Risk Register Assmt v1

of 24 Risk Register & Risk Assessment Policy and Procedure

Notice to staff using a paper copy of this guidance The policies and procedures page of Healthnet holds the most recent and approved version of this guidance. Staff must ensure they are using the most recent guidance. Author: Health, Safety & Security Manager Asset Number: 819

Plymouth Community Healthcare CIC

Risk Register & Risk Assessment Procedure

Version No 1


Reader Information and Asset Registration Title Risk Register & Risk Assessment Procedure V1 Information Asset Register Number

819

Rights of Access Public Type of Formal Paper Procedure Category Corporate Format Microsoft Word 2003 and PDF Language English

Subject How to pro-actively manage identified risks locally and when to escalate it. Document Purpose and Description

This document underpins the Risk Management Strategy, describes the responsibilities and procedures associated with the process of risk assessment and promotes dynamic use and maintenance of Risk Management Workbooks enabling formal PCH risk management processes.

Author Assistant Director of Risk and Safety Ratification Date 27th September 2012. Policy Ratification Group. Publication Date 12/11/2012 Review Date and Frequency of Review

Review at least two-yearly

Disposal Date The Policy Ratification Group will retain an e-signed copy for the database in accordance with the Retention and Disposal Schedule; all previous copies will be destroyed.

Job Title of Person Responsible for Review

Health, Safety & Security Manager

Target Audience All Plymouth Community Healthcare staff

Circulation List

Electronic: Via Plymouth Healthnet Written: Upon request to the Policy Ratification Secretary on 01752 435104 Please note if this document is needed in other formats or languages please ask the document author to arrange this

Consultation Process

Consultation was undertaken with members of the Health, Safety & Security and Operational Risk Management Committees from the following areas: Central & North East Locality City / Corporate Locality Plym / Plymstock Locality South West Locality South East Locality North West Locality Childrens & Families Services Workforce Development Estates and Facilities JCCN

Equality Analysis Checklist completed

References/Source

NHSLA Risk Management Standards for 2012-13 (for non-NHS Providers of NHS Care) Health and Safety at Work Act 1974 Management of Health and Safety at Work Regulations 1999 Workplace (Health, Safety and Welfare) Regulations 1992 Manual Handling Operations Regulations 1992


Control of Substances Hazardous to Health Regulations 1999 (COSHH) Personal Protective Equipment (PPE) Regulations 1992 Health and Safety (Display Screen Equipment) Regulations 1992 Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1985 (RIDDOR)

Supersedes Document New document

Author Contact Details

By post: Mount Gould Local Care Centre 200 Mount Gould Road Plymouth Devon PL4 7PY Tel: 0845 155 8085 Fax: 01752 272522 (LCC Reception)

Publisher (for externally produced information):

N/A

Document Review History

Version Number

Details i.e. updated

or full review

Date Originator of Change Description of

and reason for change(s)

V1 New document July 2012 Risk Management Advisor

Formal PCH procedure to support statutory requirements, strategy, health and safety policies, and in-house training provision.


Contents of Risk Register and Risk Assessment Procedure Page

1 Introduction 5

2 Purpose 6

3 Definitions 7

4 Risk Register & Risk Assessor Responsibilities 8

5 Formal Risk Management Process 10

5.1 Risk Register & Risk Assessor Training 10

5.2 Risk Management Workbook 11

5.3 Risk Register 11

5.4 Risk Assessments 11

5.5 Resources 12

5.6 Support for Risk Assessors 12

6 Central Monitoring of Risk Registers 13

7 Escalation of Risk 13

8 Training Implications 13

9 Monitoring Effectiveness 13

10 Associated Documentation 14

Appendix A Risk Scoring Matrix 15

Appendix B Escalation of Risk Flow Chart 20

Appendix C Example and Blank Risk Assessment Template 21

Appendix D Quick Risk Assessment Reference Guide 23


Risk Register & Risk Assessment Policy and Procedure 1 Introduction 1.1 This policy is part of a suite of policies that enables the delivery of Plymouth

Community Healthcares (hereafter referred to as PCH) Risk Management Strategy. It describes the responsibilities and procedures associated with the process of risk assessment and the development and maintenance of risk registers in PCH.

1.2 Proper risk assessment can help all NHS organisations, teams and individuals set

their priorities and improve decision-making to reach an optimal balance of risk, benefit and cost. Risks can be described as clinical, environmental, financial, political or affecting public perception and reputation (NPSA, 2006).

1.3 Risk assessment is a risk management and clinical governance tool which the

organisation uses to: a) Gather facts about various activities and services and their associated

hazards and risks; b) Assist in the identification of risks that are a threat to the achievement of

strategic objectives; c) Highlight the need to eliminate or manage identified hazards and risks, in

order to protect the safety and well-being of staff, patients, visitors and the organisation as a whole;

d) Take corrective actions when new risks are identified or existing risks are not adequately controlled;

e) Assess the likelihood and consequence of risks causing harm or damage; f) Gauge the consequence of non-compliance; g) Consider the consequences of not meeting key objectives. 1.4 PCH is committed to a process of proactive risk assessment and management

within current services and activities. The organisation will use risk assessment as part of Corporate, local business and project planning, in the establishment, restructuring or redesigning of services and in the development of Risk Registers.

1.5 A risk register is a management tool that provides an organisation with information

on its risk profile and is a repository for risk information across all areas of activity. This repository is at the heart of the internal control system and contains details of the risks that threaten PCHs success in achieving its stated aims and objectives.

1.6 PCH will face a number of risks which will potentially affect achievement of its aims

and objectives; these include: a) Corporate risks ~ operating within powers, fulfilling responsibilities,

accountability to public; b) Risks to Reputation ~ quality of services, communication, patient experience c) External risks ~ political, environmental, social, environmental, meteorological


d) Clinical risks ~ associated with service standards, competencies, complications, equipment, medicines, staffing, patient information;

e) Health and safety risks ~ ensuring the well being of staff and patients whilst

providing or using services; f) Business Risks ~ associated with managing the affairs of the organisation,

human resources, information & IT, financial and internal management, achieving objectives;

g) Risks to Assets ~ security, protection, optimum use, maintenance,

replacement 1.7 In PCH, the Risk Registers are populated through the organisations risk

assessment and evaluation process. This process enables risks to be quantified and ranked. It provides a structure for collecting information about risks that will assist both in the analysis of risk, and in decisions about whether or how these risks must be controlled, managed and monitored.

1.8 Risk Registers can also support decision making on how resources should be

allocated. Ideally, all decisions such as changes in policy, procedures or practices, service developments, enterprises such as new projects and all associated resource commitments should result in reductions to the organisations highest priority risks. At all levels, proposals to make changes or commit resources must include reference to the effect this may have on the risk profile of the organisation.

1.9 In PCH, risk assessments must be recorded in Risk Registers which are located in

Risk Management Workbooks found locally on the Groups:\ network drive. 2 Purpose 2 In addition to supporting the Risk Management Strategy and Health & Safety

Policy, the purpose of this document is to ensure that PCH has a general assessment process which:

a) Defines a risk assessment, risk register and other associated terms

commonly used; b) Clarifies who is responsible throughout the process from identification to

resolution; c) Specifies how they will be considered, prioritised and managed within PCH; d) Is simple to use; e) Provides consistent scores when used by staff from a variety of roles and

professions; f) Is capable of assessing a wide range of risks.


3 Definitions 3.1 Hazard is anything with the potential to cause harm, loss or damage. Hazards

can be broken down into Biological, Chemical, Physical, Ergonomic, Psychosocial, Financial and Clinical.

3.2 Risk the chance of suffering harm caused by a hazard, loss or damage or the

possibility that PCH will not achieve one or more of its objectives. 3.3 Risk Assessment is consideration of what may cause harm to people or PCH

functions and whether or not precautions to prevent harm or loss are possible. 3.4 Corporate Risk Register a documented and prioritised log of the overall

assessment of a range of risks faced by the organisation. 3.5 Local Risk Register an Excel worksheet in the Risk Management Workbook

used by services / units / wards / departments at local level that require addressing, and detail remedial actions arising from the risk assessment process in their areas effectively realising an action plan.

3.5 Risk Management Workbook an Excel document located on the

Groups:\network drive; one for every service / unit / ward / department. The Risk Management Workbook (RMW) incorporates the Risk Register wherein all risk assessments are undertaken, scored and formulated into dynamic local Action Status Reports notifying managers of remedial actions, and current status of risk assessments (i.e. due or overdue).

3.6 Escalation of Risk the route through which risks, unable to be resolved at local

level, may be escalated for Board level ownership into the Corporate Risk Register.

3.7 Reasonably Practicable this is a balance of cost or possible negative impact of

implementing controls against the level of risk. 3.8 Safe System of Work is a formal and approved procedure with safe working

methods stated that employees must follow in order to control or eliminate work. 3.9 Risk Issues/Types are problems that face PCH (i.e. clinical, health and safety,

business, etc). 3.10 Risk Management is the pro-active (i.e. internal and external audits, risk

assessments, self-assessment of risk, central alert system (CAS), etc) and reactive management (incidents, complaints, litigation, external and internal audits, etc) of uncertainty that may impact upon PCH to deliver its services in a safe and appropriate way

3.11 Local for the purposes of this policy, local refers to activities undertaken at

services / units / wards / departments level. 3.12 Competent in terms of risk assessors, the member of staff should possess

sufficient skill and knowledge in relation to the service and activities in which they are engaged, including IT capabilities (i.e. Excel).


4 Risk Register & Risk Assessor Responsibilities 4.1 Corporate Responsibility - the Corporate Risk Register is reviewed by the

Executive Team and the Board, on a quarterly basis. Executive Directors consider the content and grading of corporate risks on a quarterly basis.

4.2 All Locality Managers shall: a) attend the requisite Managers Core Mandatory Risk Management Training

followed by Risk Register & Risk Assessor Training for Managers sessions, and subsequent two-yearly refresher training;

b) ensure each manager has read and understand the Risk Management

Strategy and associated health and safety policies; c) through locality management meetings, ensure Risk Register information is

reviewed on a quarterly basis so that they remain effective; d) ensure identified risks recorded on Risk Registers are appropriately reviewed

to reflect learning outcomes from incident / complaint / legal investigations. 4.3 All PCH Managers shall: a) attend the requisite Managers Core Mandatory Risk Management Training

followed by Risk Register & Risk Assessor Training for Managers sessions, with regular support being offered by the Risk Management Team where it is deemed necessary;

b) must familiarise themselves with this policy and procedure, which should be

read in conjunction with the Risk Management Strategy and health and safety policies;

c) ensure they understand the risk process and how risk registers are used to

identify, record and address risk issues; d) use risk assessment to pro-actively manage risk issues within their area of

responsibility, and ensure that sufficient and suitable controls are implemented that are proportionate to the level of risk;

e) ensure significant high risks identified are escalated immediately (see

Escalation of Risk section) if a control measure is not possible or the required actions are outside their remit of responsibility;

f) co-operate in communicating information from their own local Risk Registers

to their staff, managers or Corporate Risk Register; g) ensure new risks or changes to existing risk assessments are recorded in the

Risk Register, monitoring remedial actions to eliminate, reduce or control risks until the issue is resolved;

h) involve staff in the review and completion of risk assessments and the Risk

Register;


i) depending on the size of their service / unit / ward / department, appoint at

least one other capable member of staff to be trained as a Risk Assessor in order to support them in their role; this role to be included in the appointed member of staffs job description and is additional to their substantive role and provided with appropriate time to undertake their Risk Assessor duties;

j) complete the Care Quality Commission (CQC) column (yellow) assuring their

Risk Assessors that risk assessments inputted by them have been duly reviewed;

k) ensure that their staff are aware of the process and content of the Risk

Register. 4.4 Appointed Risk Assessors shall: a) attend Health and Safety Risk Assessor Training with subsequent regular

refresher training / support deemed as required; b) support their manager by bringing to their attention local operational risk

issues that they have either identified or had brought to their attention by other staff members, recording such risks onto their local Risk Register and discussing appropriate remedial actions, owners and deadlines;

c) liaise with their risk assessor colleagues / managers to annually complete a

set of self-audits and any resulting risk assessment, as per training; 4.5 Risk Management Team: a) will provide all risk management training, including Risk Register and Risk

Assessor training in order to facilitate undertaking of risk assessments at local level;

b) provide appropriate advice, support and extra 1:1 tuition to staff as required; c) centrally manage all Risk Management Workbooks to ensure health and

safety compliance by all services / units / wards / departments; d) provide exception reports to the Risk Management Committee for areas of

service demonstrating non-compliance. 4.6 All PCH employees are responsible for ensuring they understand the process of

and findings of risk assessments, and follow the controls and identified actions outlined in the Risk Register and risk assessments. They must make managers aware of any risks to patient safety, health and safety or other risk issues.

4.7 Staff Health & Wellbeing should be consulted on risk assessment issues where

they may be an impact on the health of staff.


5 Formal Risk Management Process 5.1 Risk Register & Risk Assessor Training 5.1.1 Only competent persons can carry out risk assessments. By definition, this is

someone with relevant knowledge, training and experience of the hazards and risk associated with the processes to be assessed.

5.1.2 All staff will have access to risk management and health and safety information,

instruction and training, including how to effectively use the Risk Management Workbook; the level and nature of the training will vary according to local need.

5.1.3 PCHs Executive Team will collate the annual training needs of the Board, such as

risk management training incorporating Risk Registers and Risk Assessor Training delivered at the appropriate level.

5.1.4 Locality / Deputy Locality Managers and all local managers will receive Risk

Register & Risk Assessor Training for Managers, and to attend refresher sessions on a two-yearly basis; course dates are available from the Professional Training & Development Department.

5.1.5 Local managers are to nominate at least one member of staff from each of their

teams to attend Health & Safety Risk Assessor Training, and to attend refresher sessions on a two-yearly basis; course dates are available from the Professional Training & Development Department.

5.1.6 Training programmes will consist of the legal requirements behind the need for risk

assessments, the methodology for assessing and recording risks, an introduction to the Risk Management Workbook, and live undertaking of practical risk assessments in line with local health and safety self-audits.

5.1.7 Risk management and incident reporting are introduced in the corporate induction

training. 5.1.8 A record of any training and any names of attendees / non-attendees will be

recorded and passed to the Professional Development & Training Department for recording on the Electronic Staff Record (ESR); managers will be contacted for following up any non-attendees.

5.2 Risk Management Workbook 5.2.1 Only staff who have attended Risk Register and Risk Assessor training have

access to their local Risk Register, which is an Excel workbook located on the Groups:\ network drive (i.e. G:\District Nurse_C&NE). Either the Locality Manager or their deputy will also have access to the Risk Management Workbooks (RMW) within the remit of their responsibility, provided they too have received, or are scheduled to receive, Risk Register and Risk Assessor training.


5.2.2 Risk Management Workbooks (RMW) are made up of a number of worksheets: a) Risk Register b) Self Audits (Health and Safety issues i.e. clinical waste, infection prevention

and control, display screen equipment, manual handling, etc) c) Equipment Register (a log of all equipment held locally, which will

automatically populate a MEMS worksheet) d) Quarterly Fire Checklists e) Fire Risk Assessment f) Workplace Assessment g) Action Status Report 5.3 Risk Register 5.3.1 A Risk Register is a log of all risk

assessments that have identified issues that may threaten the service / unit / ward / department from effective service provision thus, collectively, impacting upon PCHs business objectives.

5.3.2 Risk Registers (within RMWs) must be

used to record risk assessments, detailing identified risks and how they are being controlled.

5.3.3 There are two levels of Risk Register within PCH; local and corporate. There are

Risk Registers set up on the Groups:\ network drive for all PCH services/teams managed locally, however, there is only one Corporate Risk Register managed by the Risk Management Team on behalf of the Board.

5.4 Risk Assessments 5.4.1 A risk assessment seeks to answer four simple questions:

Risk Register

Health and Safety

Workforce Planning

Staff Development / Competence

Business Interruption

Business Objectives /

Projects

Finance including claims

Quality / Complaints /

Audit

Adverse Publicity /

Reputation

What can go

wrong?

How bad?

How often?

Is there a need for action?

Do nothing; review occasionally to ensure

position remains the same.

Identify and implement actions to reduce the harm or

likelihood of recurring.

No

Yes


5.4.2 A suitable and sufficient risk assessment can be undertaken by following the five steps, in brief, from the HSEs guidance 5 Steps to Risk Assessment:

Step 1 Identification of hazards and associated risks (i.e. use of syringe and

potential for inoculation injury or severe staffing shortages impacting on patient care and service delivery)

Step 2 Decide who or what might be affected and how (injury, loss or damage). Step 3 Evaluate the risks and decide whether the existing control measures /

precautions in place are adequate or whether more should be done. A risk-scoring matrix is available to assist with the evaluation of the severity and likelihood of the risk. Treat the risk (i.e. decide what additional remedial action can be taken); this could range from to eliminating, reducing or controlling the risk, to accepting the risk if it is minimal.

Step 4 Record your findings in and communicate the risk and controls measures

to those who need to know (i.e. all people who could be affected). Step 5 Review the assessment looking at the effect of the risk and any actions

taken. 5.4.3 Further information is also available from Healthcare Risk Assessment Made Easy

published by the National Patients Safety Agency (NPSA). 5.4.5 PCH utilises the NPSA Risk Scoring Matrix (Appendix A) with minor amendment to

restrict the risk gradings to low, medium and high risk, the use of which within Step 3 (see above) is discussed in detail during training of Risk Assessors. Further information can also be found in NPSAs publication: A risk matrix for risk managers.

5.4.6 Risk assessments should be retained whilst they remain current, and for six years

following the date of their review. 5.5 Resources 5.5.1 No additional resources have been identified as a result of approval of this Policy

and Procedure, however, it is likely that issues will arise which will require resources when establishing effective controls that need to be put in place to manage risks. As such issues arise a full review will be undertaken and resources may be identified as part of the remedial action planning process.

5.6 Support for Risk Assessors 5.6.1 Once trained, every Risk Assessor irrespective of grade or role will also have

access to the Risk Management Workbook Manual; a detailed pictorial guide to support learning from training sessions, covering all topics as detailed in 5.2.2 above.


5.6.2 All trained Risk Assessors have access to the Risk Workbook Manual, available on the Groups:\ network drive. This manual is a detailed and pictorial tool to further support Risk Assessors navigate their way around the Risk Management Workbook, including the Risk Register and risk assessments.

5.6.3 In addition to the manual, verbal risk management advice, information and support

are freely available from the Risk Management Team, together with additional 1:1 tuition for trained Risk Assessors upon request.

6 Central Monitoring of Risk Registers 6.1 All Risk Registers (within RMWs) are on the Groups:\ network driving allowing

central monitoring of Risk Registers and statutory health and safety compliance (i.e. completion of self-audits on RMWs) by the Risk Management Team.

6.2 The Risk Management Team will undertake exception reporting to the Risk

Management Committee of statutory non-compliance and risks recorded as high, in order to identify whether advice, support and extra 1:1 tuition is required to reduce the risk to a more appropriate level (i.e. perhaps risk has been scored too high, or more remedial actions are required, or whether risk is unable to be managed with local resources).

7 Escalation of Risks (Appendix B for Escalation of Risk Flow Chart) 7.1 Trained Risk Assessors undertake risk assessments locally. Risks that need

further controls are entered onto their local Risk Register, which is regularly reviewed and maintained through team meetings (using print outs of the Action Status Reports). Risks requiring action outside the remit of the local service / unit / ward / department should be referred to the Risk Management Team, following discussion with the relevant Locality / Deputy Locality Manager.

7.2 The Risk Management Team will determine whether it can offer appropriate advice

and support and may refer it on to the Risk Management Committee (a sub-group of the Board) for wider consultation and, if not, will forward it to the Executive Team to discuss whether or not to place it upon the Corporate Risk Register.

8 Training Implications (Please refer to 5.1 above)

9 Monitoring Effectiveness 9.1 Locality / Deputy Locality Managers and their managers are responsible for

regularly reviewing local Risk Registers within all areas of their remit. 9.2 Risk Management Team 9.2.1 The commercial insurers of PCH are keenly interested in the risk management

process for the organisation and, in particular, statutory compliance. Therefore, Risk Registers have been created and placed on the Groups:\ network drive to enable regular effective monitoring of local risk issues by the Risk Management Team.


9.2.2 Compliance will also be monitored by internal auditors and external agencies (i.e.

CQC, HSE, etc) as part of periodic reviews / inspections. 9.2.3 With effect from October 2012, exception reporting on a quarterly basis will

commence to the Risk Management Committee, as a standing agenda item. 9.2.4 The Health, Safety & Security Committee will receive assurances on a quarterly

basis that the Risk Register is effectively implemented and managed locally. 9.2.5 The Safety & Quality Committee, on behalf of the Board, will review the Corporate

Risk Register on a quarterly basis. 10 Associated Documentation Risk Management Strategy Information Governance Strategy *Health and safety policies Clinical policies Workforce Development policies and guidance


Appendix A PCHs RISK SCORING MATRIX Plymouth Community Healthcare CIC has chosen to continue using the NPSA risk matrix as its standard method of grading risk. Levels of Consequence

Choose the most appropriate domain for the identified risk from the left hand side of the table Then work along the columns in same row to assess the severity of the risk on the scale of 1 to 5 to determine the consequence score, which is the number given at the top of the column.

Consequence score (severity levels) and examples of descriptors

1 2 3 4 5 Domains Negligible Minor Moderate Major Catastrophic Impact on the safety of patients, staff or public (physical / psycho-logical harm)

Minimal injury requiring no/minimal intervention or treatment. No time off work

Minor injury or illness, requiring minor intervention Requiring time off work for >7 days Increase in length of hospital stay by 1-3 days

Moderate injury requiring professional intervention Requiring time off work for 7-14 days Increase in length of hospital stay by 7-15 days RIDDOR/agency reportable incident An event which impacts on a small number of patients

Major injury leading to long-term incapacity/disability Requiring time off work for >14 days Increase in length of hospital stay by >15 days Mismanage-ment of patient care with long-term effects

Incident leading to death Multiple permanent injuries or irreversible health effects An event which impacts on a large number of patients

Quality / complaints / audit

Peripheral element of treatment or service suboptimal Informal complaint / inquiry

Overall treatment or service suboptimal Formal complaint (stage 1) Local resolution Single failure to meet internal standards Minor implications for patient safety if unresolved Reduced performance rating if unresolved

Treatment or service has significantly reduced effectiveness Formal complaint (stage 2) complaint Local resolution (with potential to go to independent review) Repeated failure to meet internal standards Major patient safety implications if findings are not acted on

Non-compliance with national standards with significant risk to patients if unresolved Multiple complaints/ independent review Low performance rating Critical report

Totally unacceptable level or quality of treatment / service Gross failure of patient safety if findings not acted on Inquest/ombudsman inquiry Gross failure to meet national standards


Human resources / organisa-tional develop-ment / staffing / compe-tence

Short-term low staffing level that temporarily reduces service quality (< 1 day)

Low staffing level that reduces the service quality

Late delivery of key objective/ service due to lack of staff Unsafe staffing level or competence (>1 day) Low staff morale Poor staff attendance for mandatory / key training

Uncertain delivery of key objective / service due to lack of staff Unsafe staffing level or competence (>5 days) Loss of key staff Very low staff morale No staff attending mandatory / key training

Non-delivery of key objective / service due to lack of staff Ongoing unsafe staffing levels or competence Loss of several key staff No staff attending mandatory training / key training on an ongoing basis

Statutory duty / inspections

No or minimal impact or breech of guidance / statutory duty

Breech of statutory legislation Reduced performance rating if unresolved

Single breech in statutory duty Challenging external recommendations / improvement notice

Enforcement action Multiple breeches in statutory duty Improvement notices Low performance rating Critical report

Multiple breeches in statutory duty Prosecution Complete systems change required Zero performance rating Severely critical report

Adverse publicity / reputation

Rumours

Potential for public concern

Local media coverage short-term reduction in public confidence Elements of public expectation not being met

Local media coverage long-term reduction in public confidence

National media coverage with 3 days service well below reasonable public expectation. MP concerned (questions in the House) Total loss of public confidence


Business objectives / projects

Insignificant cost increase / schedule slippage

25 per cent over project budget Schedule slippage Key objectives not met

Finance including claims

Small loss Risk of claim remote

Loss of 0.10.25 per cent of budget Claim less than 10,000

Loss of 0.250.5 per cent of budget Claim(s) between 10,000 and 100,000

Uncertain delivery of key objective/Loss of 0.51.0 per cent of budget Claim(s) between 100,000 and 1 million Purchasers failing to pay on time

Non-delivery of key objective/ Loss of >1 per cent of budget Failure to meet specification/ slippage Loss of contract / payment by results Claim(s) >1 million

Service / business interruption Environ-mental impact

Loss / interruption of >1 hour Minimal or no impact on the environment

Loss/interruption of >8 hours Minor impact on environment

Loss/interruption of >1 day Moderate impact on environment

Loss / interruption of >1 week Major impact on environment

Permanent loss of service or facility Catastrophic impact on environment


Likelihood score (L)

What is the likelihood of the consequence occurring?

The frequency-based score is appropriate in most circumstances and is easier to identify. It should be used whenever it is possible to identify a frequency.

Likelihood score 1 2 3 4 5

Descriptor Rare Unlikely Possible Likely Almost certain Frequency How often might it/does it happen

This will probably never happen/recur

Do not expect it to happen/recur but it is possible it may do so

Might happen or recur occasionally

Will probably happen/recur but it is not a persisting issue

Will undoubtedly happen/recur, possibly frequently

Risk scoring = Consequence x Likelihood (C x L)

Likelihood Likelihood score 1 2 3 4 5

Rare Unlikely Possible Likely Almost certain 5 Catastrophic 5 10 15 20 25

4 Major 4 8 12 16 20 3 Moderate 3 6 9 12 15

2 Minor 2 4 6 8 10 1 Negligible 1 2 3 4 5

For grading risk, the scores obtained from the risk matrix are assigned grades as follows: 1 4 Low risk 5 12 Medium risk 15 - 25 High risk


Authority of Managers With Regard to Managing Risk:

KEY:

Low risk Low risks are deemed as acceptable risks to Plymouth Community Healthcare, and require no immediate action but must be monitored regularly by the service and reviewed annually or when circumstances change. Managers are encouraged to take action on low risks particularly when these risks can be easily minimised be eliminated. These risks will be actioned locally within the service and entered as a local risk on the Risk Register within the Risk Management Workbook.

Medium risk Medium Risk - not acceptable unless a consensual decision is taken by a senior manager and team. Similarly not acceptable for a clinical risk unless a consensual decision is taken by a senior manager and senior clinician and team. Where appropriate the service should consider the risks and an agreed remedial action plan. These risks will be actioned locally and entered as a local risk on the Risk Register. The service will monitor the application of the action plan and review the risk grading and, if required, adjust. Risks that cannot be reduced locally should be notified in the first instance to the Locality Manager who may, after consideration, take the issue to the Risk Management Team. The risk will be evaluated and, if appropriate, entered onto the Corporate Risk Register. All risks should have developed and implemented appropriate remedial action plans. The Locality Manager will monitor the application of any such action plans and, if required, reduce the risk grading.

High risk High Risk - not acceptable unless the Board makes a consensual decision. These risks will be entered on the Corporate Risk Register. Appropriate actions may be developed and implemented. The Risk Management Team will monitor the application of any such remedial action plans and review and, if required, reduce the risk grading. The Corporate Risk Register will go to Plymouth Community Healthcares Board for discussion every three months or more frequently if needed.


Appendix B

New Risk Identified at Service/Unit//Ward/Department

No

Risk to be reviewed by Manager

Can risk be managed locally?

Manager monitors Local Risk Register as part of

normal governance arrangements along with

feedback on reported incidents.

Risk Management Team review assessment of risk

The Executive Team discuss risk and agree if it should go on the Corporate Risk Register. PCH Board will monitor the Corporate Risk Register quarterly. If a commissioning risk it

will be forwarded to the Commissioners accordingly.

Review at PCH Board

Yes

Escalate risk to Locality Manager

Risk Management Team forwards risk to the Executive Team of

PCH Board.

Can risk be managed with assistance from Risk

Management Team?

Yes

No

Manage risk

Intervention by Risk Management Team

Risk accepted by Plymouth Community Healthcare CIC

Intervention / Control

Record risk assessment on Risk Register (incorporated within the Excel based Risk Management Workbook)

No

Can risk be managed locally?

Yes


Appendix C

Date Hazard & Associated Risks CQC Outcome Controls in Place Hyperlink Likeli-hood

Conse-quence

Risk Score

[i.e. 3 Jul date will automatically format)

V1 - Document Management - lack of document organisation within shared folder will result in: a) Duplication and confusion, especially if documents are not version- controlled; b) Additional occupational stress for staff trying to locate documents c) Mis-understanding/communication when relaying information to staff / patients d) Potential for clinical negligence, complaints, adverse publicity possibly leading to lack of public confidence, downward turn in business and subsequent threat to service provision undertaken by [name of risk assessor]

Outcome 1: Respecting and involving people who use services

1) Team members have access to a shared folder on the Groups:./ drive

Likely - 4

Moderate - 3

12 Medium

REMEDIAL ACTIONS

1st Remedial Action Owner Due Date Date Completed 2nd Remedial Action Owner Due Date Date Completed

Discuss proposed changes re document organisation to team members, with a flow chart, if required

Team Manager [state their name]

[i.e. 3 Jul date will automatic

ally format)

[i.e. 3 Jul date will

automatically format)

Identify MOS to review current arrangements and agree new arrangements with team.

MOS [state their

name]





Tip: Alt+Enter allows user to create more lines in an Excel cell.


Blank template Risk Assessment from Excel Risk Register in Risk Management Workbook

Date Hazard & Associated Risks CQC Outcome Controls in Place Hyperlink Likeli-hood

Conse-quence

Risk Score

REMEDIAL ACTIONS

1st Remedial Action Owner Due Date Date Comp 2nd Remedial Action Owner Due Date Date Comp


Appendix D Quick Risk Assessment Reference Guide

For ease of reference, and in support of training provided by the Risk Management Team, the guide below is a summary of actions required. This does not negate the need for those involved in the process to be aware of and follow the detail of this procedure. The purpose of a risk assessment is to identify risks associated with legal, moral and financial duties in relation to your service activities, removing them where possible, or otherwise adopting all the control measures and precautions that are reasonable and practical in the circumstances. 1) Identify the risk - risks may be identified through a variety of mechanisms from: Walking around your workplace and looking afresh at what could reasonably be

expected to cause harm (i.e. change in practice / new equipment / relocation) Business / Service Delivery Plans / Eligibility Criteria Incident Forms / Serious Incidents Complaints / Litigation Health & Safety Risk Self-Audits / Workplace Inspections External Assessment / Audit including: Care Quality Commission, Environmental

Health, Internal Audit, Audit Commission National Confidential Enquiries, National Service Frameworks, Recommendations

from other external high level enquiries and reports NB: Dont forget to consider who could be at risk of harm / what could be at risk of loss or

damage. 2) Assess the Risk - once a risk has been identified a risk assessment should be

completed directly onto the Risk Register, incorporated within the Risk Management Workbook, the risk evaluated and scored in accordance with the risk scoring matrix (Appendix A), the outcome of which will identify whether more needs to be done to reduce or control the risk accordingly. Record appropriate remedial actions where they have been identified as being required to further reduce the risk of the harm / loss / damage being realised, giving each remedial action an owner and a deadline to be completed this becomes the Action Plan. When considering remedial actions, ask yourself:

Can I remove the risk/hazard altogether? If not, what controls need to be in place, so that likelihood (chance) of the risk

occurring will be eliminated or reduced as far as is reasonably practicable and / or the consequence reduced, should the risk be realized?

What assurance will I be able to get as to whether the controls are working? What the predicted (residual) risk rating is likely to be once all the controls are in

place? 3) Monitoring / Reviewing the Risk - all risks recorded on local Risk Registers

(incorporated within the Risk Management Workbook) will require regular monitoring by the service / unit / ward / team manager and communicated to your staff. In addition to this local monitoring, quarterly monitoring and exception reporting will be undertaken by the Risk Management Team to the Operational Risk Management Committee.


All policies are required to be electronically signed by the Lead Director (the policy will not be accepted onto Healthnet until the e-signature is received). The proof of signature for all policies is stored in the policies database.

The Lead Director approves this document and any attached appendices. Signed:

Title: Deputy Chief Executive/Director of Governance

Date:

Documents

Risk Register Assmt v1