Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
What keeps CCG Governing
Bodies awake at night? (2016 Edition) Clinical Commissioning Group Assurance Framework
Benchmarking
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 1
The overall purpose of the insight is to enable individual CCGs to understand how key elements
of their Assurance Frameworks compare with others.
1. Context
Good governance lies at the heart of all successful organisations and can help protect them
from poor decisions and exposure to significant risks. An efficient and effective Assurance
Framework is a fundamental component of good governance, providing a tool for Governing
Bodies to identify and ensure that there is sufficient, continuous and reliable assurance on
organisational stewardship and the management of the major risks to organisational success.
Whilst traditionally the Assurance Framework focussed on risks, controls and assurances within
the organisation, there is an increasing need for a much wider focus across organisation
boundaries to reflect the environment within which Clinical Commissioning Groups are
operating.
The insights provided below are from a detailed review of 54 CCG Assurance Frameworks
(September 2016). Whilst it is recognised that there will be differences in CCG risk profiles, the
analysis sets out some interesting comparisons and offers the opportunity to question
inclusions, omissions and risk scores at a local level. In addition,
comparison is made to the previous annual MIAA
benchmarking exercises.
2. Top 10 Strategic Risks
In grouping all the risks within the assurance framework, there
was a clear ‘top 10’ in terms of the most frequent risk theme
areas. The top 10 themes accounted for almost 78% of all risks
documented within the assurance frameworks.
Of all the assurance frameworks
only two CCGs had risks across all of the ‘top 10’ themes.
twenty four (44%) covered at least seven of the ‘top 10’
risk themes, an increase from last year’s figure of 29%.
forty one (76%) covered at least five of the ‘top 10’ risk
themes. The majority of CCGs with risks in less than five
of the themes had Assurance Frameworks with a low
number of risks in total.
1. Corporate Systems and
Processes
2. Partnership Working
3. Reconfiguration and
Redesign of Services
4. Commissioning
5. Quality Assurance of
Providers
6. Financial Duties
7. Public and Patient
Engagement
8. Access to Services
9. Performance Targets
10. Primary Care
TOP 10 RISK THEMES
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 2
The top two themes of ‘Corporate Systems and Processes’ and ‘Partnership Working’ were clear
leaders and, between them, comprised 25% of the total number of risks.
The table below compares the ‘top 10’ risk themes for 2016 against the results for 2014 and
2015. It is evident that the ‘top 10’ themes are very consistent. In fact, from 2014, the only
change to the Top 10 is that ‘Primary Care’ replaces ‘CSU Support’ (perhaps reflecting the
changes in CSU service provision, the increased role of CCGs, challenges to primary care
capacity and the advent of the new Primary Care contract).
‘Reconfiguration and Redesign of Services’ is more prominent in 2016 reflecting developments
of New Models of Care, Vanguards and the Sustainability and Transformation Plans (STPs).
Closely linked with this, ‘Partnership Working’ continues to feature prominently.
The ‘QIPP’ risk theme was just outside the Top 10, showing much more prominence than in
previous years which is not unexpected given the financial challenges facing the NHS as a
whole.
Interestingly, the areas with the greatest number of high risk areas (as outlined at Section 4)
are relatively low in the ‘top 10’, these being ‘Financial Duties’, ‘Quality Assurance of Providers’
and ‘Performance Targets’.
Figure 1: Top Ten Risk Themes – 3 year comparison
Q: Does your Governing Body Assurance Framework consider the breadth of these themes?
2016 2015 2014
1. Corporate Systems and
Processes
2. Partnership Working
3. Quality Assurance of
Providers
4. Financial Duties
5. Commissioning
6. Performance Targets
7. Public and Patient
Engagement
8. Access to Services
9. Reconfiguration and
Redesign of Services
10.Primary Care
1. Corporate Systems and
Processes
2. Quality Assurance of
Providers
3. Access to Services
4. Performance Targets
5. Financial Duties
6. Partnership Working
7. Commissioning
8. Reconfiguration and
Redesign of Services
9. CSU Support
10.Patient and Public
Engagement
1. Corporate Systems and
Processes
2. Partnership Working
3. Reconfiguration and
Redesign of Services
4. Commissioning
5. Quality Assurance of
Providers
6. Financial Duties
7. Public and Patient
Engagement
8. Access to Services
9. Performance Targets
10.Primary Care
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 3
3. Overall Risk Profile
The overall risk profiles of the CCGs varied significantly in terms of numbers and risk scores.
Figure 2 – CCG risk profiles as captured within their Assurance Frameworks
The overall proportions of high, moderate and low risks have remained reasonably consistent
with the previous year though high risks now comprise 25% of the total risks compared to 22%
in 2015.
Four CCGs had an assurance framework without any risk scores. Three Assurance Frameworks
had insignificant risks included on their assurance framework, and over half had low risks
recorded. The average number of risks was 16 (range 3-56).
The overall results should be considered in the light of the different ways in which CCGs
articulate their risks in their assurance frameworks. Some CCGs have a very small number of
risks which encompass a number of sub-risks where as others have a greater number of more
specific risks. This will influence both the risk profile results and the categorisation of risks (as
a single risk covering a range of issues can be categorised within a number of risk themes).
Q: Have you considered the overall risk profile within your organisation and is the number of
risks on the Governing Body Assurance Framework manageable in terms of scrutiny and
oversight?
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 4
4. High Risks
The highest risks (risk score 20-25) identified across the assurance framework covered a wide
range of areas and are combined and summarised below.
Table 1 – Highest risks within CCG Assurance Frameworks
Risk Current Risk
Score
CCG underlying financial position 25
Provider trust financial position 25
Better Care Fund 25
Clinical workforce capacity 20
QIPP savings 20
Achievement of financial surplus position 20
Emergency ambulance performance 20
Demand and capacity (non elective care) 20
Transformation programme and availability of transformation funding 20
Lack of mental health inpatient beds for children and young people 20
High mortality rates 20
Seasonal planning 20
Achievement A&E targets 20
Statutory duty to consult not adhered to 20
Lack of financial resources within local authorities 20
C Difficile target 20
Quality assurance arrangements for Continuing Health Care (CHC) 20
Of the highest risks (scored at 20 and 25), the greatest percentage (25%) were within the
‘Financial Duties’ risk theme, generally relating to the achievement of the financial position
against the backdrop of funding challenges, increased demand for services etc. The 2015
analysis also reflected financial risks as those with the largest percentage of high risks with
20%.
For 2016, QIPP also had 14% of the highest risks where as primary care, commissioning and
performance targets were less prevalent than in 2015 with access to services more prevalent
with 12% of the highest rated 2016 risks.
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 5
In terms of how the overall high risks (risk score 15-25) translated into the risk theme areas, it
can be seen that seven of the ‘top 10’ themes collectively accounted for the majority (74%) of
high risks. All of the ‘top 10’ themes had at least one high risk.
Figure 3 – Percentage of high risks within CCG Assurance Frameworks in relation to risk themes
The average number of high risks (risk score 15-25) in an assurance framework was 4 (the
range being between 0-14). This compares to an average number of 3 with a range of 1-10 in
our 2015 benchmarking exercise.
Q: Are there any high risks identified here that need to be considered by your organisation, either
in terms of omission within the Governing Body Assurance Framework or in the current risk
impact and likelihood scores?
Financial Duties
Quality Assurance of Providers
Access to services
Performance TargetsCorporate Services and
Policies
QIPP
Reconfiguration and Redesign
Commissioning
Primary Care
Partnership Working
Other
High Risks Scores (15-25) within the Risk Themes
Otherincludes:-Continuing Healthcare-Better Care Fund-Medicines Management-Safeguarding-Mortality-Public and Patient Engagement-CSU Support-Deprivation of LIberties
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 6
5. Risks Facing CCGs
There were a wide variety of risks within each of the ‘top 10’ risk themes and the section below
provides further narrative regarding each category and an overview of the risks identified
within the assurance frameworks.
Corporate Systems and Policies
Corporate systems and processes continued to be the top risk theme, retaining its position
from the 2014 and 2015 reviews. This in part reflects the plethora of areas that it covers
although the high risks tended to be more isolated issues for individual CCGs. Around 74% of
assurance frameworks included at least 1 risk within this theme. The range of risks covered
remained broadly similar to that in the previous year. Particularly prevalent in the medium
rated risks were issues around information governance and procurement. Risks around the
capacity of CCG staff were also common, particularly given the need to contribute to
transformation agendas and STPs in addition to business as usual processes. Lower rated risks
included compliance with statutory requirements (some AFs made reference to specific
legislation such as mental health law), equality duties and mandatory training.
Figure 4 – Corporate systems and policies risks within CCG Assurance Frameworks
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 7
Partnership Working
The effectiveness of joint working arrangements together with the supporting governance
structures continue to represent prominent risk areas particularly given the changing NHS
landscape and wider political landscape over the last year, for example the introduction of STPs
and the advent of devolution in several areas of the country.
70% of the assurance frameworks identified at least one strategic risk in this. High risks
identified were around joint strategic commissioning, partner engagement and devolution.
Development and delivery of STPs was represented, generally as a medium risk. The need to
formalise partnership arrangements was reflected in risks around having appropriate
governance structures and delegated authority.
Figure 5 – Partnership working risks within CCG Assurance Frameworks
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 8
Reconfiguration and Redesign of Services
Reconfiguration and redesign has become a much more prevalent risk for CCGs compared to
2015, moving from ninth in the top 10 up to third. This aligns with developments around
vanguards, devolution and STPs and links to other areas, including ‘Partnership Working’,
‘Patient and Public Involvement’ and ‘Commissioning’.
72% of the assurance frameworks identified at least one strategic risk in this area. High risks
related to funding of transformation, designing new models of care and ensuring redesigned
services are financially sustainable and of high quality.
Figure 6 – Reconfiguration and redesign risks within CCG Assurance Frameworks
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 9
Commissioning
Commissioning is a fundamental area of CCG strategic objectives and in addition to direct risks
this was also a secondary factor in other risk themes (e.g. partnership working, financial duties
and primary care services). 65% of the assurance frameworks identified at least one strategic
risk in this area. The highest risks continued to be around the financial stability within provider
organisations as was the case in 2015. Moderate risks reflect aspects of the commissioning
cycle around failure to identify population needs, targeting resourcing towards need and
effectively measuring outcomes as well as more specific aspects such as co-commissioning
and specialised commissioning.
Figure 7 – Commissioning risks within CCG Assurance Frameworks
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 10
Quality Assurance of Providers
The quality assurance of providers is a key role delivered by CCGs and the breadth and
complexity of this role was identified across the assurance frameworks reviewed. 69% of the
assurance frameworks identified at least one strategic risk in this area. High risks were generally
around provider failure and the provision of poor quality services. Quality of domiciliary care
was also noted as a specific high risk. Other risks were themed around quality in specific care
settings such as nursing homes, community services and primary care or locally identified risks
around quality such as infection control, pressure ulcers and handovers and other risks relating
to specific issues at local providers such as poor maternity or cardiac care. Inadequate
mechanisms for identifying potential quality issues were also noted as a risk.
Figure 8 – Quality assurance of providers risks within CCG Assurance Frameworks
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 11
Financial Duties
70% of assurance frameworks included a risk within this theme. As was the case in 2015,
financial risks were also the most prevalent high risks (scoring 20 and 25). The CCG’s financial
position and achievement of financial balance was specifically referenced and this is reflective
of the increasingly challenging economic climate and NHS funding position. Financial aspects
were also noted in some of the other risks themes such as ‘Reconfiguration and Redesign of
Services’.
Interestingly, we included Cost Improvement Programmes as a separate risk theme and, for
2016, this climbed to 11, just outside of the top 10 and was noticeably more prevalent as a
specific risk area than was the case in 2015.
Figure 9 – Financial duties risks within CCG Assurance Frameworks
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 12
Patient and Public Engagement
Public and patient engagement is fundamental to the ethos of the way in which CCGs are
expected to operate. 57% of the assurance frameworks identified at least one strategic risk in
this area. There were a limited number of high risks with the highest score being around the
statutory duty to consult which is becoming increasingly important as transformation
programmes take shape aiming to change the way that services are delivered.
Moderate risks were around listening to and understanding the public (including hard to reach
groups), poor communication of initiatives and reaction and opposition to change. Practical
elements such as engagement and communications capacity within the CCG and the ability to
deal with the media were also present.
Figure 10 – Patient and public engagement risks within CCG Assurance Frameworks
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 13
Access to Services
54% of the assurance frameworks identified at least one strategic risk in this area. Non
elective/urgent and emergency care featured in the high risks both in relation to seasonal
spikes in demand and the financial implications of activity delivered above planned levels.
Capacity of mental health services also featured prominently (as it did in the 2015 risk analysis),
including perinatal mental health.
There were a number of instances where CCGs identified local risks for specific services and
these were included as moderate or high risks. System wide capacity issues were also
highlighted as risks reflecting the challenges of ensuring sufficient primary care and
community services capacity to be able to shift activity from secondary care services.
Figure 11 – Access to services risks within CCG Assurance Frameworks
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 14
Performance Targets
Performance targets remain a challenge for provider organisations and this was reflected in a
number of CCG assurance frameworks. 52% of the assurance frameworks identified at least
one strategic risk in this area, compared to 49% last year. The highest risks related to the A&E
waiting times, ambulance response times, stroke and cancer targets.
Other moderate risks were related to mental health performance (access to psychological
therapy and out of area treatments as well as other aspects of the patient journey), referral to
treatment, diagnostics and discharge.
Figure 12 – Performance targets risks within CCG Assurance Frameworks
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 15
Primary Care Services
37% of assurance frameworks reflected a risk within this theme. The highest risks were
identified around the recruitment of GPs and nurses (and consequent effect on primary care
capacity), a well recognised national issue. In addition the transformation and long term
sustainability of primary care, and primary care support services were also included as high
risks. Moderate risks included quality issues (e.g. CQC ratings) and operational issues such as
aggressive patients and GP IT budgets.
Risks in relation to the failure to manage conflicts of interest within primary care/ co-
commissioning were also featured in a small number of CCG assurance frameworks (these were
categorised under a separate ‘conflict of interest’ theme).
Figure 13 – Primary care risks within CCG Assurance Frameworks
Q: Do you recognise the types of risk identified within each of the risk themes and are these
applicable to your organisation?
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 16
6. Risk Appetite and Target Risk Scores
46% (25/54) Assurance Frameworks included reference to risk appetite or target risk score.
This compares to 31% last year which may indicate that organisations are evolving their
approach to risk appetite. This reflects a developing focus on reduction and mitigation of risks,
alongside the acceptance that there are inherent risks that will remain and need to be a
continued focus for the Governing Body. The table below summarises the number of current
risk scores and target risk scores at each level.
Table 2 – Current and target risk scores
Risk Current Risk Score
(No.)
Target Risk Score
(No).
High (15-25) 119 7
Moderate (8-12) 185 184
Low (4-6) 49 128
Insignificant (1-3)
Not scored
0
0
26
7
TOTAL 352 352
As would be expected, there is a clear focus to high risks. However there remains a relatively
high risk appetite, with CCGs recognising that a significant number of risks would remain within
the moderate risk rating.
Figure 14 shows the current risk profiles for each CCG and Figure 15 shows the target risk
profiles.
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 17
Figure 14 – Current risk profiles within CCG Assurance Frameworks
Figure 15 –Target risk profiles within CCG Assurance Frameworks
Q: Have you considered risk appetite and identified target risk levels within your organisation?
0
5
10
15
20
25
30
35
CCG Current Risk Profiles NotScored
Insignificant (1-3)
Low (4-6)
Moderate(8-12)
High risks(15-25)
0
5
10
15
20
25
30
35
CCG Target Risk ScoresNot Scored
Insignificant(1-3)
Low (4-6)
Moderate(8-12)
High risks(15-25)
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 18
7. Other Observations
There were some general observations from the detailed review and analysis which are
provided below, and cover common areas and divergence in terms of the structure and content
of the assurance frameworks.
Structure A number of the assurance frameworks had a narrative covering paper or
dashboard, with the best of these showing movement of risk and a quick
glance summary of the risk profile.
The majority of assurance frameworks were structured with objectives, risks,
controls, impact/ consequence and likelihood scores, assurances and
gaps/actions.
Risk owners or lead officers were also identified against each risk in most
cases.
Most assurance frameworks included risk scoring using a 5x5 matrix. Some
had the basic impact/ consequence x likelihood whilst others included
initial, current and target scores. 4 assurance frameworks did not score any
of the risks, compared to 2 in the 2015 benchmarking exercise.
Objectives Some assurance frameworks used the objectives as headings with risks
identified under each and others cross referenced the risks to
objective(s). Where risks were listed underneath objectives there was
greater clarity, yet where the risks were cross referenced it was clear there
was more flexibility (especially where one risk impacted more than one
objective).
The average number of objectives was 5 (range of 3-10). This is broadly
similar to the 2015 where there was an average of 5 objectives with a range
of 3-9.
Risks The average number of risks was 16 (range of 3-56). The comparable 2015
figures were an average of 13 and a range of 1-26. Some organisations had
a joint assurance framework and risk register with a significantly higher
number of risks. Omitting the frameworks with over 40 risks brings the
average number of risks down to 14 which is similar to the 2015 average.
6% of risks were not scored. There were a combination of assurance
frameworks where the format did not include risk scoring and a much
smaller number that looked like recent additions to the assurance
framework, probably awaiting formal review.
Some assurance frameworks used an overarching risk where others
provided separate risks (e.g. for each provider organisation).
Whilst approaches to describe risks and how detailed these were, overall
the risk descriptions were clear.
MIAA Insight CCG Assurance Framework Benchmarking
P a g e | 19
Controls The descriptions and details of the controls varied significantly. It wasn’t
clear whether the controls listed really mitigated the risk described or
whether every operational control in an area was listed without evaluation.
Controls included ‘Governing Body Committee’ and ‘engagement’ but
without further descriptors it wasn’t clear if these were actual controls (or
assurances) and how they would be evidenced.
Assurances Identification and recording of assurances was the area for greatest
development, with some assurance frameworks showing risks without the
assurances listed and others where the assurances were similar to the
controls.
Assurances identified were not always focussed at Governing Body Level
(i.e. operational assurances without the clarity of route to the Governing
Body).
Assurance descriptions were not always clear to evidence based assurance
suggesting reassurance rather than hard evidence.
Some assurance frameworks specified whether the assurance was from an
internal or external (and therefore independent) source.
Gaps/ Actions Some assurance frameworks regularly listed gaps/ actions and others had
very few identified.
Within the structure of the assurance framework it was not always clear how
progress against actions would be shown and challenged. The best
example described the action, assigned a responsible officer with a
timeframe and provided a progress update.
Q: Does your Governing Body Assurance Framework need further development and is there an
agreed plan to take this forward?
MIAA Insight CCG Assurance Framework Benchmarking
The Insight provides information to support CCGs
in understanding how key elements of their
Assurance Framework compare with others. It is
intended to prompt and inform discussions on this important
aspect of CCG governance.
1. Does your Governing Body Assurance Framework consider the
breadth of the risk themes?
2. Have you considered the overall risk profile within your
organisation and is the number of risks on the Assurance
Framework manageable in terms of Governing Body scrutiny
and oversight?
3. Are there any high risks identified that need to be considered by
your organisation, ether in terms of omission within the
Governing Body Assurance Framework or in the current risk
impact and likelihood scores?
4. Do you recognise the types of risk identified within each of the
risk themes and are these applicable to your organisation?
5. Have you considered risk appetite and identified target risk
levels within your organisation?
6. Does your Governing Body Assurance Framework need further
development and is there an agreed plan to take this forward?
We would be keen to hear your views on the issues raised and your
ideas on how further benchmarking in this or other areas would be
of benefit.
For more information or to request a benchmarking topic
please speak to your Senior Audit Manager or contact:
Louise Cobain, Assistant Director