Documentos de Académico
Documentos de Profesional
Documentos de Cultura
DocumentationControl
Reference:
GG/CM/007
Dateapproved:
ApprovingBody:
TrustBoard
ImplementationDate:
Version:
Supersedes:
Version2(2September2009)
Consultation:
ClinicalandNonClinicalHospitalStaff
OrganisationalRiskCommittee
DirectorsGroup
TrustBoard
ExecutiveDirectors,DirectorateClinicalDirectors,
ClinicalLeads,DirectorateGeneralManagers,
HeadsofService
MembersoftheQuality AssuranceCommittee,
QualityOperationalGroupanditsSubCommittees
SpecialistsAdvisors,assetoutintheTrustsRisk
ManagementPolicy
RelevantExternalStakeholders
AllTruststaffandrelevantStakeholders
Distribution:
TargetAudience
SupportingPoliciesand NUHRiskManagementPolicy
Procedures
TrustAnnualPlan
BoardAssuranceFramework.
ReviewDate:
LeadExecutive(s):
Author/LeadManager:
Further
Guidance/Information
NUHRiskAssessmentToolV2Dec2011
December2012
MedicalDirector
HeadofOrganisationalQuality,RiskandSafety
HeadofOrganisationalQuality,RiskandSafety(ext
76018/62553)
Page 1of12
HAZARDIDENTIFICATION,RISKASSESSMENTAND
MANAGEMENTPROCEDURE
1.Introduction
This procedure sets out the Trust operational processes for Hazard Identification,
Risk Assessment and the Management of risk. This document should be read in
conjunctionwiththeRiskManagementPolicy.
ThisprocedurecoversalloftheTrustsactivitiesandshouldbeusedwhenassessing
any kind of hazard (e.g. clinical, strategic, organisational, financial and health &
safety).
ItcanbeusedbyanymemberoftheClinicalorNonClinicalteamsinallDirectorates
andDepartmentsoftheTrust.
The Hazard Identification, Risk Assessment and Management procedure supports
theprinciplethatriskswhichcanbereasonablymanagedlocallyshouldbemanaged
locally.Wherethisisnotpracticalorwheretheriskscoredictatestheproceduresets
outtheescalationprocesstoTrustCommitteesandFora.
Thetoolhasbeendesignedforawiderangeofpurposesi.e.
itcanbeusedtoreviewandmanageallknownrisks,
it can be used to assess potential risks from new activities, service
developmentandprojects
it can also inform business cases and development projects allowing
comparisonsandprioritisationtobemade.
2.RiskRegisters
The Trust requires that all risks are recorded on DATIX. No other systems are
permitted.
The Trust will maintain a Significant Risk Register which comprises of all 20 or 25
scoringrisks(asratifiedbytheQuality AssuranceCommittee).
TheSignificantRiskRegisterwillbereportedtotheTrustBoardeachmonth(except
thosemonthswheretheTrustBoardreceivestheBoardAssuranceFramework).
The Trust requires that all Directorates, Specialties and Departments undertake
systematic and proactive hazard identification and risk assessment to identify local
risks to service provision, service quality, legislative compliance, financial and
NUHRiskAssessmentToolV2Dec2011
Page 2of12
deliveryoftheTrustsobjectivesandoperationalrequirements.HeadsofServiceare
responsibleforensuringthishappens
AllRiskAssessments(irrespectiveofscore)mustberecordedontheDATIXsystem.
The system entry must include details of any mitigating actions required to further
mitigatetherisk(includingresponsibilitiesandtimescales).WhereRiskAssessment
formsaregeneratedthesemustbeuploadedintoDATIXinthedocumentsectionof
theelectronicrecordalongwithanysupportingemails,reportsanddocuments.
TheTrustsRiskRegisterisalive,continuallyevolvingdocument.
The Risk Register provides a focus for the work of the Trust Board and its
Committees by communicating risk information throughout the organisation, and
providingthenecessaryassurancesthatrisksarebeingeffectivelymanaged.
3.Definitions
Hazard is defined as a source of potential harm or a situation with a potential to
causeloss[Graham&Kaye2006]
Risk is definedasthepossibilityofsufferingsomeformoflossordamageand/or
the possibility that objectives will not be achieved or that opportunities will not be
taken. This can be opportunities / benefits (Upside risk) or threats to success
(DownsideRisk).
Risk Assessment is defined as the process of determining the level of risk that a
hazardposesincombinationwiththelikelihoodofitsoccurrence.
Risk Control is defined as the part of the risk management process that is
concernedwiththeimplementationofpolicies,processes,tools,andtechniquesthat
accept,eliminate,removeortransferriskorestablishbusinesscontinuityprocesses.
Controlsmaybepreventative,detectiveorpostevent.[Graham&Kaye2006]
Risk Treatment is defined as the selection and implementation of options for
managingrisks.[Graham&Kaye2006]
Risk Transfer is defined as the treatment or control of risk through sharing the
burdenoflossorbenefitfromariskwithanotherparty.[Graham&Kaye2006]
RiskRegisterisaformalrecordthatcapturesallknownTrustRisks.Foreachrisk,
Risk Registers capture the source, nature, existing controls,theconsequences and
likelihoodofariskbeingrealisedandtheactionsrequiredtofurthermitigatetherisk.
4.Theprocess
Step1
IDENTIFINGHAZARDS
NUHRiskAssessmentToolV2Dec2011
Page 3of12
At local level, there will be different people leading on different aspects of risk
management,e.g.,ClinicalGovernanceCoordinators,Health&Safetylinkpersons,
Directoratemanagers,riskassessors,infectioncontrollinkpersons,TrustSpecialist
Adviserstonameafew.
Itisnotintendedthattheseactivitiesaremergedintoasinglerole.Itismoreabout
people working together to integrate activityat alocal level andto work together in
theidentification,assessmentandmanagementofrisk.
Hazardidentificationcantakemanyformsincluding
ThroughthelocalreviewofIncident,ClaimsandComplaintsdata,
AsaresultofanHealth&Safetyaudit/inspection,
FollowingaPatientSafetyconversation,
InresponsetoanInternalAuditreport,
Inresponsetoanexternalreport/directive/Alert,
InresponsetoaDepartmentofHealthdirective,
TorespondtogapsidentifiedfromtheHealth&SafetyCompliancereview,
AccreditationStandardscompliance(CQC,NHSLAetc.)
To respond to Trust requirements such as CIPs, Essence of Care
Benchmarks,CQuins,HRincludingMandatoryTrainingperformance
Tomeetlegislativerequirements
Through review of service specific standards, service quality and service
delivery
InresponsetoadvicereceivedfromSpecialistAdvisers
Theabovelistisnotexhaustive.TheIntegratedGovernanceTeamcanhelpfacilitate
hazardidentificationsessionsifrequired.
Whenassessinganyserviceoractivity,youwillidentifyanumberofhazards.Youwill
need to decide if you are going to recordthese risks on asingleform or groupthe
issuesonmorethanoneform.Eitherwayisperfectlylegitimate.Whichevermethod
adoptedyouwillneedtoensurethattheactionplansaddressallcomponenthazards
andnotjustthehighestscoringone.Thehazardsidentifiedshouldberecordedinthe
Hazards, Controls and Assessment section on the Trust approved Generic Risk
AssessmentForm(seeAppendix2).Foreachhazardidentifiedyouwillalsoneedto
decidewhoorwhatcanbeharmed(andhow)anddocumentanycontrolsthatarein
place.Thenextstepwillbetodeterminetheconsequenceandlikelihoodscoresfor
eachi.e.therisk(seesteps2&3below).
Nootherriskassessmentformsarepermitted.
Step2
DETERMINETHECONSEQUENCE
Thetoolincorporates5consequencesfactorsagainstwhichahazardcouldimpact,
NUHRiskAssessmentToolV2Dec2011
Page 4of12
1.
2.
3.
4.
5.
Objectives/Financial,(AObjectives)
DegreeofHarm(toStaff,Patient,VisitororMemberofthePublic),(BHarm)
Claims&Complaints/PatientExperience,(CExperience)
ImpactonServices/BusinessInterruption/Projects,(DServiceDelivery)
AdversePublicity/Reputation/Inspection/Audit/EnforcementAction.(EExternal)
Appendix3,setsoutthe5consequencefactorsalongwithdescriptorsforeachthat
depictarangeofoutcomesfrom1to5.Foreachhazardidentified,youwillneedto
determine a consequence score for each of the factors, which will need to be
recorded on the form. You should look at the controls in place when deciding the
level.Ifanyofthefactorsdontapplytothehazardbeingassessedthenaddascore
of1intheappropriatecolumnontheGenericRiskAssessmentForm.
HelpfulProcessDefinitions
PrimaryObjective
TrustKeyTask
TemporaryNonCompliance
NonAchievement
ControlMeasures
NUHRiskAssessmentToolV2Dec2011
Page 5of12
Step3
DETERMINETHELIKELIHOOD
Onceyouhavedeterminedtheconsequence(foreachofthehazardsyouidentified),
you will need to determine the likelihood of the level of consequence you have
identified being realised. Remember its the likelihood of the consequence
occurring,nothowoftentheactivitytakesplace.
It is also important that any existing control measures are taken into account when
determiningthelikelihoodscore.Thederivedscoreshouldalsoevaluatewhether:
thecontroladequatelyaddressesthehazard
thecontrolmeasureisdocumentedandcommunicated
thecontrolmeasureisinoperationandappliedconsistently.
Onceyouhavedeterminedthescoreenterthescore(s)intheLikelihoodboxonthe
GenericRiskAssessmentForm.
TIP: The worstcase scenariodoesntalwaysyieldthehighestrisk.Youcanhavea
catastrophic consequence such as a death (consequence = 5) which due to the
controlsinplacesgivesalikelihoodof1andthereforeariskscoreof5.Butthesame
hazardmaycauselesssevereharm(consequence=3)eachmonth(likelihood=4)
givingariskscoreof12.
Step4
ASSESSTHERISKS
The risk score is determined by multiplying the consequence and likelihood scores
youhaverecordedforeachhazard.
Ithasbeenrecognisedthatbyusinga5by5tooltherewillbelimitedstratificationof
risks within thepossiblescorebandings.(i.e. thepossiblescores(CxL) thatcanbe
achievedare1,2,3,4,5,6,8,9,10,12,15,16,20and25).Toaidprioritisationof
risks particularly within the higher scoring bandings (15, 16, 20 and 25) a second
scoreisdeterminedbyaddingtogetherthe5individualconsequencescorestogivea
uniquescoreforeachrisk.
This Priority Indicator Score will then be used to help stratify the risks recorded
against agivenscoring banding.The PI Scorefor eachrisk should be recordedon
theGenericRiskAssessmentForm.
NUHRiskAssessmentToolV2Dec2011
Page 6of12
Step5
MANAGETHERISK
BycomparingtheRiskScore(RiskRating)obtainedwiththetablebelow,youwillbe
ableto determine whether therisk you haveassessedisunacceptable,tolerable
oracceptable.Thetablealsoprescribeswheretheriskneedstobecommunicated
andthemanagementactionrequired.
Table1LevelsofRisk,ReportingandAccountability
RiskRating
Significant
(2025)
Unacceptable
High
(1519)
Unacceptable
AppropriateSub
Committeeofthe
QualityOperational
Group
Moderate
(1014)
Unacceptable
Directorate
Low
Specialty/Directorate
(49) Tolerable,
manageable
VeryLow
Specialty/Directorate
(13)Acceptable
ManagementActionsRequired
If any actions / controls are required to further mitigate the risk these should be
recordedintheActionPlanning&Monitoringsectionoftheformalongwithnamed
personsresponsibleforundertakingtheactionandthetimescaleforcompletion.The
responsibility for ensuring that any actions identified are taken forward will be
dependantupon theriskscore.Forexampleariskscoring8(fromthetableabove)
wouldbereported/managedbytheSpecialty/Departmentwhereasariskscoring
12wouldbereported/managedbytheDirectorate.
NUHRiskAssessmentToolV2Dec2011
Page 7of12
Step6
IFRISKCANTORSHOULDNTBEMANAGEDLOCALLY
Wherepossible,risksshouldbemanagedatthelowestpracticallevel.
However where this is not possible (e.g. due to the resources required) the risk
should be escalated to the next level. i.e. if a Department cant manage a risk it
should pass to the Directorate / Corporate Function. If the Directorate / Corporate
FunctionitshouldbepassedtotheORC.
Itisalsoacknowledgedthatcertainrisksshouldntbemanagedlocally,i.e.wherethe
issue impacts across the Trust. In these instances it is appropriate to escalate the
risksothataTrustwideresponsecanbeactionedandimplemented.Akeypartof
the process within the Organisational Risk Committeewill be to agree theroute for
handling those issues that cant or shouldnt be handled at Directorate level. The
OrganisationalRisk Committeewilloverseetheserisksandensurethatappropriate
committees/groupsaretakingaction.
Risks may have to be accepted or, in the case of significant risks, shared with the
commissioners of services, members of the health care community and other
stakeholders.
If you are unsure what to do please seek advice from a member of the
Directorate Team or the Integrated Governance Team who will advise you on
actiontobetaken.
Step7
UPDATETHERISKREGISTER
All risks identified, along with the risk score, controls and actions, need to be
recorded on the DATIX Risk Management System in order to form the Trusts Risk
Register. Each Directorate and Corporate Function has a named lead who will be
able to assist with this process. All relevant information to support the risk
assessmentshouldbeimportedintotherecord.StaffaddingriskstoDATIXwillneed
to access the training provided. Data can be copied and pasted from the Generic
RiskAssessmentFormintotheDATIX riskentry.
Allrisksscoring20ormorewillbeaddedtotheTrustsSignificantRiskRegisterand
BoardAssuranceFramework.Thiswillhelptofacilitatethemanagementofrisks,the
identification of trends and significant risks, as well as the monitoring of risk
management.
AllriskregistersneedtobeformallyreviewedatleastquarterlyatTrust,Directorate,
Speciality and Departmental Governance Forums. At each review the risk register
needstobeupdatedtoreflectprogressonactionsandtoreviewriskscores.
NUHRiskAssessmentToolV2Dec2011
Page 8of12
Appendix1
HAZARDIDENTIFICATION,RISKASSESSMENTANDMANAGEMENT
PROCEDUREFLOWCHART
Directoratesand
Departments
supportedwhere
appropriate,bythe
Integrated
GovernanceTeam
STEP1Recordthedetailsoftheactivity
beingassessedontheGenericRisk
AssessmentForm.Usethetoolsand
techniquesavailabletoidentifyandrecord
thekeyhazardtotheactivity,processortask
beingassessed.
STEP2Foreachhazardidentified
determinetheConsequences
RefertoGovernance
Checklists,Policiesand
Guidancetoidentifyrisks.
(Checkliststoincorporate
legislation,external
accreditationstandards,
bestpractice,etc.)
Incident,Claimsand
Complaintsdata
SeeGenericRisk
AssessmentForm
STEP3Determinethecorresponding
Likelihood(forthehighestscoring
Consequence)
STEP4DeterminetheRiskRatingand
PriorityIndicatorscore
AddtoDirectorate,Specialty,Department
GovernanceActionPlan
PerformanceManagedby
Directorate
STEP5Managetherisk
STEP6Issuesthatcant/shouldntbe
managedbytheSpecialty/Department,OR
cantbeaccepted,astheyscore10ormore
AddtoDirectorateGovernanceActionPlan
Managetherisk
PerformanceManagedby
OrganisationalRisk
Committee
STEP6Issuesthatcant/shouldntbe
managedbyDirectorateORcantbe
accepted,astheyscore15ormore
STEP7
UpdateRisk
Register
FilteredbyOrganisationalRiskCommittee
andreferredtorelevant
Committee/group/individualforaction,e.g.,
toClinicalRiskCommitteetobeaddedto
TrustGovernanceActionPlan
PerformanceManagedby
the QualityOperation
GrouporrelevantTrust
BoardCommittee
STEP6IssuesthatcantbemanagedOR
cantbeaccepted,astheyscore20ormore
Anyrisksscoring
20ormore
NUHRiskAssessmentToolV2Dec2011
RaiseattheBoard
Page 9of12
Appendix2
GENERICRISKASSESSMENT
FORM
AssessmentNo.
Campus:
Directorate:
Speciality/Department:
Location:
Assessor:
JobTitle:
Date:
Descriptionofactivity
Supportinginformation(forexample,caseofneed,explanationofactivity)
1
2
3
4
5
10
RiskScore
(HighestScore AE
xLikelihood)
Likelihood
EExternal
DServiceDelivery
Controlsinplace
CExperience
HazardIdentified
BHarm
No.
AObjectives
Hazards,ControlsandRiskAssessment
Priority
Indicator
Score
(A+B+C+
D+E)
Doesthe
control
adequately
addressthe
risk?
Yes/No
Isthecontrol
Isthecontrol
measure
Measurein
documentedand operationand
communicated?
applied
Yes/No
consistently?
Yes/No
Summaryofactiontakentodate
ActionPlanningandmonitoring(dependantuponscore)
HazardRef
No.
Actionrequired
Cost()
(Ifknown)
OfficialUseOnly
ApprovalGroup
AddedtotheRiskRegisterY/N
ByWhom
DueDate
ReviewDate
DateScoreApproved
Dateaddedtothe
Register
11
Revised
RiskScore
ConsequenceandLikelihoodMatrixAppendix3
1
Minor
2
Moderate
Objectives*/
Financial
DegreeofHarm(to
Staff,Patients,
VisitorsorMembers
ofthePublic)
Claims&Complaints/
PatientExperience/
Outcomes
ImpactonService
Delivery/Business
Interruption/
Projects
AdversePublicity/Reputation/
Inspection/Audit/Enforcement
Action
MinorimpactonTrust
objective.
AND/OR
Barelynoticeablereduction
inscopeorquality
AND/ORSmallloss.
Minorinjurynotrequiring
firstaidornoapparent
injury/adverseoutcome,
NearMiss.
VerballocallyresolvedComplaint.
Reducedqualityofpatient
experiencenotdirectlyrelatedto
thedeliveryofpatientcare Small
claims(upto25,000)
Negligibleimpact,brief
loss/interruption>1
hourofservice.
Insignificantcost
increase /schedule
slippage.<1%)
Localinterest,rumourswithinTrust.Littleeffect
uponstaffmorale.
Smallnumberofminorrecommendations,which
focusonminorqualityimprovementissues.
MinornoncompliancewithCQC
Notexpectedtooccurfor
years
Probability<1%
Temporarynoncompliance
withTrustKeyTasks*
AND/OR
Minorreductioninquality/
scope
AND/OR
Loss>0.1%ofTrust
budget
Temporary MinorInjury/
Illness/Effect.Firstaid
treatmentneeded,referral
toA&E/OH/GP
JustifiedformalCompliant.
Unsatisfactorypatientexperience
directlyrelatedtopatientcare
readilyresolvable
Localonly.Someloss/
interruptiondelaysin
serviceprovision(>8
hours)
<5%overbudget/
scheduleslippage.
Localadversepublicity,localmediacoverage,
adversepublicityfor<3days.Minoreffecton
staffmorale/publicattitudes.
Internalinquiryreportedtolocalcommittee
structure.Recommendationsmadewhichcan
beaddressedbylowlevelmanagementaction.
NoncompliancewiththeDevelopmental
requirementsofthe CQC
Expectedtooccur
annuallyintheUKor15
yearsintheTrust
Probability15%
Theeventmayonlyoccur
inexceptional
circumstances
Temporarynoncompliance
withTrustPrimary
Objective*
AND/OR
Reductioninscopeor
quality.
AND/OR
Loss>0.25%ofTrust
budget
SemipermanentInjury,
Over3dayreportable
injury.RIDDOR/Agency
reportable
Independentreview.
Mismanagementofpatientcare,
shorttermeffects(<1week)
Justifiedcomplaintinvolvinglack
ofappropriatecare.Significant
claim(upto250,000)
CriticalServiceloss/
interruption,minordelays
>1day.
510%overbudget/
scheduleslippage.
Localmediacoverage,adversepublicityfor>3
days.Significanteffectonstaffmorale/public
perceptionoforganisation.
Internalinquiryreportedtoexternalagency.
Challengingrecommendationsthatcanbe
addressedwithappropriateactionplan.
Reducedrating.
Noncompliancewithcorerequirementsofthe
CQC
Expectedtooccurat
leastannually
Probability620%
Theeventmayoccurat
sometime
NonachievementofTrusts
KeyTasks*
AND/OR
Loss>0.5%ofTrust
budget
Majorinjuries,orlong
termincapacity/
disability,MajorSpecified
Injury(RIDDOR)
OngoingNationalpublicity.
Regionalinquiry.Ombudsman.
Seriousmismanagementof
patientcare,longtermeffects
(>1week)
Multiplejustifiedcomplaints.
Multipleclaimsorsinglemajor
claim(over250,000).
CriticalServiceloss,
majorreductioninservice
>1week
1025%overbudget/
scheduleslippage.
Nationalmediacoverage,adversepublicityfor<
3days.Regionalinquiry.Severeeffectonstaff
morale,publicconfidenceinorganisation
undermined.
Enforcementaction
Lowrating/Criticalreport
Majornoncompliancewithcorerequirementsof
the CQC
Expectedtooccur
monthly
Probability2150%
Theeventwilloccurat
sometime
NonachievementofTrust
PrimaryObjective(s)*
AND/OR
Loss>1%ofTrustbudget
Deathormajor
permanentincapacity
FullNationalInquiry.Select
Committee.PublicAccounts
Committee.Totallyunsatisfactory
patientoutcomeorexperience
TotallossofCritical
Serviceorfacility.
>25%overbudget/
scheduleslippage.
National/internationalmediacoveragewith
adversepublicityfor>3days.Lossofkeystaff.
Publicinquiry/MPConcernsraisedin
Parliament.Courtenforcement.
Noncompliancewithlegalrequirement,which
mayresultinProsecution,Zerorating.
Severelycriticalreport
Expectedtooccurat
leastweekly
Probability>50%
Theeventisexpectedto
occurinmost
circumstances
Likelihood
3
Serious
4
Major
5
Catastrophic
*FORCURRENTYEAROBJECTIVESPLEASEREFERTOTHETRUSTANNUALPLAN.
12