Infection
Prevention & Control also provides infection prevention and control leadership across
the Trust and plays a lead role in the development of the Trust’s infection prevention
and control strategy, ensures engagement of all groups of staff, patients and external
stakeholders by developing systems and processes that are evidenced based and
rounded in best practice. Works closely with the multi-professional team to establish
rigorous mechanisms for performance monitoring and review to provide assurance
that infection prevention and control standards are met.

Acts as the professional head and line manages the Infection Prevention and Control
nursing team providing clinical and professional leadership to ensure that the service
meets the needs of the Trust and compliance with regulation.

Provides / ensures access to expert clinical advice, training and education and leads
on audit and research in the field of infection prevention and control.

Deputises for the Director of Infection Prevention and Control.

Joint lead with the Consultant Microbiologists for the clinical management of infection
control across the Trust with the intention of controlling, preventing and reducing
infection through assessment, surveillance, audit, intervention and education.

Printed copies valid only if separately controlled Page 24 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

(x) Head of Risk Management (*)

The Head of Risk Management works closely with the Director of Performance
Assurance & Trust Secretary and Deputy Director of Performance & Assistant Trust
Secretary in developing an integrated strategy for governance with a specific focus
on all aspects of clinical and non-clinical risk management..

(xi) Health & Safety Manager (*)

The Health & Safety Manager is responsible for providing advice on requirements to
comply with statutory obligations, use of best practice to further improve standards
and a pro-active approach to ensure continuous improvement. The Health & Safety
Manager acts as a resource to colleagues across the organisation in delivering the
Trust’s health & safety agenda and acts as the ‘competent person’ for the
management of health & safety risk (including moving & handling and fire).

(xii) Local Security Management Specialist (LSMS)(*)

The LSMS is responsible for the development and co-ordination of the Trust’s
security management arrangements in line with National Security Management
Service framework and Secretary of State Directions. The LSMS will lead on the day
to day work to tackle violence against staff and act as the focal point for the provision
of advice and support to staff within the organisation in respect of security
management / violence & aggression.

(xiii) Fire Safety Advisor(*)

The Fire Safety Advisors are responsible for providing advice on requirement to
comply with fire legislation and co-ordinating the development and implementation of
the organisation’s fire safety policies. The Fire Safety Advisors are also responsible
for implementing an effective training programme and for monitoring of the inspection
and maintenance of fire safety systems.

(xiv) The Claims & Legal Services Manager (*)

The Claims & Legal Services Manager is responsible for managing claims against
the Trust, liaising with solicitors/insurers (where appropriate), to ensure timely and
cost effective claims handling. Further, ensuring that any risk management
issues/remedial action identified during the course of a claim, or during the review
process on closure, is referred appropriately for action. The Claims and Legal
Services Manager is also responsible for the analysis of claims in order to identify
trends.

(xv) Supervisor of Midwives

Supervisors of Midwives are responsible for pro-active midwifery supervision will also
support midwives with the principles of the risk management strategy. Supervisor of
Midwives will support midwives in practicing in a safe and efficient manner and
participate in the reporting, assessment and management of risk within their work
area.

Printed copies valid only if separately controlled Page 25 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

(xvi) The Complaints Manager (*)

The Complaints Manager is responsible for leading this service across the Trust’s
three sites and will provide the focal point for the investigation and response to
complaints and concerns. Further, for ensuring that the relevant Trust policies are
adhered to, investigations are completed by Directorates according to identified
standards and that required follow-up action is taken in order to prevent recurrence.
The Complaints Manager is also responsible for the analysis of complaints and
concerns received in order to identify problems/trends.

(xvii) Directors

Directors are responsible for:

 the day to day management of risks of all types within their areas of
responsibility including the allocation of resources as appropriate;

 the implementation of effective governance and risk management arrangements

within their areas of responsibility – which are consistent with the principles
outlined in the Trust-wide Risk Management Strategy including the
implementation of relevant local policies as appropriate;

 ensuring that risk assessment are undertaken on a pro-active basis, that

details are included on Directorate Risk Registers (which in turn will inform
the overall Trust Risk Register) and for ensuring that these risks are regularly
reviewed and updated and that preventative action is taken as necessary;

 escalating risks which cannot be dealt with within the Directorate;

 for engaging all staff in the risk management process.

(xviii) Ward / Departmental Managers

Ward / Departmental Managers are responsible for:

 the day to day management of risks of all types within their areas of
responsibility and for escalating those which cannot be managed at that level;

 ensuring that Trust-wide and Directorate risk management systems and

processes are implemented within their wards/department and scope of
responsibility and that these are known to and involve all staff;

 ensuring that their staff receive the necessary level of risk management
awareness/training in order to ensure that they are competent to identify,
assess and manage risk within their working environment (see also section
9.0 on Training).

(xix) Directorate Group Governance Leads or Directorate Equivalent (*)

Responsible for leading the development and implementation of effective

governance/risk management arrangements within Directorates.

Printed copies valid only if separately controlled Page 26 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

(xx) Risk & Governance Facilitators (*)

Responsible for supporting Directorates/Groups in the co-ordinating their

governance/risk management activities.

(xxi) Staff Generally

For risk management to be effective it must actively involve staff at all levels within
the organisation (i.e. ‘Board to Ward’), it must be seen as everyone’s responsibility
and not just that of any one individual or department. It is the responsibility of all
staff, whatever their role, grade or status, to practice in a safe and efficient manner
and to participate in the reporting, assessment and management of risk within their
individual work area in accordance with relevant Trust policies. Risk
awareness/assessment training will be provided to ensure that staff are conversant
with the principles of risk management and the application of those principles to their
particular work and area of responsibility.
(*) There are clear links between these members of staff.

Printed copies valid only if separately controlled Page 27 of 28

Reference DCP086 Date of issue 24/07/15 Version 7.0

Appendix D
GOVERNANCE / RISK MANAGEMENT MEETING STRUCTURE (Revised)

TRUST BOARD

TRUST MORTALITY
QUALITY & PATIENT
GOVERNANCE & PERFORMANCE &
AUDIT COMMITTEE EXPERIENCE
ASSURANCE ASSURANCE
COMMITTEE
COMMITTEE COMMITTEE

Medicines & Medicine Control of

Medical Records Resuscitation
Therapeutics Governance Infection
Committee Committee
Committee Group Committee

Hospital Surgery / CC Accidental

Point of Care
Transfusion Governance Inoculation /
Testing Committee
Committee Group Exposure Group

Revalidation Emergency Diagnostics,

Decontamination
Implementation Preparedness Pharmacy &
Review Group
Group (EPRR) Group Central Operations

Community &
Safeguarding Safeguarding Therapy
Adults Forum Children Forum Governance
Group

Risk Register Women &

FM Governance Childrens
‘Confirm or Governance
Group
Challenge’ Group Groups

Information
Safer Medication Learning Lessons
Governance
Group Review’ Group
Steering Group

Health & Safety

Steering Groups

Medical Gas
Security Group Falls Group*
Committee

The Falls Group has a dual reporting line; for patient falls to the Quality & Patient Experience
Committee and for staff related incidents to the Health & Safety Groups

The Terms of Reference for these committees and sub-groups are available on the Trust’s
Intranet.

Printed copies valid only if separately controlled Page 28 of 28