Document

Download Report

Transcript Document 

Risk Management
APRIL - 2007
Supporting the Health & Personal Social Services in Northern Ireland
Supporting the Health & Personal Social Services in Northern Ireland
Definitions of Risk Management
“…anything that could stop the organisation achieving its
business objectives.”
“The chance of something happening that will have an impact
upon objectives. It is measured in terms of likelihood and
impact.”
(AS/NZS 4360:1999)
Supporting the Health & Personal Social Services in Northern Ireland
Some Terminology
Hazard - Confidential report
being left in member of staff’s
car
Incident – Car
broken into and
report taken
Risk - Report falls
into wrong hands
and confidentiality is
breached
Near Miss – Car
broken into but
report not taken
Supporting the Health & Personal Social Services in Northern Ireland
An Example
A trailing PC cable lying across the floor is a hazard.
The risk is that someone trips over it.
If the cable is noticed and cleared by a member of staff, it was
a near miss
If someone trips up and injures themselves before it is cleared
away, this is an incident
Supporting the Health & Personal Social Services in Northern Ireland
Why Manage Risks?
Some Risk Control Failures:
•Barings Bank
•Zeebrugge Ferry
•Enron
•Hoover – New York
•Harold Shipman
•Organ Retention Inquiry
•Bristol Royal Infirmary
Supporting the Health & Personal Social Services in Northern Ireland
Uncertainty
RReports that say that something hasn’t happened are always
interesting to me, because, as we know, there are known
knowns; there are things we know we know.
WWe also know there are known unknowns; that is to say we
know there are some things we do not know.
BBut There are also unknown unknowns –the ones we don’t
know we don’t know”
DDonald Rumsfeld
UUS Defence Secretary (5 December 2003)
Supporting the Health & Personal Social Services in Northern Ireland
Why is Risk Management
an Issue in the NHS?
•10.8% patients experienced an adverse event.
Of these
• 49% judged preventable
• 34% developed injury or complication with moderate impairment
• 6% permanent impairment
• Contributed to death 8%
(June 2003)
•28,000 written complaints
•£400m per year settlement plus £2.4m liability (clinical negligence only)
•Hospital-acquired infections - £1billion annually.
(February 2005)
Supporting the Health & Personal Social Services in Northern Ireland
Why is Risk Management
an Issue in the US?
•98,000 deaths per year due to “medical error”
•40% outpatient prescriptions deemed “unnecessary”
•777,000 injuries or deaths caused by “adverse drug events”
(2004)
Supporting the Health & Personal Social Services in Northern Ireland
Cost of Work Related Accidents
•£173 million!
•135,172 accidents involving NHS staff at work
•Only 42% of accidents that are supposed to be
reported under the law are reported.
–Work related sickness/absence
–Permanent injury benefits
–Ill health retirements
–Out of court payments
(October 2003)
Supporting the Health & Personal Social Services in Northern Ireland
Consider the Risk Types
•Reputation
•Financial
•Legal
•Technical
•Environmental
•Political
•Others?
Supporting the Health & Personal Social Services in Northern Ireland
Examples
•Economic problems.
•Obsolescence of technology.
•Fraud.
•Poor accounting systems.
•H&S.
•Professional.
•Environmental.
•Ineffective management.
•Staff turnover/Skills shortage.
•Poor service levels/Poor quality.
•IT Systems fail to cope.
Supporting the Health & Personal Social Services in Northern Ireland
Benefits of Good Risk Management
•Links between Risk Management and business objectives.
•Fewer sudden shocks.
•Competitive advantage.
•Strategy-setting basis.
•Assists with change management.
•Reduction in the need for “fire-fighting.”
•Minimise damage and loss.
Why would you not want to the above things?
Supporting the Health & Personal Social Services in Northern Ireland
How Identify Risks?
•Round table discussions.
•Workshops.
•Questionnaires.
•Audits.
•SWOT analysis.
•Stakeholder analysis.
•Complaints.
•Sickness absence / staffing levels.
•New legislation and policy.
•Controls Assurance Standards.
Supporting the Health & Personal Social Services in Northern Ireland
NIPEC’s - Risk Management Structure
COUNCIL
Audit Committee
Internal Business
Meeting
Head of Corporate
Services
Health & Safety
Group
Risk Owners
•Risk Management Strategy & Action Plan 2007/08
Risk Action Plan
During 2007/08, the Head of Corporate Services will take forward the following
actions:
•Action 1: Review this Strategy;
•Action 2: Arrange regular meetings of the Internal Business Meeting
to review the Risk Register, progress risk issues, discuss
new risks that have been identified, promote awareness of
Risk Management and any other relevant matters;
•Action 3: Monitor and update the Risk Register
•Action 4: Liaise with staff to monitor risk treatment work;
•Risk Management Strategy & Action Plan 2007/08
Risk Action Plan (ctd)
Action 5: Continue the work towards compliance with the applicable
Controls Assurance Standards. (Where “gaps” are
identified, an appropriate Action Plan will be developed,
implemented and progress monitored);
Action 6: Make available awareness sessions to staff throughout
NIPEC in order to enhance staff understanding of Risk
Management activities and requirements;
Action 7: Review any Risk-related policies
Action 8: Undertake a review of this Strategy by the end of March
2007 and produce an Action Plan for 2007/08.
Timetable for Implementation
•January 2007 - February 2007 Review the Risk Management Strategy
• May 2007
Awareness sessions to staff throughout
NIPEC
•January 2007 – March 2008
Arrange regular meetings of the Internal
Business Meeting.
•January 2007 – March 2008
Liaise with staff to monitor risk
treatment work.
•January 2007 – March 2008
Continue the work towards compliance
with the applicable Controls
Assurance
Standards
•March 2008
Formal review of the Risk Register.
NIPEC’s Risk Registers
HIGH Level Risk Register
LOW Level Risk Register
NIPEC’s HIGH Level Risk Register
Major Organisational Areas identified as per the
Business Plan .
(a) Risks evaluated and scored using the (5x5) risk
matrix based on possible likelihood and impact
(b)
An example - the Register for 2007/08
NIPEC Risk Register
LEVEL OF RISK
Risk Quantification Matrix
IMPACT
5 - Catastrophic
4 – Major
High
High
High
High
Extreme
High
Extreme
High
Medium
Extreme
Medium
Medium
2 – Minor
Low
Low
1 – Insignificant
Low
Low
Low
Low
A
Rare
B
Unlikely
C
Possible
D
Likely
3 - Moderate
Low
Medium
Medium
Likelihood
Extreme
High
Medium
Medium
E
Almost
Certain
An example from NIPEC’s High Level Risk Register 2007/08.
Risk
Risk Assessment (Mitigated by Current Controls)
5. Council’s operations not in full compliance with the principles of
Corporate Governance.
Impact
3
Source
Financial/Accountability
Likelihood
A
Level of Risk
MEDIUM
Risk Owner
Paddie Blaney
Risk Managed?
Fully

Partially
Specific Objectives Impacted by the Risk
Business Implications if the Risk Occurs





NIPEC’s Corporate Strategy (2005 to 2008) achievements met and
Business Plan (2007/2008) objectives.
Not Managed
Failure to Comply with Statutory Duty.
Breakdown in Probity / Governance.
Damage to Council’s Reputation.
Poor Professional / Public Image.
Potential Root Causes of the Risk
How the Risk / Root Cause is Currently Managed

Failure to update and operationalise Standing Financial Orders and
Financial Management Documents as appropriate;


Failure to review, where required, comprehensive internal policies and
procedures;

Failure to maintain a NIPEC Equality Scheme, and Freedom of
information Scheme;

Failure to maintain adherence with the DHSS&PS control assurance
standards;







Failure to achieve strategic HPSS standing and influence.


Additional Actions to Manage the Risk / Root Cause
Criticality
Standing Financial Orders, Management Statement and
Financial Memorandum in place;
Monitoring, Up-dating and Reviewing of Corporate Strategy &
annual Business Plans carried out by Chair, Chief Executive
and Council members including Senior Team on a regular
basis;
Equality Scheme approved by EC and actively applied;
FOI Publication Scheme approved and implemented;
SLA for Risk Management in place and both High level & Low
level risk registers in place;
Financial management control systems in place;
Control Assurance files of Evidence maintained and updated
for designated areas;
Addressing issues which may arise from Control Assurances
Statements;
Quarterly Council and Audit committee meetings.
Responsibility
Est Date
Level of Risk (when treated)
NIPEC’s Low Level Risk Register
(a) This Register contains 3 main areas [ Corporate Register,
Functional Register, Professional Areas].
This is further broken down into 15 areas which are
subsequently divided down into 82 sub areas.
Again the above is based on the (5x5) risk matrix.
(b)
Example - the Register for 2006/07
An example from NIPEC’s Low Level Risk Register 2007/08.
SUPPLIES
6.1
Failure to ensure that the Council is adequately
supplied
A
2
Low
Adequate
Edmund Thom
HEALTH AND SAFETY
7.1
Failure to ensure that all staff, customers and the
public (where relevant) are made aware of the
Council’s health and safety policy and procedures
B
3
Medium
Adequate
Edmund Thom
7.2
Personal injury to employee or visitors
A
3
Medium
Adequate
Edmund Thom
7.3
Workplace violence against staff
A
3
Medium
Adequate
Edmund Thom
7.4
General damage to buildings/ equipment of the
organisation
A
2
Low
Adequate
Edmund Thom
7.5
Increased possibility of accidents due to
inadequate processing of requests for work/repairs
A
2
Low
Adequate
Edmund Thom
7.6
Adverse incidents affecting any part of the
organisation are not addressed in line with
procedures
A
3
Medium
Adequate
Edmund Thom
7.7
Failure to meet statutory duty to obey Fire Code
A
3
Medium
Adequate
Edmund Thom
This presentation will be
available for download at
http://www.nipec.n-i.nhs.uk/presentations