RISK MANAGEMENT PROCEDURE

November 2006

1 3.4 3.3 3.2 3. Responsibilities 3.6 Risk Identification Risk Analysis and Assessment Risk Treatment and Control Risk Reporting . Introduction 2.5 3.Contents 1.The Risk Register Communication and Training Monitoring and Review Appendices A B C Categories of Risk Risk Form Flowchart . The Approach 3.

Risk management is part of every manager’s day to day responsibilities – it should inform judgements about the appropriateness of policy options or service delivery methods and as such should be integral to both strategic and operational management.1 Each director will be responsible for co-ordinating the systems for identifying risks within their own directorate. Directors are responsible for ensuring that risk is managed effectively within their own directorates.1. It highlights the processes to be followed and the responsibilities of the managers and staff involved. Line managers are responsible for managing and reviewing risks within their own departments and ensuring that the Risk Register is updated on a regular basis. The term “risk” in this procedure document is intended to encompass all risks facing the PCT. as Accountable Officer. 2. which sets out the organisation’s approach to risk. 3.2 2. on behalf of the Board.4 3.3 2. 2. that appropriate risk management processes are in place. The Integrated Governance Committee will ensure. Individual directors should nominate lead managers to take responsibility for this function within their directorates.1 Responsibilities The PCT Board is responsible for overseeing the effective management of risk. This procedure document provides detailed guidance to PCT managers regarding the operation of the risk management system outlined in the Strategy. It is the responsibility of each manager to identify the risks associated within their particular operational area. has overall responsibility for governance and risk management.1 The Approach Risk Identification 3. As part of this risk . including organisational. The procedure is intended to ensure compliance with the Risk Management Strategy and facilitate a consistent approach to risk across the PCT. All staff have a responsibility to work with their departmental manager to identify and manage risks. financial and clinical. The Chief Executive. was approved by the PCT Board in October 2006.1. 1.1 Introduction The Risk Management Strategy.3 1.4 2.2 1.2 The director (or lead manager) should liaise with each manager within their directorate to ensure that they are aware of their duties regarding the risk management system.1. 1. 3. The Assistant Director of Corporate Services maintains the PCT’s Risk Registers and is responsible for advising on risk.

should be considered against the organisational/departmental objectives. Appendix A outlines a number of risk types that managers may wish to consider when undertaking the formal risk assessments. all managers and staff should be encouraged to consider their actions and functions in terms of risk at all times.1. 3.6 The completed Risk Form will be sent to the relevant director for approval.1.4 Risks identified by either the top down or bottom up approaches. The departmental manager should retain a copy of each Risk Form completed.3 It is recommended that the ‘top down’ approach to the identification and consideration of risks within each department should be undertaken formally at least twice per annum and linked of the production of the Local Delivery Plan.identification process. 3. Healthcare Commission. National Patient Safety Agency Business Plan Performance Reports Controls Assurance Alerts .7 Although the top down process should be undertaken formally twice per annum. 3.5 Details of all risks identified must be recorded by the departmental manager on a Risk Form (Appendix B). Risks are also likely to be identified on a ‘bottom up’ ad hoc basis. Managers should consider with their staff what they perceive to be the risks to achieving each of these objectives.1. Any additional risks identified outside of the formal review process should be discussed with the departmental manager and a Risk Form completed and sent to the relevant director as soon as possible.1. This will enable ownership of the process to be shared throughout the PCT.g. who will then forward to the Assistant Director of Corporate Services in order that details can be entered onto the Risk Register.1. The categories included in the Appendix are not considered to be exhaustive and some will not be applicable to all departments. 3.1. 3.8 Risks may also be identified from a number of other sources including: • • • • • • • • • • • Work place risk assessments Clinical audit reports and reviews Incident reports Complaints PALS reports Patient surveys External and internal audit reports External reviews and reports e. Health and Safety Executive. 3. managers should seek the involvement and comments of their staff.

but not definite. Likely Will probably occur/re-occur.2.2 Risk analysis may concentrate on impacts in one area only or on several possible areas of impact. No or little impact on working arrangements. Very Likely Continuous exposure to risk. . Occurred less than once 2 per annum.3. Moderate Financial loss between £1. Medical treatment required.000. but possible. Death. Likely to affect achievement of 5 multiple objectives.2. Has never occurred before.2 Risk Analysis and Assessment 3. 3. Areas of impact include the following: • • • • • • • • • • Asset and resource base (of the organisation. Unlikely Unlikely to occur/re-occur. Slight impact on 2 working arrangements. Major Financial loss between £50. but also to evaluate its significance.000 and £50. No 1 injuries.3 The significance of the identified risk will be assessed in terms of likelihood. Has happened before regularly 5 and frequently. Has previously occurred 3 once or twice per annum. Has happened several time per 4 annum before.000 and £250. including personnel) Revenue Costs People Community Performance Timing and scheduling of activities The environment Intangibles (such as reputation. each of which will be categorised on a scale of 1 to 5.000. May only occur in exceptional 1 circumstances.000. QUALITATIVE MEASURE OF CONSEQUENCE Level Descriptor Description Minimal Financial loss <£10. Possible May occur/re-occur. May affect 3 achievement of some objectives. Severe Financial loss >£250. Minor Financial loss between £10 and £1. The Risk Form will include the departmental manager’s assessment of the risk.2. goodwill etc) Organisational behaviour 3. and consequence. The following is intended to assist in the assessment of risk: QUALITATIVE MEASURE OF LIKELIHOOD Level Descriptor Description Rare Extremely unlikely.1 In order to decide how to handle risk. Extensive injuries. it is essential not only to identify that a certain risk exists. First aid required. Likely to 4 affect achievement of some objectives.000.

3. who will advise the . it will help to inform discussion about which risks are most significant and what action is required to address them.2. this will be discussed with the lead manager before the risk is entered onto the Risk Register. or containable to an acceptable level by terminating the activity. The risks that score the most points are likely to be those which most demand some form of control action and those risks which are assessed as “Significant” or “High” should be given particular attention. In these cases the response may be toleration.3.4 The risk matrix is reproduced below. 3. such options should be implemented.6 If the Director. However.2. Amber: Significant.3 Risk Treatment and Control 3.5 The above approach does not automatically identify which areas of risk require greatest attention.2. Green: Low. or the Assistant Director of Corporate Services disagree with the original assessment of the risk.1 The selection of the most appropriate option for treating risks involves balancing the cost of implementing each option against the benefits derived from it. Transfer .3. but may reduce it to an acceptable level.For some risks the best response may be to transfer them. Yellow: Moderate. Where large reductions in risk may be obtained with relatively low expenditure.3. 3. Retention (or Tolerate) – The ability to take action to mitigate some risks may be limited. This might be done through insurance (where appropriate) or by paying a third party to take the risk in another way. Further options for improvement may be uneconomic and judgement needs to be exercised as to whether they are justifiable. 3. outlined in the Strategy are as follows: High Risk (15 – 25). Reduction (or Treat) – The purpose of treatment is not necessarily to remove the risk. Red: High Consequence Likelihood 1 1 2 3 4 5 1 2 3 4 5 2 2 4 6 8 10 3 3 6 9 12 15 4 4 8 12 16 20 5 5 10 15 20 25 3.2 The Strategy outlines four possible responses to identified risks: • • • • Avoidance (or Terminate) – Some risks will only be treatable. All risks graded as “High” will be notified by the Director responsible to the Assistant Director of Corporate Services immediately.3.3 The arrangements for risk treatment and control. or the cost of action may outweigh the potential benefit gained.

Integrated Governance Committee in order that specific action be considered and taken where necessary.1 Having identified the risks and determined a plan of remedial action.5 Communication and Training 3. 3. who will advise the Integrated Governance Committee in order that specific action be considered and taken where necessary.5.4 Risk Reporting .The Risk Register 3. Wherever possible the activity should be terminated until the risk is reduced to an acceptable level. Medium Risks (4 – 6) These risks are the maximum acceptable by the PCT. 3. These risks are not normally acceptable and action should be taken to either remove them or reduce the risk to an acceptable level.1 Effective internal communication of the Risk Management Strategy and process will be required to ensure that all members of staff are familiar with its aims and objectives.2 The Assistant Director of Corporate Services will provide training in the operation of the risk management processes as required to directors and managers.1 All identified risks will be recorded on the Risk Register. maintained by the Assistant Director of Corporate Services. 3. Significant Risk (8 – 12) All risks graded as “Significant” will also be notified by the Director responsible to the Assistant Director of Corporate Services immediately.6.6 Monitoring and Review 3. .4. be monitored as the likelihood or impact could increase in the future.3 The Risk Register will be used to generate regular reports to line managers and directors to enable them to monitor the risks within their own areas of responsibility as well as the periodical reports to the Integrated Governance Committee and the Board.3) These are not significant now and are not likely to increase in future. however.5. In addition.2 All risks classified as “High” or “Significant” will be used to inform the Assurance Framework.4. 3. 3. Low Risks (1 . 3. it is essential that assurance regarding the effectiveness of the action is obtained.4. They should. providing they are effectively controlled. risk management will be included as a topic on the PCT induction courses.

to the Assistant Director of Corporate Services regarding the progress made in reducing/removing risks. This information will be used to update the Risk Register which will be the source of monitoring reports for the Integrated Governance Committee and directors.3.6.7. 3. AEP16. 3.7 Summary 3.1 Appendix C summarises the risk management process diagrammatically.06 .6.3 The Integrated Governance Committee will be responsible for the ongoing monitoring and review of the Risk Management Strategy and the effectiveness of the risk management processes.2 All responsible managers will provide periodical updates. as required. In addition an Annual Risk Management Report will be presented to the Integrated Governance Committee and the Primary Care Trust Board.11.

dependency on internet and e-mail. Project planning and management procedure. business relationships with partners. Appendix B . Economic factors such as interest rates. Economic Legal & Regulatory Market Reputational Human Resources/Human Behaviour Personnel Health and Safety Availability and retention of suitable staff. Competition and supply of goods. Exploitation of opportunities to make gains. Political/Economic Infrastructure Transport systems for staff. Environmental Environmental Fuel consumption. Laws and regulations which if complied with should reduce hazards.Appendix A CATEGORIES OF RISK Financial Budgetary Capital investment Fraud or theft Information Availability or allocation of resources. Natural Events “Act of God” Fire. power supply systems. Relating to the wellbeing of people. The making of appropriate investment decisions. inflation. Technological Technological Project Innovation Use of technology to achieve objectives. Unproductive loss of resources. earthquake. exchange rates. pollution. suppliers. Public reputation of the organisation and consequent effects. etc. Adequacy of information used for decision making. flood.

who should in turn forward/e-mail to the Assistant Director – Corporate Services in order that the details can be entered onto the PCT’s Risk Register. The form should then be forwarded/e-mailed to the relevant Director for approval.Gloucestershire Primary Care Trust Risk Form The responsible manager should complete this form by reference to the Risk Management Procedure. Directorate: Department: Location: Clinical Group: Date of completion: Name of responsible manager completing: Details of risk: Existing Likelihood (1 to 5): Existing Consequence (1 to 5): Existing Significance (Likelihood x Consequence): Existing Controls: Proposed Action/New Controls: Additional cost of Proposed Action/New Controls: Planned implementation date: Residual Likelihood (1 to 5): Residual Consequence (1 to 5): Residual Significance: Manager(s) responsible for proposed action: Director agreeing risk significance and remedial action: Date of approval: .

Form signed. Risk ratings amended as appropriate Report reviewed Report reviewed Report produced Report reviewed . Action reviewed as part of performance monitoring Action plan implemented Risk Form reviewed. Appropriateness of action plan agreed. details entered onto the Risk Register Updates provided to Director (or Assistant Director Corporate Services) on request Updates requested/provided as required Periodical updates/assurances regarding action plans sought Details of progress entered onto the Risk Register.RISK MANAGEMENT PROCESS Line Manager Risk identified Director Asst Director Corporate Services Appendix C Board/Integrated Governance Committee Risk analysed (Likelihood & Consequence) Proposed Action Plan determined Risk Form completed Risk Form received.

Sign up to vote on this title
UsefulNot useful