Document

Version No: 3 Approved Date: October 2009

1

RISK MANAGEMENT STRATEGY

Prepared by: Helena Corder

Responsible Area: Corporate Services

Date Approved:

Approval Information: Committee PCT Board

Approved By: Print Name

Version No: 2

Review Date: September 2011

NHSLA Standards

1. Meets NHSLA Risk Management Standard requirements at a minimum of level 1

Care Quality Commission

2. Meets the requirements of the Care Quality Commission

Use of Resources

3. Meets use of resources requirements at level 3

World Class Commissioning

4. Key risks can be seen to inform the agendas of the Board and its sub committees.

Workforce

5. Staff are aware of the strategy and there is evidence that the principles are out in to practice at operational level e.g committee and directorate risk logs/registers are in place, the Board Assurance framework is reveiwed by the Board at least three times a year.


2

CONTENTS Section No.

Description Page No’s

1 Introduction 3

2 Aims 3

3 The Board’s intent 3

4 Who this strategy applies to 4

5 What the PCT must achieve 4

6 Strategic risks 4

7 The way we work 5

8 Accountabilities, responsibilities and organisational framework

5

9 Systems and processes for managing risk 6

10 Systems for monitoring the effectiveness of the Strategy

6

11 Key performance indicators 07/08 6

12 Implementation, training and support 6

13 Equality impact assessment 7

14 Other relevant policies 7

15 PCT stakeholders 7

16 Communication with stakeholders 8

Appendix 1 Definitions 9

Appendix 2 Operational responsibility for risk management 10

Appendix 3 Organisational structure for risk management and assurance

12

Appendix 4 Risk Management Operational Group Terms of Reference

14

Appendix 5 Governance Committee Terms of Reference 18

Appendix 6 Audit Committee Terms of Reference 22

Appendix 7 Equality Impact Assessment 26

Appendix 8 Risk Grading Tool 29

Appendix 9 Key Performance Indicators 2007/2008 31


3

1. INTRODUCTION

Risk is a part of everyday life we all assess and manage risk on a daily basis having a systematic approach to the identification, assessment and management of risk is central to the effective running of any organisation. At its simplest, risk management is good management practice. It should be seen as an integral part of an overall management approach from the Board through its sub committees and across the organisational structure and partnership working arrangements.

2. AIMS

The aims of this Risk Management Strategy are to ensure that there is a systematic and documented approach to risk management across the PCT that makes sure that:

• The Board identifies the strategic risks with the potential to threaten the achievement of organisational objectives.

• Strategic risks are reviewed and reported within the Board Assurance Framework which in turn informs the PCT Chief Executives annual Statement of Internal Control

• Risks to patients, staff and the public are identified and managed to the lowest level possible

• Risks of liability claims against the NHS are identified and minimised

• The PCT meets the standards applied via the National Health Service Litigation Authority (NHSLA) risk management programme.

• Key staff are trained to identify, assess and manage risk as part of the way they work

• The staff, reputation and finances of the PCT are protected through the process of risk identification, assessment and control.

3. THE ROLE OF THE BOARD

• To lead the organisation’s risk management programme by using risk profiling to identify key strategic issues that require Board attention.

• To make sure the PCT has management systems and processes in place that provide assurance that risks are being effectively managed at operational level across the organisation.


4

• To provide leadership to create a culture in which the management of risk is embedded across the organisation as a key component of all management activities. This will be achieved through the use of agreed policies and procedures, key organisational committees, mandated training and education and associated support systems.

4. WHO THIS STRATEGY APPLIES TO

This strategy is applicable to all staff and contractors including temporary and bank staff working within the PCT and should inform the approach to working with other NHS organisations and partners.

5. WHAT THE PCT MUST ACHIEVE

The Board is responsible for directing the work of the PCT to make sure it achieves its organisational objectives, one of which is to comply with legislation and NHS standards.

The Department of Health (DH) requires the Chief Executive to sign a Statement on Internal Control annually on behalf of the Board. This is a comment on how risks are identified, evaluated and controlled, together with confirmation that the effectiveness of the system of internal control has been reviewed.

To support achievement of the organisational objectives and in order to fulfil its responsibilities, the Board has developed a management system which allows decisions to be taken in a structured and equitable way.

This Risk Management Strategy is part of the overall Governance framework for managing the organisational risk profile. Risks will be identified using common tools which link to the overall performance management of organisational objectives.

6. STRATEGIC RISKS

Strategic risks to the organisation are identified by the Board via the PCT Directors and the Board sub committees. These strategic risks are considered by the Board who set out the action to be taken. These action plans are delegated to individual Directors and/or Board sub committees, each Directorate and sub committee record these risks on the PCT risk register via the PCT’s performance management software system. This enables progress to tracked, monitored and reported appropriately within the organisation up to Board level.

The PCT Risk management systems also record information in relation to other risks confronting the organisation. When these are significant (assessed as ’high’ or ‘extreme’ when measured against the grading tool at Appendix 8), they will also be reported to the appropriate committee with the Board taking an overview of the totality of risk within the organisation.


5

7. THE WAY WE WORK

All members of staff have an important role to play in identifying, assessing and managing risk. To support staff in this role the PCT provides a fair, consistent environment which encourages a culture of openness and willingness to admit mistakes. All staff are encouraged to report any situation where things have, or could have gone wrong. Balanced in this approach is the need for the PCT to provide information, counselling and support, and training for staff in response to any such situation.

At the heart of this strategy is the desire to learn from events and situations in order to continuously improve management processes. Where necessary, changes will be made to the Trust’s systems to enable this to happen.

The PCT recognises that most incidents occur as a result of the accumulation of a number of factors and events all conspiring together. Staff should be encouraged to report incidents without fear of disciplinary action in a culture of learning so that quality infuses into all aspects of the Trust’s work. Fear of disciplinary action may deter staff from reporting an incident. The view of the PCT is that disciplinary action will normally not form part of the response to an incident, except in cases where:

• In the view of the Trust, and or any professional registration body, the actions causing the incident/arising from the incident were far removed from acceptable practice.

• Where there is direct failure to report an incident in which the member of staff was either involved or about which they were aware.

• Illegally.

Should disciplinary action be appropriate, this will be made clear as soon as the possibility emerges. The investigation would then be modified to take account of personnel policies with advice from senior Human Resources staff.

8. ACCOUNTABILITIES, RESPONSIBILITIES AND ORGANISATIONAL FRAMEWORK

Accountabilities and Responsibilities

The Chief Executive has overall accountability and responsibility for risk management within the Trust. The Chief Executive has delegated responsibility for implementation of risk management as outlined in Appendix 2.


6

Organisational structure

The organisational structure noted in appendix 3 demonstrates how key risk management responsibility is delegated across the organisation. The Terms of Reference for the Committees which contribute to the assurance process are included as Appendix 4.

Board Assurance Framework

The Risk Management process is supported by the Board Assurance Framework. Through this Framework the PCT Board gains assurance from others that risks are being appropriately managed throughout the organisation.

9. SYSTEMS AND PROCESSES FOR MANAGING RISK

The PCT operates major systems to facilitate the management of risk throughout the organisation. These are each described in detail in the following documents:

• Incident Reporting and Investigation Policy

• Procedure for the Management of the Risk Register

• Serious Untoward Incident policy

• Associated Risk and H&S policies and procedures

All systems use a standard risk grading process to assess risks in terms of frequency and severity of outcome so that a common currency of assessing and calculating risks is used throughout the organisation. This is described fully in Appendix 7.

The systems are supported by a Serious Untoward Incident Policy which includes detailed methodology and guidance in conducting investigations.

10. SYSTEMS FOR MONITORING THE EFFECTIVENESS OF THE STRATEGY

The Risk Management Operational Group is responsible for collating all available information related to commissioning risk activity and for producing report to Board sub Committee. Each Board sub committee is responsible for reporting on risk to the PCT Board. The Risk Committee is responsible for collating all available information related to Kirklees Community Health Services risk activity including trends, patterns and actions and is responsible for reporting risk to the Governance Committee who provide assurance to KCHS Board. The Provider Board are responsible for ensuring the PCT Board are provided with adequate assurances that risk is being managed effectively and that the patients, staff and the organisation are not subject to any unnecessary risk exposure.


7

11. KEY PERFORMANCE INDICATORS

The KPIs to monitor risk management in are listed in Appendix 8.

12. IMPLEMENTATION, TRAINING AND SUPPORT

The effective implementation of this Risk Management Strategy will support the delivery of a quality service. Staff training and support, will provide an improved awareness of the measures needed to identify, control and contain risk.

The PCT will:

• Ensure all staff and stakeholders have access to a copy of this Risk Management Strategy via the Trust intranet.

• Produce a register of high level risks across the PCT which will be subject to regular review by sub committees and the Board.

• Ensure that Directorate Risk Registers are in place and managed by each Director or nominated senior managers.

• Communicate to staff any action to be taken in respect of risk issues;

• Develop policies and guidance as appropriate, based on the results of assessments and identified risks which assist in the implementation of this Strategy;

• Ensure that training programmes raise and sustain awareness throughout the PCT of the importance of identifying and managing risk.

• Monitor and review the performance of the PCT in relation to the management of risk and the continuing suitability and effectiveness of the systems and processes in place to manage risk.

12. EQUALITY IMPACT ASSESSMENT

As part of its development, this strategy and its impact on equality have been reviewed in consultation with trade union and other employee representatives in line with the Trust’s Equality Scheme and Equal Opportunities Policy and no detriment was identified. The purpose of the assessment is to minimise and if possible remove any disproportionate impact on employees on the grounds of race, sex, disability, age, sexual orientation or religious belief. Appendix 7.

13. PCT STAKEHOLDERS

Key stakeholders include:

• All PCT and KCHS Staff (directly employed and agency)

• Contractors

• Department of Health

• Strategic Health Authorities

• Other NHS organisations


8

• Private sector providers of NHS care where commissioned by the PCT

• Professional Executive Committee

• Partner agencies such as Kirklees Council, the police and fire service

• Public (via PCT website)

• Regulatory Bodies

14. COMMUNICATION WITH STAKEHOLDERS

Systems of communication with stakeholders that contribute to minimising risk are in place. These systems include the PCT website (www.kirklees-pct.nhs.uk), regular meetings, Public Engagement and consultation systems, patient and staff satisfaction surveys, publications, active systems to manage complaints and concerns and Public Board Meetings.

Communication with staff is particularly important and is mainly effected via line management at team meetings. Any urgent or particularly important messages are communicated by email or via the Trust Intranet.

This Risk Management Strategy is available via the PCT website. The introduction of new or significantly revised risk management policies is supported by appropriate staff training.


9

APPENDIX 1

DEFINITIONS

(Adapted from the Australian/New Zealand standard AS/NZS 4360:1999.)

Risk is the chance that something will happen that will have an impact on achievement of the PCT’s aims and objectives. It is measured in terms of likelihood (frequency or probability of the risk occurring) and severity (impact or magnitude of the effect of the risk occurring). See Appendix 7

Risk Management is “the culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects”.

The risk management process is “the systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analysing, evaluating, treating, monitoring and communicating risk”. It is described in the following diagram:

Risk Management Overview from AS/NZS 4360:1999

Significant Risks are those which, when measured according to the risk grading tool at Appendix 7, are assessed to be ’High’ or ‘Extreme’. The Board and its sub committees will monitor and performance manage all significant risks via the Trust electronic Risk Management and the Board Assurance Framework.

Establish Context

Identify Risks

Analyse Risks

Evaluate and Rank Risks

Treat Risks

Asse

ss

Ris

ks

Co

mm

un

ica

tio

n a

nd

Co

nsu

lta

tio

n

Monitor and

Review


10

APPENDIX 2

RESPONSIBILITY FOR RISK MANAGEMENT

Chief Executive

The Chief Executive has overall accountability for all risk management systems with the organisation and is personally involved in the management of complaints and claims against the Trust. Operationally, the Chief Executive has delegated responsibility for risk management as outlined below.

Director of Corporate Services

The Director of Corporate Services is the Director designated as the accountable and responsible officer for implementing the system of internal control, including this Risk Management Strategy.

Assistant Director of Corporate Governance Services and Risk

The Assistant Director of Corporate Governance and Risk is accountable to the Director of Corporate Services for the day to day operational management of risk systems within the PCT and for managing the Risk management Operational Group.

Managing Director for Kirklees Community Health Services

The MD of KCHS is responsible for ensuring that KCHS have in place adequate systems and processes for identifying, quantifying and managing risks and that these are reported to the Provider Board and ultimately to the PCT Board.

Head of Health & Safety and Security

The PCT will appoint or contract a competent person/s to ensure compliance with all relevant legal obligations under Health & Safety legislation. Where necessary such competent person/s will be sourced from external service providers.

Directors

Directors are accountable for making sure that the Board Assurance Framework and Directorate Risk Registers are managed effectively and that all entries are regularly updated..

Managers

All managers within the PCT and KCHS are responsible for the day-to-day management of risks of all types within their area of responsibility. They are charged with ensuring that risk assessments are undertaken throughout their area of responsibility on a pro-active basis and that preventive action is carried out where necessary. The level of local responsibility for managing risks is identified in the Trust Incident and Investigation Policy.

Managers have a role to ensure that incidents including ‘near misses’ are investigated and recorded and that action is taken to reduce the potential of reoccurrence. Managers are also responsible for ensuring that staff who submit reports are provided with feedback on what actions have been taken.

They are also responsible for seeking advice about implementation of risk reduction plans from the PCT Risk Management Team or other suitably qualified and experienced staff.

Health & Safety Representatives

Health & Safety Representatives have a legal right to question the H&S systems used within the organisation including organisational and local systems and


11

processes. The PCT actively seeks and supports the role of recognised H&S Representatives as a positive action to reduce the risks to patients and staff and to support managers at all levels.

All Staff

Management of risks is a fundamental duty of all staff whatever their grade, role or status. All staff including temporary, bank and volunteers must follow all the PCT policies and procedures which explain how this duty is to be undertaken. In particular, all staff must ensure that identified risks and incidents are dealt with swiftly and effectively, reported to their immediate line manager and, if appropriate, a Health & Safety lead. All such issues must also be reported using the Trust incident management systems.

Risks associated with contracted services

There is a moral and contractual responsibility for the PCT, Service Providers and where necessary, other commissioners to work together to identify and manage risks, investigate incidents and take action including sharing outcomes and lessons so that learning can take place on a regional basis.

Partnership Risks

The PCT will work with partnership organisations to work together to identify and manage risks , investigate incidents and take action including sharing outcomes and lessons so that learning can take place on a regional basis.

Kirklees Community Health Services Board

The KCHS Board is accountable to NHS Kirklees Board for the management of risk within the provider arm of the PCT. It is expected to have robust systems and processes in place that provide assurance through the contracting process that it these in place. The Chair of the provider Board is accountable to the PCT Chair and the Managing Director accountable to the PCT Chief Executive in respect of risk management.

KCHS will have in place the following systems (as a minimum) in order to manage risks to the lowest level possible;

Systems of assurances:

Within KCHS:

1 KCHS Board Assurance Framework to identify, control and provide assurance on potential risks

2 Strategic and service risk registers to identify, control and provide assurance on existing risks

3 The Risk Committee minutes considered at KCHS Governance Committee.

4 Monitoring of complaints, incidents, SUIs, claims through action planning

5 Risk and COSHH assessments undertaken and updated & regularly; monitored through Operational Risk Committee

6 Operational Risk committees considers service monthly reports against KPIs


12

All above considered at KCHS Governance Committee which meets bi-monthly. Quarterly reports to KCHS Board to provide assurance of appropriate management and control of systems and processes.

External: 1 Internal audit reports considered at KCHS Audit & Effectiveness

Committee and monitored through KCHS Governance Committee 2 Quarterly quality reports to NHS Kirklees Contract Management Board 3 Successful compliance with Standards for Better Health, CQC

registration 4 Complaints action plans considered at PCT Internal closure panel. 5 Minutes of KCHS Board submitted to NHS Kirklees Board


13

APPENDIX 3

ORGANISATIONAL STRUCTURE FOR RISK MANAGEMENT AND ASSURANCE

Board

The Board is accountable and responsible for ensuring that the PCT has an effective programme for managing all types of risk which is achieved via the Assurance Framework. The Board is chaired by a non-executive director and meets monthly. In order to verify that risks are being managed appropriately and that the organisation can deliver its objectives, the Board receives and considers reports from the Audit Committee and minutes from the Governance Committee. In particular, the Governance Committee considers risk reduction plans and monitors progress on action plans on all significant risks on at least a quarterly basis.

All Board Sub Committees

Provide assurance to the Board that risk is being effectively managed at operational level. The Governance Committee oversees the work of the Risk Management Operational Group to provide additional assurance that risk is being actioned at operational level within the PCT. KCHS Board oversees the work of the Operational Risk Management Committee to provide additional assurance that risk is being actioned at operational level within KCHS.

Risk Management Operational Group

The Risk Management Operational Group monitors all areas of non financial risk management so that it can assure the Governance Committee and ultimately the Board that risks are being managed according to organisational policies and procedures. It is also responsible for monitoring the implementation of certain allocated treatment plans and reporting progress to the Governance Committee. The Risk Management Operational Group ensures that Key Performance Indicators (KPIs) are set and monitored in relation to risk. The Assistant Director of Corporate Services and Risk chairs the Group. It meets at least four times every year and reports directly to the Governance Committee on a quarterly basis. The Terms of Reference for the Risk Management Operational Group are attached at Appendix 4.

KCHS Board

Risk Management Operational Group

All Board sub committees

Board

Assurance

Senior Management Team

Inte

rna

l Aud

it, NH

SLA

& C

QC

sta

nd

ard

s

KCHS Governance Committee

Sub Committees

Risk Incident Reporting


14

Audit Committee

The Audit Committee is chaired by a non-executive director. It meets at least 4 times a year and reports directly to the Board. It ensures that an effective system of internal control for all risks is maintained. The Committee may review the results of audit work completed on the Trust’s risk management system and performance. The Committee will also agree an annual audit plan with reference to the PCT Risk Register. The Terms of Reference for the Audit Committee are attached at Appendix 6.


15

APPENDIX 4

Risk Management Operational Group Terms of Reference

1. Purpose of the Committee The Risk Management Operational Group will oversee the PCT’s programme of organisational risk management, in accordance with current Department of Health requirements. The programme will be approved and monitored by the Governance Committee. The Risk Management Operational Group is responsible for ensuring effective systems are in place to manage risks and makes sure that operational action agreed by Board sub committees is taking place. It will review the risk register and make sure that it is update regularly to support effective reporting at Directorate and Board sub committee level. The remit includes the review and the management of risk from a number of activities including:

1. Risks in commissioning services from other organisations and potential failures in those organisations including Kirklees Community Health Services.

2. Risks noted in partnership with Social Services, Voluntary Agencies

and Independent providers of care

3. Risks where the PCT is directly managing systems in relation to Services including Medical and Dental e.g. security and IT.

4. Risks in the work of relevant independent contractors – GPs, opticians,

pharmacists, and dentists.

There is a distinction between the PCT's responsibility for employed staff where the PCT has direct liability, and its responsibility towards commissioned care, where GPs and other primary care providers have direct liability as independent contractors – e.g. employment law and health and safety. The Risk Management Operational Group defines its approach to risk management for commissioned services as follows;

1. To actively engage with services providers including primary care independent contractors to support good practice in risk management i.e. offer support, help to develop.

2. To ensure that where PCT staff is working in primary care premises,

the same processes of identifying and addressing possible risks to them apply as would in PCT directly provided areas.


16

2. Objectives The objectives of RMOG are;

1. To ensure systems are in place to identify, quantify, prioritise and plan action on risks which may lead to harm, loss or damage to reputation. This will include establishing formal links with other relevant committees within the Trust and where possible with Commissioned Services.

2. To receive reports on the status of any ongoing Serious Untoward

Incidents prior to completion and submission to the Governance Committee and to monitor the completion of any agreed actions.

3. To receive reports on the status of any ongoing complaints

investigations prior to completion and submission to the Chief Executive and to monitor the completion of any agreed actions.

4. To prioritise work on risk registers delegated to it by Board sub

committees or Directors.

5. To ensure that systems are in place to record and analyse incidents, claims and near misses within the PCT to enable trends to be identified and preventative measure targeted. RMOG will also support the analysis of data related to commissioned services and use the information to support any actions required to reduce risk exposure via the contract management systems.

6. To support the development and implementation of the risk strategy

7. To ensure that the PCT has risk management training and awareness

programmes in place as well as systems to monitor attendance.

8. To promote and support risk management work amongst all the areas of commissioned service.

9. To ensure the development of the ability to quantify the cost of risk.

10. To develop and maintain appropriate links at local, regional and

national level.

11. To support the development of the Annual Report for approval by the Governance Committee to take to the Board.

12. To monitor Key performance programmes including regulatory

standards.


17

3. Membership of the Risk Management Operational Group The Risk Management Operational Group membership must include key staff who can advise on the complexity of risks being managed and therefore must include a wide remit of staff. Members

1. Assistant Director of Corporate Services and Risk (Chair) 2. Assistant Director Clinical Governance 3. Assistant Director Commissioning 4. Assistant Director of Medicines Management 5. Deputy Director of Infection, Prevention and Control 6. Head of Litigation and Complaints 7. Head of Training, Education and Development. 8. Health and Safety Advisor 9. Assistant Director HR 10. Assistant Director Public Health

4. In Attendance (co-opted staff) Other officers may be co-opted as necessary to report on or manage the risk agenda. 5. Quorate The Group is quorate when five members are present. Each member will appoint a chair to attend in the absence of the member. Attendance will be monitored and details provided to the Governance Committee within the Annual Report. 6. Frequency of Meetings The Group will meet quarterly. The Chair will convene additional meetings if required for emergency items. 7. Support for the Committee The Group will be supported by administration from the risk management team. 8. Reporting arrangements The Risk Management Operational Group will provide minutes to the Governance Committee and circulation to all related committees with a remit for risk management. 9. Level of Financial Authority/Decision making. The Risk Management Operational Group is an advisory Committee and therefore has no financial authority. The committee has authority to take action to resolve any immediate patient safety risk and can seek relevant authority when required for any risk issues that are not immediate.


18

10. Accountability and reporting The Board has overall responsibility for the management of risk, and for monitoring the work of the Committees with responsibility for risk management, i.e.:

1. The Governance Committee for verifying the overall system for risk management.

2. All Board sub committees who provide assurance to the Board in

relation to risk

3. The Risk Management Operational Group manages the risk profile related to the commissioning arm of the organisation but provides information to the PCT on risks noted with commissioned services.

4. The Infection Control Committee for managing any risks related to

infection prevention and control. 11. Conduct of Business The Risk Management Operational meet Group will conduct business in line with all PCT policies. 13. Review Date The Risk Management Operational Group TOR will be reviewed bi annually within the context of the Risk Management Strategy.


19

APPENDIX 5

NHS KIRKLEES

GOVERNANCE COMMITTEE TERMS OF REFERENCE.

1. BACKGROUND One of the prime governance tasks for a PCT is the effective management of risk, ensuring the provision of quality services, and the effective stewardship of public funds in providing those services. ‘Risk’ should be considered holistically to include:

� Financial and Business � Quality/Safeguarding/Patient Safety � Health, Safety and Security � Operational from a commissioning perspective � Litigation

2. PURPOSE OF THE GOVERNANCE COMMITTEE. The Board has delegated authority to the Governance Committee to ensure on its behalf that appropriate systems and processes are in place to achieve and maintain the highest standards of governance and public accountability across the whole spectrum of the PCT’s work. These systems and processes will identify how risk is identified, assessed, managed, monitored and reported so risk is effectively managed both strategically and operationally across the organisation and how links are made between operational and strategic risk. A key tool to facilitate this action is the Board Assurance Framework which is turn is fed by the Trust Risk Registers. The Governance Committee will also provide assurance to the Board that risk is being identified, assessed and monitored in respect of clinical quality, safeguarding, patient safety and litigation. 3. OBJECTIVES

1. To monitor compliance against NHS and legislative standards including Care Quality Commission, NHSLA and the Information Governance Toolkit and to provide assurance to the Board.

2. To take the lead on the development, implementation and monitoring of the PCT’s Risk Management Strategy.

3. To ratify those policies and associated documents that Trust Board has delegated authority to the committee to do so.

4. To provide assurance to the Board that the Risk Management Strategy is embedded in the daily work of the PCT.

5. To set key performance indicators for the management of risk.


20

6. To ensure that all contracted service providers have effective systems of corporate and clinical governance that meets national and contractual requirements and this is delivered through the contracting and clinical quality board

7. To ensure all partnership arrangements, including Local Partnership Service Boards have in place effective corporate and clinical governance arrangements

8. To ensure partnership working arrangements have effective governance in place with specific reference to the management of risk

9. To maintain a risk register is in place across the Trust and Directorates 10. To receive and consider reports the following reports:

a. Health, safety and security b. Incident reporting including Serious Untoward Incidents (SUI,s) c. Risk registers d. Workforce and HR e. Litigation, Complaints and PALs f. Annual review of governance arrangements and the

effectiveness of the committee g. Research Governance h. Safeguarding i. Clinical Effectiveness j. Training and Education k. Infection Control l. Performance Advisory Group and Decision Making Group

11. To receive and consider the minutes of the sub-committees listed in Section 10

12. To respond appropriately to matters referred to the committee by the Board and Professional Executive Committee

4. MEMBERSHIP

• Chief Executive (Chair)

• Non Executive Director

• PEC lead for Governance/Risk Management

• Director of Corporate Services (Vice Chair)

• Director of Finance

• Internal Auditor

• Director of Patient Care & Professions

• Director of Performance & Information

• The Director of Human Resources

• Assistant Director of Corporate Services and Risk

• Assistant Director of Quality and Clinical Governance,

• Assistant Director of Medicines Management

• Deputy Director of Infection, Prevention and Control

• Medical Director

• Other members of the PCT will attend as required to present reports


21

5; QUORUM The meetings will be quorate on the attendance of one third of the membership which must include the Chair or Deputy Chair. Each member will identify a deputy who will attend on behalf of the member if required. Records on attendance will be kept and reviewed by the Committee on an annual basis. 6; FREQUENCY OF MEETINGS Meetings of the Governance Committee will normally be on a six weekly cycle with a minimum of 7 meetings per year. The Chief Executive may convene additional meetings to address specific items.

7; SUPPORT TO THE COMMITTEE The committee will be supported by the Corporate Governance Administrator. 8; REPORTING

1. The Governance committee is a sub-committee of the Board and directly accountable to the Board.

2. The minutes of each meeting to be presented to the Board for receipt and discussion as appropriate.

3. The minutes and a bullet pointed highlight report to be presented to the Audit Committee

4. Risks that impact on the Board Assurance Framework will be reported to the Board via the framework report.

10; SUB-COMMITTEES

� Operational Risk Management Group � Infection Control Committee � Information Governance Group � Strategic Emergency Planning � Medicines Management Committee � Effectiveness Group � Medicines Management Group � Pharmacy Panel � Primary Care Commissioning Group � Performance Advice and Decision Making Groups � Safeguarding Committee � Research and Development Group � Policy Group � Area Prescribing Committee � QOF Assurance Panel

11; CONDUCT OF BUSINESS

� Agendas and papers will be circulated to committee members at least 5 calendar days before the meeting. � Minutes of the meeting will be circulated no later than 14 Calendar days after the meeting � This Committee will observe the requirements of the Freedom of information Act 2000, which allows a general right of access to


22

recorded information held by the PCT, including minutes of meetings, subject to specified exemptions. � This committee will operate in accordance with the PCT’s guidance for Chairs and Minute Takers. � All members must declare any conflict of interest they may have regarding an agenda item at the start of the meeting.

12; REVIEW DATE These Terms of Reference will be reviewed at least every two years. Approved by Trust Board Review Date July 2011


23

APPENDIX 6

NHS KIRKLEES

AUDIT COMMITTEE TERMS OF REFERENCE

Constitution The Board hereby resolves to establish a Committee of the Board to be known as the Audit Committee (The Committee). The Committee is a non-executive Committee of the Board and has no executive powers, other than those specifically delegated in these Terms of Reference. Membership The Committee shall be appointed by the Board from amongst the Non-Executive Directors of the PCT and shall consist of not less than three members. A quorum shall be two members. The Board will appoint one of the members Chair of the Committee. The Chairman of the PCT shall not be a member of the Committee. Attendance The Director of Finance and appropriate Internal and External Audit representatives shall normally attend meetings. However at least once a year the Committee should meet privately with the External and Internal Auditors. The Chief Executive and other executive Directors should be invited to attend, but particularly when the Committee is discussing areas of risk or operation that are the responsibility of that Director. The Chief Executive should be invited to attend, at least annually, to discuss with the Audit Committee the process for assurance that supports the Statement on Internal Control. The Trust Secretary, or whoever covers these duties, shall be Secretary to the Committee and shall attend to take minutes of the meeting and provide appropriate support to the Chairman and Committee members. Frequency Meetings shall be held not less than three times a year. The Director of Finance, the External Auditor or Head of Internal Audit may request a meeting if they consider that one is necessary. Authority The Committee is authorised by the Board to investigate any activity within its terms of reference. It is authorised to seek any information it requires from any employee and all employees are directed to co-operate with any request made by the Committee. The Committee is authorised by the Board to obtain outside legal or other independent professional advice and to secure the attendance of outsiders with relevant experience and expertise if it considers this necessary.


24

Duties The duties of the Committee can be categorised as follows: Governance, Risk Management and Internal Control The Committee shall review the establishment and maintenance of an effective system of integrated governance, risk management and Internal control, across the whole of the organisation’s activities (both clinical and non-clinical) that supports the achievement of the organisation’s objectives. In particular, the Committee will review the adequacy of:

• All risk and control related disclosure statements (in particular the statement on Internal control and declaration of compliance with the Care Quality Commission standards) together with any accompanying Head of Internal Audit statement, External Audit opinion or other appropriate independent assurances, prior to endorsement by the Board

• The underlying assurance processes that indicate the degree of the achievement of corporate objectives, the effectiveness of the management of principal risks and the appropriateness of the above disclosure statements

• The policies for ensuring compliance with relevant regulatory, legal and code of conduct requirements

• The policies and procedures for all work related to fraud and corruption as set out in Secretary of State Directions and as required by the Counter Fraud and Security Management Service

In carrying out this work the Committee will primarily utilise the work of Internal Audit, External Audit and other assurance functions, but will not be limited to these Audit functions. It will also seek reports and assurances from Directors and Managers as appropriate, concentrating on the overarching systems of integrated governance, risk management and Internal control, together with indicators of their effectiveness. This will be evidenced through the Committee’s use of an effective Assurance Framework to guide its work and that of the Audit and assurance functions that report to it. Internal Audit The Committee shall ensure that there is an effective Internal Audit function established by management that meets mandatory NHS Internal Audit Standards and provides appropriate independent assurance to the Audit Committee, Chief Executive and Board. This will be achieved by:

• Consideration of the provision of the Internal Audit Service, the cost of the Audit and any questions of resignation and dismissal

• Review and approval of the Internal Audit strategy, operational plan and more detailed programme of work, ensuring that this is consistent


25

with the Audit needs of the organisation as identified dint he Assurance Framework

• Consideration of the major findings of Internal Audit work (and management’s response), and ensure co-ordination between the Internal and External Auditors to optimise Audit resources

• Ensuring that the Internal Audit function is adequately resourced and has appropriate standing within the organisation

• Annual review of the effectiveness of Internal Audit External Audit The Committee shall review the work and findings of the External Auditor appointed by the Audit Commission and consider the implications and management’s responses to their work. This will be achieved by:

• Consideration of the appointment and performance of the External Auditor, as far as the Audit Commission’s rules permit.

• Discussion and agreement with the External Auditor, before the Audit commences, of the nature and scope of the Audit as set out in the Annual Plan, and ensure co-ordination, as appropriate, with other External Auditors in the local health economy.

• Discussion with the External Auditors of their local evaluation of Audit risks and assessment of the PCT and associated impact on the Audit fee.

• Review all External Audit reports, including agreement of the annual Audit letter before submission to the Board and any work carried outside the annual Audit plan, together with the appropriateness of management Reponses.

Other Assurance Functions The Audit Committee shall review the findings of other significant assurance functions, both Internal and External to the organisations and consider the implication to the governance of the organisation. These will include, but will not be limited to, any reviews by Department of Health Arms Length Bodies or Regulators/Inspectors (e.g. Care Quality Commission, NHS Litigation Authority, etc), professional bodies with responsibility for the performance of staff or functions (e.g. Royal Colleges, accreditation bodies, etc). In addition, the Committee will review the work of other Committees within the organisation, whose work can provide relevant assurance to the Audit Committee’s own scope of work. This will particularly include the Clinical Governance Committee and any Risk Management Committees that are established.


26

In reviewing the work of the Clinical Governance Committee, and issues around clinical risk management, the Audit Committee will wish to satisfy themselves on the assurance that can by gained from the clinical Audit function. Management The Committee shall request and review reports and positive assurances from Directors and Managers on the overall arrangements for governance, risk management and Internal control. They may also request specific reports from individual functions within the organisation (e.g. clinical Audit), as they may be appropriate to the overall arrangements. Financial Reporting The Audit Committee shall review the Annual Report and Financial Statements before submission to the Board, focusing particularly on:

• The wording in the Statement on Internal control and other disclosures relevant to the Terms of Reference of the Committee.

• Changes in, and compliance with, accounting policies and practices

• Unadjusted misstatements in the financial statements

• Major judgemental areas

• Significant adjustments resulting from the Audit. The Committee should also ensure that the systems for financial reporting to the Board, including those of budgetary control, are subject to review as to completeness and accuracy of the information provided to the Board. Reporting The minutes of Audit Committee meetings shall be formally recorded by the Trust Secretary and submitted to the Board. The Chair of Committee shall draw to the attention of the Board any issues that require disclosure to the full Board, or require executive action. The Committee will report to the Board annually on its work in support of the Statement on Internal control, specifically commenting on the fitness for purpose of the Assurance Framework, the completeness and embedment of risk management in the organisation, the integration of governance arrangements and the appropriateness of the self-assessment against the Standards for Better Health. Other Matters The Committee shall be supported administratively by the Trust Secretary, whose duties in this respect will include:


27

• Agreement of agenda with Chairman and attendees and collation of papers

• Taking minutes and keeping a record of matters arising and issues to be carried forward

• Advising the Committee on pertinent areas of concern.


28

Appendix 7 Equality Impact Assessment Tool To be completed and attached to any procedural document when submitted to the appropriate committee for consideration and approval.

Insert Name of Policy / Procedure

Yes/No Comments

1. Does the policy/guidance affect one group less or more favourably than another on the basis of:

• Race No

• Ethnic origins (including gypsies and travellers)

No

• Nationality No

• Gender No

• Culture No

• Religion or belief No

• Sexual orientation including lesbian, gay and bisexual people

No

• Age No

• Disability - learning disabilities, physical disability, sensory impairment and mental health problems

No

2. Is there any evidence that some groups are affected differently?

No

3. If you have identified potential discrimination, are any exceptions valid, legal and/or justifiable?

4. Is the impact of the policy/guidance likely to be negative?

5. If so can the impact be avoided?

6. What alternatives are there to achieving the policy/guidance without the impact?

7. Can we reduce the impact by taking different action?

If you have identified a potential discriminatory impact of this procedural document, please refer it to [insert name of appropriate person], together with any suggestions as to the action required to avoid/reduce this impact. For advice in respect of answering the above questions, please contact [insert name of appropriate person and contact details].


29

Appendix 8

RISK GRADING TOOL

The same grading tool is used by the PCT for all risk processes (risk assessment, Risk Register, and incident reporting assessment). Risks are measured according to the following formula source NPSA - A risk matrix for risk managers January 2008 :

Probability x Severity = Risk Probability - What is the likelihood of the consequence occurring?

Severity - Situations are then judged to evaluate, if the risk were to be realised, what the outcome is most likely to be.

Risk - Based on the above judgements, a risk assessment can be made of the potential future risk to stakeholders and the organisation as follows:

For grading risk, the scores obtained from the risk matrix are assigned grades as follows

Risk

Based on the above judgements, a risk assessment can be made of the potential future risk to stakeholders and the organisation as follows:

Probability ( Likelihood in Performance Accelerator) Severity (Consequence in Performance Accelerator) Negligible

1 Rare

2 Unlikely

3 Possible

4 Probable

5

Catastrophic (5) 5 10 15 20 25

Major (4) 4 8 12 16 20

Moderate (3) 3 6 9 12 15

Minor (2) 2 4 6 8 10

Low (1) 1 2 3 4 5

1-3 Low Risk

4-6 Moderate Risk

8-12 High Risk

15-25 Extreme Risk


30

Appendix 9

Financial Loss or Impact

Patient & Public Experience

Legal / Regulatory

Health/ Clinical Outcome

Safety / Injury / Harm (patients or staff)

Impact on Services Key Priorities -Annual

Health Check, LAA

Negligible(1)

£1k to £5k

Unsatisfactory patient experience not directly related to patient care

Locally resolved complaint

Minor non-compliance with standards

Minor recommendations e.g. clinical audit, internal audit, external audit etc

Minor adverse clinical outcome, e.g. slight delay in referral or treatment with low

impact

Short term verbal abuse. Less than 3 days

absence. Patients required extra observation or minor

treatment

Short term capacity issue (staff/facilities) reducing service quality (< 1 day)

Non achievement of locally agreed target, not

included in the Local Area Agreement

Minor

(2)

Up to £50k.

Unsatisfactory patient experience - readily

resolvable Justified complaint

peripheral to clinical care

Adverse local media report – short term

Possible minor out of court settlement or civil small

claims court.

Isolated failure to meet local standards.

Coroners Court Inquest

One off failure to meet

minimum clinical outcomes

Minor increase in

health inequalities (in only 1 area/group)

Physical encounter (scratches / bruising).

RIDDOR reportable injury with absence of 3 days to

1 week.

Patients require minor increase in treatment, did

not lead to permanent harm

Significant inconvenience or cost in maintaining

activity

Capacity issue (staff/facilities) reducing

service quality (<1 week)

Non achievement against one Local Area

Agreement target

Moderate(3)

Up to

£250k.

Mismanagement of patient care

Justified complaint involving

lack of appropriate care

Ongoing adverse local

media reports

Defensible civil action. Improvement notice

Persistent failure to meet local standards.

Intermittent failure to meet national performance

standards Coroners Court – narrative

verdict

Intermittent failure to meet minimum clinical

outcomes.

Moderate increase in health inequalities (across 2 or more

areas/groups)

RIDDOR reportable injury with absence of more

than 1 week.

Patients require moderate or major

increase in treatment, did not lead to permanent

harm

Ongoing unsafe staffing level

Significant ongoing

capacity issue (staff/facilities) preventing

service delivery (> 1 week)

Significant non-achievement against

Local Area Agreement.

Failure to improve current Healthcare Commission rating

Major

(4)

Up to

£500k. Destabilises

provider market

Serious mismanagement of patient care

Several justified complaints (of a HCC 2

nd stage

complaint) Adverse national press

interest (<3 days)

Criminal prosecution.

Persistent failure to meet national performance

targets. Coroners Court – neglect

verdict

Persistent failure to meet minimum clinical

outcomes in one clinical area

Significant increase in health inequalities (across 2 or more

area/groups)

RIDDOR reportable major injury or dangerous

occurrence

Patient experienced permanent harm

Significant ongoing

capacity issue (staff/facilities) preventing service delivery for (> 1

month)

Reduction in current Healthcare Commission

rating (down 1 level)

Significant non-achievement against

LAA targets

Catastrophic

(5)

Over £1m.

Significantly destabilises

provider market

Totally unsatisfactory patient experience

Multiple justified complaints On-going adverse national

press interest (>3 days), MP questions

Corporate Manslaughter or Corporate Killing

prosecution

Persistent failure to meet national, professional and

statutory requirements.

Persistent failure to meet minimum clinical outcomes in a range of

services Extreme impact on health inequalities

across Trust

RIDDOR reportable death.

NRLS reportable death - Patient died as a direct

result of incident

Interruption of all or significant range of Trust

activities (> 1 week)

Move to weak Care Quality Commission

rating


31

KEY PERFORMANCE INDICATORS

Key Performance Indicator Measured by Risk Strategy Agreed by Board Minutes from Committees Minutes from Sub Committees to overarching committees Risk Register reports Reports to Governance Committee NHSLA Compliance Compliance with standards CQC Compliance CQC Registration KCHS Assurance report KCHS Assurance report to PCT Board

KCHS Board Minutes KCHS Board Minutes to PCT Board Training of staff Mandatory training prospectus and attendance reports

Documents

Document