Recommendations: Project management

5.3.1 Project management approach and rigour

An organisational approach to deciding firstly when to identify the need for project management and then the terms of reference, leadership, management and monitoring arrangements should be implemented.

5.3.2 Escalation process and trigger points

In conjunction with 5.2.4. above, the Director and / or sponsor for any project should ensure that there are explicit routes for escalation and that escalated issues are recorded in action logs and project risk registers, in line with good project management practice.

5.3.3 Identify routine audit trail

In relation to CRB status for new staff (and existing staff once an interval for rechecks is agreed and implemented), one main tracking report should be devised, intervals for issue set and the corporate and Divisional reporting routes agreed.

There are currently several reporting mechanisms available to systems staff in HR which draw from and feed into, variously, the Atlantic CRB system; the ESR system; the MAPS system, Finance systems and the recruitment tracker. This situation will be further complicated on merger, where Whipps Cross and Newham may be using other systems.

There is a current Project status report which clearly shows numbers outstanding etc but there needs to be a clear source of data or audit trail appended.

5.3.4 CRB systems issues

The resource requirement to maintain data validation reporting and to improve the efficiency of the CRB data processing systems should be identified and discussed at senior level. This should involve systems support staff and include allowance for routine

reconciliation between ESR and Finance, and data quality checking between ESR and Divisions.

There is potential to automate some of the systems updating which is now undertaken manually – a cost benefits analysis of this work in context of other IT priorities may be helpful. The benefits of automating these processes will accrue to the recruitment process and HR function generally, rather than solely affecting the CRB process.

5.4 Recommendations: Policy / task definition

5.4.1 Policy style

Trust policy with regard to the formulation, ratification, review and style of policy should be reviewed to ensure that a) this policy is audited for compliance and b) there is clarity about what level of detail is involved in types of policy, procedure and / or guidelines

It was unclear to the investigator and to many staff as to which policies were current or draft. Some important processes which failed were either not described by any written policy or guideline, or described by inadequate, vague guidance with little or no mention of follow up actions or audit mechanisms.

5.4.2 CRB and Pre and Post-Employment policy

While the June 2011 CRB policy is currently in place, the Trust has identified that it is not comprehensive enough. Consequently, a new sample draft CRB policy has been issued (March 2012). This needs to be urgently reviewed, amended and implemented, taking the following issues into account (this list is not exhaustive and does not imply that the draft policy has excluded any of these issues):

• Organisational attitude to CRB – statement of priority and purpose

• Clear guidance on how decisions are made regarding staff with convictions being allowed to work within the Trust

• Establishing leadership responsibility for compliance with CRB Code of Practice

• Which roles can be counter-signatories

• Definition of counter-signatory and other roles involved in the process

• Recheck policy

• Response to new guidance on portability of CRBs across London

• Explicit criteria for deciding staff groups should be checked at which level or for whom no check is required

• Method by which these criteria should be applied and requirement that this is recorded in job descriptions and / or on HR systems so automatic pull through of CRB requirement is facilitated

• The Risk Assessment process to be applied in relation to staff working supervised before CRB checks are completed

• Arrangements for honorary contractors, other service providers, volunteer and agency and bank staff

• Arrangements and monitoring arrangements for retention and disposal of confidential information

• How and where this policy is reviewed, audited and assured

5.4.3 Training and support

Formalised training and awareness raising information or programmes should be devised for Divisional staff, Divisional HR staff, Corporate HR and Recruitment team staff, according to their level of involvement. This should include as a minimum for all staff the importance of and legal background to protection of vulnerable patients, staff and the organisation itself. Consideration to providing specialty-specific awareness-raising (eg risk to elderly vulnerable people in accident and emergency, the community etc ) should also be given.

5.4.4. Reconcile policies

An initiative to ensure that the policies referred to in 5.4.2 and 5.4.5 are formally adopted and consistently applied across all Trust Divisions and departments (notably alignment with Community Health Services) and service providers should be undertaken.

5.4.5 Operational policies in support of recruitment checks – critical activities

Detailed procedural guidance is needed for recruitment staff and for Divisional staff in support of employment checks. In particular, this must cover the recording of information and the actions required for a) new starters b) staff changing role or department or leaving and c) receipt of disclosure information from the CRB. This should clarify whether tasks are completed locally, by Recruitment staff, by workforce systems or by information systems staff. It should set out detailed procedure, including responsibilities, timescales and audit arrangements.

Failure to update ESR (at all or accurately) is a significant reason for the problems with the project. While the Trust can be confident that this has been improved greatly and that there is currently a case by case check on anomalies, this level of assurance can only be given if staff are clear on their roles , responsibilities and the nature of the task.

5.5 Recommendations: Human Resources leadership and culture

5.5.1 Internal governance, policy and risk management

The Trust Executive Director for Human Resources should revise the process for internal governance, including the process for holding staff to account, expectations of performance

and, essentially, the risk identification, assessment and monitoring process, via the risk register, to ensure that it is explicit and fit for purpose.

While there are now clear flowcharts describing the tasks involved in CRB processes going forward, these tend to exclude explicit designation of responsibilities, timescales and means of audit. This recommendation should be considered in tandem with 5.4.1. and 5.4.2 above.

5.5.2 Role of the Recruitment teams

There should be a single individual designated with responsibility to check that principles and practice between the three recruitment teams is aligned and consistent. In particular the implications of medical staffing being under separate HR supervision from the other two teams should be reviewed to ensure that safe practice is not compromised: the potential for medical locums to be engaged outside of the prescribed policy must be either addressed or escalated.

5.5.3 Build external relationships with Divisions

HR staff at both senior and more junior grades should be more visible within Divisions.

Time to develop relationships with HR and other colleagues should be built into all HR roles.

The potential for shadowing or secondment to different HR roles across the Trust should be explored.

Distrust and disengagement is easier to sustain when an “us and them” culture prevails and when corporate functions are seen as aloof or faceless. The effectiveness of recruitment and other HR processes depend on co-operative working between operational and line management staff in Divisional and all grades of corporate HR staff. The recent inclusion of a goal to excel at serving Divisions within HR job descriptions will be helpful in this context.

5.5.4 Build competence and confidence

A more rigorous approach to the knowledge and skills required for and expectation of roles within HR should be taken, with plans agreed for building competence as necessary.

There were several reports by interviewees that they felt that some HR staff were working beyond their competence during the course of the project

5.5.5 Organisational resilience

HR needs to devise a plan to ensure organisational resilience in the context of CRB ie how will the management of disclosures, the updating of ESR and the quality of data be audited on a regular basis going forward.

The status of CRB checks at the time of writing appears to be good and there is a much improved clarity amongst HR and Divisional managers about a) what is outstanding and b) which staff are employed where. However, rigour around managing returned disclosures, ESR updating and data quality checking is still being supervised by the Project Manager, with the support of workforce and systems specialists in HR.

5.5.6 Email etiquette

The HR department should consider establishing some rules around use of email (there may be rules in place in the Trust – this was not part of the project scope), to ensure that

important concerns are not dealt with by email alone and that multiple copies to a range of recipients do not dilute the importance of any message. They also need to reinforce the requirements of confidentiality and data protection.

Much of the evidence forthcoming for this review was in the form of email trails. While this was invaluable as evidence, it does indicate that many significant issues became lost in a string of correspondence to multiple recipients, while the original sender believed, erroneously, that the issue was dealt with. This may very well be a wider organisational problem and a symptom of organisational culture beyond the department.

5.5.7 Celebrate success

There should be recognition of the efforts of staff in arriving at a successful result in terms of CRB compliance.

While it may seem perverse to reward or praise staff at the end of a project which had patently failed from its inception and throughout 2011, numerous staff across HR and in Divisions had taken this issue very seriously and sought to raise and address issues of concern. The systems Project management since November 2011 in particular has been rigorous and painstaking.

Appendix 1 Recommendations and current actions or plans

Recommendation Detail Responsibility for Action

Organisational governance and assurance processes 5.2.1 Identify priorities on basis

of safety as well as compliance and cost

The Senior Executive team should review its approach to identifying how issues are defined eg as “business” or “operational” and how these are subsequently risk assessed, monitored and reported.

COO

5.2.2 Decision-making support to organisation

Where there is a degree of leeway for managerial decision-making, as was the case in applying exclusion or supervision rules to staff under CRB check process, staff must be supported by the Trust senior team when they have applied their own judgement.

COO, CN,MD,

5.2.3 Clarity about mandatory requirements for all staff groups and providers

The Trust Board should scrutinise Trust policy to ensure that, where a procedure is mandated for all staff groups and other providers, there are adequate systems, audit and sanctions, to measure and ensure compliance.

D of HR

5.2.4 Strengthen risk management and the escalation and assurance process

The use of the corporate and departmental risk register should be reviewed to ensure that issues which are of particular risk to the Trust are registered, that they are discussed in a meaningful way through the assurance process and that gaps in assurance are regularly reviewed and addressed. The emphasis should be on reward for identification of any risk threatening priorities, rather than on blame for admitting mistakes or potential failure.

COO , CN

5.2. 5 Formalise meetings and action logs

The existing OMG and TME , or whichever groups now fulfil similar

functions, should clarify their terms of reference with regard to monitoring and actioning agenda items and ensure adequate minuting of actions,

D of CA

reviewing these at each meeting.

5.2.6 Invest in CRB programme maintenance

The requirements in terms of staffing and IT systems to maintain good controls on CRB check information going forward should be identified and a decision made on fulfilment (see 4.3.4. below).

CEO,D of F

Project management

5.3.1 Project management approach and rigour

An organisational approach to deciding firstly when to identify the need for project management and then the terms of reference, leadership,

management and monitoring arrangements should be implemented.

Deputy CEO

5.3.2 Escalation process and trigger points

In conjunction with 5.2.4. above, the Director and / or sponsor for any project should ensure that there are explicit routes for escalation and that escalated issues are recorded in action logs and project risk registers, in line with good project management practice.

Deputy CEO

5.3.3 Identify routine audit trail In relation to CRB status for new staff (and existing staff once an interval for rechecks is agreed and implemented), one main tracking report should be devised, intervals for issue set and the corporate and Divisional reporting routes agreed.

D of HR

5.3.4 CRB systems issues The resource requirement to maintain data validation reporting and to improve the efficiency of the CRB data processing systems should be

identified and discussed at senior level. This should involve systems support staff and include allowance for routine reconciliation between ESR and Finance, and data quality checking between ESR and Divisions.

D of HR

Policy / task definition

5.4.1 Policy style Trust policy with regard to the formulation, ratification, review and style of policy should be reviewed to ensure that a) this policy is audited for compliance and b) there is clarity about what level of detail is involved in types of policy, procedure and / or guidelines

D of CA

5.4.2 CRB and Pre and

Post-Employment policy

While the June 2011 CRB policy is currently in place, the Trust has identified that it is not comprehensive enough. Consequently, a new sample draft CRB policy has been issued (March 2012). This needs to be urgently reviewed, amended and implemented, taking the following issues into account (this list is not exhaustive and does not imply that the draft policy has excluded any of these issues):

• Organisational attitude to CRB – statement of priority and purpose

• Clear guidance on how decisions are made regarding staff with convictions being allowed to work within the Trust

• Establishing leadership responsibility for compliance with CRB Code of Practice

• Which roles can be counter-signatories

• Definition of counter-signatory and other roles involved in the process

• Recheck policy

• Response to new guidance on portability of CRBs across London

• Explicit criteria for deciding staff groups should be checked at which level or for whom no check is required

• Method by which these criteria should be applied and requirement that this is recorded in job descriptions and / or on HR systems so automatic pull through of CRB requirement is facilitated

• The Risk Assessment process to be applied in relation to staff working supervised before CRB checks are completed

• Arrangements for honorary contractors, other service providers, volunteer and agency and bank staff

• Arrangements and monitoring arrangements for retention and disposal of confidential information

• How and where this policy is reviewed, audited and assured

D of HR

5.4.3 Training and support Formalised training and awareness raising information or programmes Deputy CN to review, plus COO, D of

should be devised for Divisional staff, Divisional HR staff, Corporate HR and Recruitment team staff, according to their level of involvement. This should include as a minimum for all staff the importance of and legal background to protection of vulnerable patients, staff and the organisation itself.

Consideration to providing specialty-specific awareness-raising (eg risk to elderly vulnerable people in accident and emergency, the community etc ) should also be given.

HR

5.4.4 Reconcile policies An initiative to ensure that the policies referred to in 5.4.2 and 5.4.5 are formally adopted and consistently applied across all Trust Divisions and departments (notably alignment with Community Health Services) and service providers should be undertaken.

D of HR

5.4.5 Operational policies in support of recruitment checks – critical activities

Detailed procedural guidance is needed for recruitment staff and for Divisional staff in support of employment checks. In particular, this must cover the recording of information and the actions required for a) new starters b) staff changing role or department or leaving and c) receipt of disclosure information from the CRB. This should clarify whether tasks are completed locally, by Recruitment staff, by workforce systems or by information systems staff. It should set out detailed procedure, including responsibilities, timescales and audit arrangements.

D of HR

Human Resources leadership and culture 5.5.1 Internal governance, policy

and risk management

The Trust Executive Director for Human Resources should revise the process for internal governance, including the process for holding staff to account, expectations of performance and, essentially, the risk identification, assessment and monitoring process, via the risk register, to ensure that it is explicit and fit for purpose.

D of HR

5.5.2 Role of the Recruitment teams

There should be a single individual designated with responsibility to check that principles and practice between the three recruitment teams is aligned and consistent. In particular the implications of medical staffing being under separate HR supervision from the other two teams should be reviewed to

D of HR

ensure that safe practice is not compromised: the potential for medical locums to be engaged outside of the prescribed policy must be either addressed or escalated.

5.5.3 Build external relationships with Divisions

HR staff at both senior and more junior grades should be more visible within Divisions. Time to develop relationships with HR and other colleagues should be built into all HR roles. The potential for shadowing or secondment to different HR roles across the Trust should be explored.

D of HR

5.5.4 Build competence and confidence

A more rigorous approach to the knowledge and skills required for and expectation of roles within HR should be taken, with plans agreed for building competence as necessary.

D of HR

5.5.5 Organisational resilience

HR needs to devise a plan to ensure organisational resilience in the context of CRB ie how will the management of disclosures, the updating of ESR and the quality of data be audited on a regular basis going forward.

D of HR

5.5.6 Email etiquette The HR department should consider establishing some rules around use of email (there may be rules in place in the Trust – this was not part of the project scope), to ensure that important concerns are not dealt with by email alone and that multiple copies to a range of recipients do not dilute the importance of any message. They also need to reinforce the

requirements of confidentiality and data protection.

D of Informatics, D of HR, Deputy CEO

5.5.7 Celebrate success There should be recognition of the efforts of staff in arriving at a successful result in terms of CRB compliance.

D of OD, D of Communication.

COO - Chief Operating Officer CN – Chief Nurse MD – Medical Director Dir of HR – Director of Human Resources Dir of CA – Director of Corporate Affairs CEO – Chief Executive Officer Dir of F – Director of Finance Dir of OD – Director of Organisational Development

Appendix 2 Documents reviewed

Source ref Document Doc date

D1 CRB Disclosures Policy June 2011

D1 CRB Disclosures Policy June 2011

In document 7 December Dear Mr Clover. Request for information (Page 33-44)