• No results found

Risk Management Policy and Process Guide

N/A
N/A
Protected

Academic year: 2021

Share "Risk Management Policy and Process Guide"

Copied!
22
0
0

Loading.... (view fulltext now)

Full text

(1)

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0

Status: pending Next review date: December 2015 Page 1

Risk Management Policy

and Process Guide

(2)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0

Status: pending Next review date: December 2015 Page 2

Information Reader Box

Directorate

Medical

Nursing

Patients & Information

Finance

Transformation and Corporate Operations

Commissioning Operations (including regions and sub-regions)

Commissioning Strategy

Publications Gateway Reference POL_1002

Document Purpose Policy and Process

Document Name Risk Management Policy and Process Guide

Publication Date January 2015

Target Audience All NHS England staff

Additional Circulation List n/a

Description Policy and high level processes for risk management

Superseded Document n/a

Action Required To note and apply

Timing/Deadlines n/a

For further information Corporate programme management office E-mail: england.pmo@nhs.net

(3)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0

Status: pending Next review date: December 2015 Page 3

Risk Management

Policy and Process Guide

Version number: 1.0

First published: January 2015 Updated: (only if this is applicable)

(4)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0

Status: pending Next review date: December 2015 Page 4

This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy. Any printed copies of this document are not controlled.

As a controlled document, this document should not be saved onto local or network drives but should always be accessed from the intranet.

(5)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0

Status: pending Next review date: December 2015 Page 5

Contents

1 Introduction ... 6

2 Purpose ... 6

3 Audience ... 7

3.1 Distribution plan ... 7

3.2 Training plan and support ... 7

4 Roles and responsibilities ... 8

4.1 Risk management roles ... 8

4.1.1 Risk lead ... 8

4.1.2 Risk owner ... 8

4.1.3 Action owner ... 8

4.1.4 Corporate programme management office (PMO) ... 9

5 Risk management process ... 9

5.1 Risk identification and recording ... 9

5.1.1 Identification of risk ... 9

5.1.2 Risk register ... 10

5.2 Risk assessment and scoring ... 10

5.3 Action planning ... 11

5.4 Monitoring and closure ... 11

6 Reporting and escalating risks ... 11

6.1 Corporate risk register ... 11

6.2 Escalating risks ... 12

7 Assuring implementation of this policy... 12

8 Equality and health inequalities analysis ... 12

9 Associated documentation ... 12

10 Glossary ... 13

Appendix A – NHS England Risk Management Governance and Escalation Route 15 Appendix B – NHS England Risk Management Responsibilities ... 16

Appendix C – Risk register guidance ... 20

(6)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0

Status: pending Next review date: December 2015 Page 6

1

Introduction

This document provides guidance on the policy, process and procedures for risk management in NHS England.

Risk management is the recognition and effective management of all threats and opportunities that may have an impact on NHS England’s reputation, its ability to deliver its statutory responsibilities and the achievement of its objectives and values. NHS England is committed to developing and implementing a risk management policy and process that will identify, analyse, evaluate and control the risks.

2

Purpose

The aim of this policy and process document is to:

 evidence the importance of risk management to NHS England;

 support staff to understand their roles and have a consistent approach to risk management; and

 ensure that correct systems and processes are in place to manage corporate and operational risks across NHS England.

It is the policy of NHS England that:

 we seek to reduce risks that are a threat to the delivery of objectives and put in place actions that address the likelihood and impact of each risk to an acceptable level.

This policy and process document supports this by:

 setting out a risk management framework, which provides assurance to the Board that appropriate processes are in place to manage corporate and operational risks effectively;

 recommending procedures for the effective identification, prioritisation, treatment and management of risks to minimise or maximise the effect of an uncertain event or set of events on the delivery of objectives;

 ensuring a cohesive approach to the governance of risk;

 identifying risk management resources; and

 establishing risk management as an integral part of the NHS England culture. All identified risks will be required to:

 be recorded with a core minimum amount of information as set out in this document;

 be assessed on the likelihood of the risk being realised and the level of impact should the risk be realised; and

 have an identified risk owner and action owners.

The policy element of the document describes the governance structures in place to ensure that risks are managed and escalated through NHS England as appropriate.

(7)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0

Status: pending Next review date: December 2015 Page 7

It sets out the respective responsibilities for corporate and operational risk management for the Board and staff throughout NHS England.

The document describes the corporate standard process to assist staff to identify, analyse and manage risks in their respective areas.

3

Audience

This policy and process document is applicable to all corporate and operational risks that NHS England could be exposed to, including information governance,

programme, project and clinical risks and those arising from the oversight of the NHS commissioning system as a whole.

This is a corporate policy and it is expected that central team directorates, regions and programme and project teams will develop and document their own local level procedures based on this policy.

Hosted organisations may develop local risk management processes which adhere to the principles of the NHS England risk management policy. Significant risks affecting NHS England from hosted organisations will be escalated through the appropriate sponsoring national director.

3.1 Distribution plan

This policy and process document will be made available to all staff via the NHS England internet and intranet sites.

Notification of this document will be included in the all staff email bulletin, as well as through the corporate programme management office (PMO) communication and engagement routes such as PMO news, PPM advocates and the community of practice.

3.2 Training plan and support

To support the implementation and embedding of the risk management policy and procedures;

 an e-learning package ‘Introduction to risk management’ will be made available to all staff through the NHS England intranet; and

 bespoke advanced risk management training will be available to all NHS England teams, tailored to their specific needs. This could include advice and guidance on the management of risk in their area, peer reviews and / or support with

development of risk registers.

Further guidance and support is available on the corporate PMO intranet pageshere

(8)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0

Status: pending Next review date: December 2015 Page 8

4

Roles and responsibilities

Each area of the business must undertake an ongoing robust assessment of risks and escalate risks through the formal NHS England governance and escalation route, as set out in Appendix A.

To support the governance and escalation process Appendix B sets out the specific risk management responsibilities.

It is the responsibility of all staff to maintain risk awareness, identifying and reporting risks as appropriate to their line manager and / or director.

4.1 Risk management roles

4.1.1 Risk lead

All central team directorates, regions and programme and project teams must have an identified risk lead.

They will be responsible for:

 consulting with teams to identify and assess risks and determine mitigating actions;

 the ongoing maintenance of a risk register for their area of the business;

 ensuring risk registers undergo regular review and quality assurance;

 promoting the risk management policy, procedures and best practice within their area of the business;

 communicating changes to the risk management policy and procedures to their area of the business;

 sharing information and knowledge on risks within their area of business, directorate and those on the corporate risk register; and

 being the key contact for the corporate PMO for assurance on the management of risk and compliance with this policy.

4.1.2 Risk owner

All risks will have an identified risk owner who is responsible for ensuring that risk is managed, including the ongoing monitoring of the risk, ensuring controls and further actions are in place to mitigate the risk and reporting on the overall status of the risk. It is the responsibility of the risk owner to escalate risks where appropriate in line with local risk procedure and the risk escalation process detailed in Appendix A.

4.1.3 Action owner

All risks have action owner(s), to whom the risk owner has delegated responsibility for ensuring the delivery of a task or activity that will help to mitigate the risk and to provide regular reporting on progress.

(9)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0

Status: pending Next review date: December 2015 Page 9

4.1.4 Corporate programme management office (PMO)

The corporate PMO will support the executive risk management group by providing assurance on the implementation of the risk management policy, the management of the corporate risk register and the review of directorate, regional, programme and project risk registers.

5

Risk management process

5.1 Risk identification and recording

5.1.1 Identification of risk

When identifying a risk consideration should be given to what could pose a potential threat (or opportunity) to the achievement of objectives within the context of the organisation. For example, whether the risk is strategic, programme or operational. Risks and issues often get confused and a useful way of remembering the difference is;

 Risks are things that might happen and stop us achieving objectives, or otherwise impact on the success of the organisation.

 Issues are things that have happened, were not planned and require management action.

Once identified, the risk needs to be described clearly to ensure that there is a common understanding by stakeholders of the risk.

The recommended form for risk descriptions is to identify the cause, the event and the effect. Appendix C includes guidance on how to write a risk.

Report &

Escalate

Identify & record

Assess & score

Plan Monitor

& review

(10)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0 Status: pending Next review date: December 2015 Page 10 5.1.2 Risk register

As a minimum a risk register must contain:

 risk reference;

 risk owner;

 risk description;

 ratings of likelihood and impact, for both current and after actions;

 risk proximity;

 action plans;

 action owner for each action; and

 completion date for each action.

It is recommended good practice to also include:

 trend analysis; and

 sources of internal and external assurance.

NHS England’s policy is to mandate the use of the standard risk register template, this is available on the corporate PMO intranet pages here. Additional columns can be added to the standard template to enable the best management of risks by those responsible.

Guidance on completing a risk register can be found in Appendix C.

5.2 Risk assessment and scoring

It is vital that all risks are assessed in an objective and consistent manner if they are to be managed, and to guide operational, project and programme planning and resource allocation.

Risks are firstly assessed on the probability (likelihood of the risk happening) and secondly on what would happen (impact) should the risk occur.

When assessing how likely it is that a risk will occur, take into account the current environment. Consider the adequacy and effectiveness of the controls already in place within the environment, which could address the causes of the risk and therefore the likelihood of the risk being realised; for example, systems, policies, training and current practice.

When assessing what the impact of the risk could be if it happened, consider what the impact of the risk would be in most circumstances within your environment and what is reasonably foreseeable.

The assessment is completed by scoring the likelihood and impact. Appendix D sets out the NHS England scoring tables which are based on a scale of 1 - 5 and the NHS England risk rating matrix which gives the scoring a RAG status.

NHS England’s procedure is to score and rate a risk twice as a current score and post action score.

(11)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0 Status: pending Next review date: December 2015 Page 11

Risks are also assessed in terms of proximity i.e. when the risk would occur.

Estimating when a risk would occur helps prioritise the risk. The proximity scale used in NHS England is:

 zero to three months;

 three to six months;

 six to nine months;

 nine to twelve months; and

 twelve months plus.

5.3 Action planning

Following completion of the risk assessment, consideration must be given to whether the risk requires further management actions that ideally minimise the likelihood and/or impact of a threat or maximise the likelihood of opportunities. For each risk an action plan to eliminate, minimise, or maximise the risk is required.

It is not always possible to identify and then fully implement actions that eliminate or minimise a risk. Where this is the case, it is essential that the significance of the risk that remains is understood and the organisation in accordance with the risk

management governance confirms that it is prepared to accept that level of risk. This is known as the residual risk.

5.4 Monitoring and closure

The implementation of the action plan and the level of risk must be kept under review.

Where implementation of action plans is not producing the anticipated results, the risk should be re-assessed and a revised action plan agreed as necessary.

Once all possible actions have been completed or the event has passed, the risk should be closed and moved to the closed risk register for audit purposes.

6

Reporting and escalating risks

6.1 Corporate risk register

NHS England has a corporate risk register, which is an integral part of the system of internal control and defines the highest priority risks which may impact on NHS England’s ability to deliver its objectives. The corporate risk register enables the Board and Audit and Risk Assurance Committee to be assured of the management of these risks.

The executive risk management group (ERMG) manages these risks on behalf of the Board.

(12)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0 Status: pending Next review date: December 2015 Page 12

6.2 Escalating risks

The governance and escalation diagram set out in Appendix A also includes an example of the process for how risks can be escalated for inclusion on the corporate risk register. It is recommended that at each level Amber/Red and Red risks are escalated.

It is the responsibility of each directorate, region and programme and project to define an internal escalation process in line with this policy. This should be

documented in an appropriate programme document such as a programme definition document or directorate risk management procedure. A risk management procedure template can be found on the corporate PMO intranet pages here.

7

Assuring implementation of this policy

The corporate programme management office will be responsible for assuring the implementation of the policy and procedures. This will be through discussions with risk leads and assessment of risk management processes and risk registers from central team directorates, regions, programme and project teams. The

recommendations of the reviews will be reported to the executive risk management group for consideration and where required, further action taken.

Internal audit will conduct an annual audit to provide an independent assessment of the design of the risk management policy, processes and procedures and the extent to which they are applied across the organisation. The recommendations of the review will be reported to the National Director, Transformation and Corporate Operations and the Audit and Risk Assurance Committee.

The Audit and Risk Assurance Committee oversee the establishment and maintenance of an effective system of assurance on risk management through approval of the risk management policy, regular reporting on the management of corporate risks and progress updates against audit recommendations.

8

Equality and health inequalities analysis

This procedural document forms part of NHS England’s commitment to create a positive culture of respect for all individuals including staff, patients, their families and carers as well as community partners. The intention is to identify, remove or minimise discriminatory practice in the areas of race, disability, gender, sexual orientation, age and ‘religion, belief, faith and spirituality’ as well as to promote positive practice and value the diversity of all individuals and communities.

As part of the development of this document, its impact on equality has been analysed and no detriment identified.

9

Associated documentation

Best Management Practice – Management of Risk (MoR) Guidance for Practitioners. Access to this supplementary guidance is available through the corporate access to project and programme management guidance here.

(13)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0 Status: pending Next review date: December 2015 Page 13

10 Glossary

Action plan Sets out the activities that will address the identified gap and

reduce, eliminate or minimise the risk.

Assurance External evidence that risks are being effectively managed

(e.g. planned or received audit reviews).

Control(s) Actions in place to manage the risk.

Corporate risk register

A record of the risks identified through internal processes that will impact on the delivery of NHS England’s strategic objectives or major programmes.

Directorate risk register

A record of the risks identified through internal processes that will impact on the delivery of directorate objectives and / or plans.

Gaps in controls or assurances

Where an additional system or process is needed, or evidence of effective management of the risk is lacking.

Impact Is the result of a particular threat or opportunity should it

actually occur.

Issue A relevant event that has happened, was not planned and

requires management action.

Likelihood Is the measure of the probability that the threat or

opportunity will happen, including a consideration of the frequency with which this may arise.

Operational risks A risk or risks that have the potential to impact on the

delivery of business, project or programme objectives. Operational risks are managed locally within teams and significant operational risks are escalated, where

appropriate, to the executive risk management group (ERMG) via the directorate senior management team.

Opportunity An uncertain event that would have a favourable impact on

objectives or benefits if it occurred.

Risk A risk is an uncertain event or set of events that, should it

occur, will have an effect on the achievement of business, project or programme objectives. A risk can be a threat or an opportunity.

Risk assessment The process used to evaluate the risk and to determine

whether controls are adequate or more should be done to mitigate the risk. The risk is compared against

(14)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0 Status: pending Next review date: December 2015 Page 14

Risk management The systematic application of management policies,

procedures and practices to the task of identifying, analysing, assessing, treating and monitoring risk.

Risk proximity The estimate of the timescale as to when the risk is likely to

occur. It helps prioritise risk and to identify the appropriate response.

Threat An uncertain event that could have a negative impact on the

(15)

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0 Status: pending Next review date: December 2015 Page 15

Board

Chief Executive

Executive risk management group

National director senior management team

Regional Director

Regional team

Director (VSM)

Central team

Programme / Project senior responsible officer

All programme and project teams

All staff

Appendix A – NHS England Risk Management Governance and Escalation Route

Risk discussed at National or Regional directors SMT meetings and escalated to ERMG where appropriate

Risk escalation process

All staff identify risks and report to a nominated risk lead in their directorate, project, programme or region any potential threats or opportunities that impact on delivery of objectives

All identified risks are assessed and scored with controls and actions recorded on standard risk registers and reviewed regularly Risk registers collated and managed with red and amber/red risks being escalated for discussion at management meetings

ERMG review the corporate risk register and consider any escalated risks for addition or removal and recommend to the Board

Approve recommendations made in relation to the corporate risk register

Major programmes

assurance group Audit and Risk

Assurance

Committee

Board sub committees

(16)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0 Status: pending Next review date: December 2015 Page 16

Appendix B – NHS England Risk Management Responsibilities

Title Responsibilities

NHS England Board Responsible for:

 articulating the key risk management priorities for NHS England;

 protecting the reputation of NHS England;

 providing leadership in risk management;

 determining the risk appetite for NHS England;

 ensuring the approach to risk management is consistently applied;

 ensuring that assurances demonstrate that risk has been identified, assessed and all reasonable steps taken to manage it effectively and appropriately; and,

 endorsing risk related disclosure documents.

Audit and Risk Committee Responsible for on behalf of the Board:

 providing oversight of the establishment and maintenance of an effective system of assurance on risk management and internal control, across the whole of NHS England’s activities that supports the achievement of NHS England’s objectives.

Further information regarding the responsibilities of the committee is available in the Committee Handbook.

Chief Executive Responsible for:

 ensuring that management processes fulfil the responsibilities for risk management;

 ensuring that full support and commitment is provided and maintained in every activity relating to risk management;

 planning for adequate staffing, finances and other resources, to ensure the management of those risks which may have an adverse impact on the staff, finances or stakeholders of NHS England;

 ensuring an appropriate corporate risk register is prepared and regularly updated and receives appropriate consideration; and,

 ensuring that the governance statement, included in the annual reports and accounts, appropriately reflects the risk management processes in operation across NHS England.

(17)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0 Status: pending Next review date: December 2015 Page 17

Title Responsibilities

Executive risk management group

Responsible for:

 undertaking a detailed review of NHS England’s corporate risk register on a monthly basis and prior to submission to the Board;

 recommending to the Board the raising of new risks and closing of identified risks, using the corporate risk register;

 reviewing and discussing the highest key priority risks raised by members of the executive risk management group, with a view to escalating to the corporate risk register, as required;

 reviewing themes and trends arising from reviews of risks and issues identified;

 reviewing directorate risk management arrangements; and

 reviewing the risks of the major organisational programmes and projects, as escalated from the major programmes assurance group.

National directors Responsible for:

 ensuring that directorate and major programme risks are actively managed within their directorate;

 owner and action owner of individual risks;

 ensuring staff comply with all organisational policies and procedures and fulfil their responsibility for risk management by identifying, reporting, monitoring and managing risk;

 leading the management of risk by devising short, medium and long-term strategies to tackle identified risk, including the production of any mitigating action plans;

 escalation of risks from or to the directorate risk register, for consideration by the executive risk management group for inclusion on the corporate risk register; and

 ensuring that all activities undertaken within their directorates are consistent with the safe operation of NHS England.

Directors (VSMs) / SROs / programme directors

Responsible for:

 ensuring that programme and operational risks are actively managed within their areas of the business;

 owner and action owner of individual risks (including those delegated by the national director);

 devising short, medium and long-term strategies to tackle identified risk, including the production of any mitigating action plans;

(18)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0 Status: pending Next review date: December 2015 Page 18

Title Responsibilities

 escalation of risks to the national director for inclusion on the appropriate risk register;

 evaluation of risks leading to the identification of themes (particularly relevant for regional directors across regional risk registers);

 cascading information and knowledge on risks that are within their area of the business, directorate and those on the corporate risk register;

 ensuring staff comply with all organisational policies and procedures and fulfil their responsibility for risk management by identifying, reporting, monitoring and managing risk; and

 ensuring that all activities undertaken within their directorates are consistent with the safe operation of NHS England.

All teams Responsible for:

 participating (as appropriate) in the identification, assessment, planning and management of threats and opportunities;

 keeping a record of the identified risks in a risk register;

 undertaking a regular review of the risks on the risk register; and

 escalating risks to their director, as appropriate and in accordance with the risk management governance and escalation diagram set out in Appendix A.

All staff Responsible for:

 participating (as appropriate) in the identification, assessment, planning and management of threats and opportunities;

 ensuring that they familiarise themselves and comply with the policies and procedures of NHS England; and

 undertaking and / or attending mandatory and other relevant training courses.

Internal audit Responsible for:

 agreeing (with the Audit and Risk Assurance Committee) a programme of audits which assess the exposure and adequacy of mitigation of the principal risks affecting the organisation;

 prioritising the internal audit programme to reflect the risk evaluation set out in the corporate risk register; and

(19)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0 Status: pending Next review date: December 2015 Page 19

Title Responsibilities

responsibility remains with the organisation or relevant risk owners.

Corporate programme management office in the Transformation and Corporate Operations Directorate

Responsible for:

 assuring the executive risk management group that risk accountabilities exist;

 reviewing progress in developing and applying the risk management policy;

 reviewing the results of the assessment of the management of risk;

 reviewing directorate, region and programme and project team risk registers;

 evaluation of risks leading to the identification of themes;

 making recommendations to the executive risk management group on the management of risk implementation; and

 ensuring risk information is available for review by the executive risk management group through the corporate risk register.

(20)

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0 Status: pending Next review date: December 2015 Page 20

Appendix C – Risk register guidance

Risk description – should describe the risk event, the cause and the effect. The risk should

be articulated clearly and concisely with appropriate use of language, suitable for the public domain with acronyms spelt out in the first instance.

When wording the risk it is helpful to think about it in three parts and write it using the following phrasing: There is a risk that ……… This is caused by………. Would lead to an

impact/effect on ………….

Risk owner – should include full job title (not just names) of the person who owns the risk.

Risk assessment / scoring – should be completed in line with the guidance set out in section

5.2 and Appendix D.

Risk proximity – should be selected based on: zero to three months, three to six months, six

to nine months, nine to twelve months and twelve months plus.

Action plan – should be the actions and activities planned to take place that will when

implemented or completed reduce, eliminate or minimise the risk.

Action owners – should include for each action full job title (not just names) responsible for

completing the action.

Completion date for actions – each action should have a completion date set.

Assurances – this should include internal assurance / evidence (e.g. Board reporting,

sub-committee and programme governance) and external assurance / evidence (e.g. planned or received audits or reviews) that the risk is being effectively managed.

Trend –this indicates any change in the current risk score in the form of an arrow. It is

recommended that

is an improvement in position and therefore a reduction in the level of risk e.g. amber to amber/green and a

indicates an increase in the level of risk e.g. amber to amber/red. Where there is no change in the level of risk this is indicated by

↔.

Last review date – this is to indicate when the risk was last reviewed and/or updated.

Please note:

Be careful and sensitive about the wording of the risk, as risk registers are subject to Freedom of Information (FOI) requests.

Do not reference blame to other organisations in the risk register (the register may be made available in the public domain).

(21)

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0 Status: pending Next review date: December 2015 Page 21

Appendix D – Risk scoring and rating matrices

Likelihood score

Likelihood Scoring

1 2 3 4 5

Descriptor Rare Unlikely Possible Likely Very Likely

Frequency / How likely is it to happen?

This probably will never happen/recur

Do not expect it to happen/recur, but it is possible it may do so

Might happen or recur occasionally

Will probably

happen/recur, but is not a persisting issue or circumstance

Very likely to

happen/recur; possibly frequently

Category Impact Scoring

Impact score 1 2 3 4 5

Descriptor Very low Low Moderate High Very high

Operational  Minor reduction in quality of treatment or service

 No or minimal effect for patients.

 Single failure to meet national standards of quality of treatment or service

 Low effect for a small number of patients if unresolved.

 Repeated failure to meet national

standards of quality of treatment or service

 Moderate effect for multiple patients if unresolved.

 Ongoing non-compliance with national standards of quality of

treatment or service

 Significant effect for numerous patients if unresolved.

 Gross failure to meet national standards with totally

unacceptable levels of quality of treatment or service

 Very significant effect for a large number of patients if unresolved.

Reputational  Not relevant to mandate priorities

 No adverse media coverage

 No negative recognition from the public.

 Minor impact on achieving mandate priorities

 Low level of adverse media coverage

 Small amount of negative public interest

 Moderate impact on achieving mandate priorities

 Moderate amount of adverse media coverage

 Moderate amount of negative public interest.

 High impact on achieving mandate priorities

 High level of adverse media coverage

 Negative impact on public confidence.

 Mandate priorities will not be achieved

 National adverse media coverage

 Total loss of public confidence.

Financial  Programme-

Between £10m and £25m

 Admin- Between £2m and £5m

 Programme-

Between £25m and £50m

 Admin- Between £5m and £10m

 Programme- Between £50m and £100m

 Admin- Between £10m and £20m

 Programme- Between £100m and £250m

 Admin- Between £20m and £50m

 Programme- More than £250m

 Admin- More than £50m

(22)

Classification: Official

Document number: POL_1002 Issue/approval date: January 2015 Version number: 1.0 Status: pending Next review date: December 2015 Page 22

Each risk will be rated by taking the likelihood and impact scores, and applying to the matrix below:

Very high - 5

A

AR

R

R

B

High - 4

A

A

AR

R

R

Moderate - 3

AG

A

A

AR

AR

Low - 2

G

AG

AG

A

A

Very low - 1

G

G

G

G

G

1 2 3 4 5

Rare Unlikely Possible Likely Very likely

Imp

ac

t

References

Related documents

Select and use gloves and/or protective clothing approved to relevant local standards to prevent skin contact based on the results of an exposure assessment.. Selection should be

NH4 Polyphosphate Inhalation respiratory irritation Some positive data exist, but the data are not sufficient for classification similar health hazards NOAEL Not

Refer to other sections of this SDS for information regarding physical and health hazards, respiratory protection, ventilation, and personal protective

Prior research identifies experiencing maltreatment as a risk factor for perpetrating maltreatment, also called intergenerational child maltreatment (IMT). Many prior studies of

competitiveness strengths are found in Malaysia’s efficient and competitive market for goods and services, ranked 11 th ; its supportive financial sector, ranked 6

– Assess compliance with FDA’s regulations governing the conduct of clinical trials, including those for?. informed consent and

Document: NovaCore CMS\SNR\FormNational Recognition-RPL Application Form Approved By: RTOADM Next Review Date: 02-04-2016.. Version: 1.0 Approved Date: 02-04-2015 Page 1

Clinical Guidance and Three Way Agreement Page 3 of 16 Approval date: 3 rd December 2015 (TEWV D&T).. for County Durham – Version 1.0 5 th November 2015