Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
November 2006
Contents
1. Introduction
2. Responsibilities
3. The Approach
Appendices
A Categories of Risk
B Risk Form
C Flowchart
1. Introduction
1.1 The Risk Management Strategy, which sets out the organisation’s approach to
risk, was approved by the PCT Board in October 2006.
1.4 The term “risk” in this procedure document is intended to encompass all risks
facing the PCT, including organisational, financial and clinical.
2. Responsibilities
2.1 The PCT Board is responsible for overseeing the effective management of risk.
The Chief Executive, as Accountable Officer, has overall responsibility for
governance and risk management. The Integrated Governance Committee will
ensure, on behalf of the Board, that appropriate risk management processes
are in place.
2.2 The Assistant Director of Corporate Services maintains the PCT’s Risk
Registers and is responsible for advising on risk.
2.3 Directors are responsible for ensuring that risk is managed effectively within
their own directorates. Line managers are responsible for managing and
reviewing risks within their own departments and ensuring that the Risk
Register is updated on a regular basis.
2.4 All staff have a responsibility to work with their departmental manager to
identify and manage risks.
3. The Approach
3.1.1 Each director will be responsible for co-ordinating the systems for identifying
risks within their own directorate. Individual directors should nominate lead
managers to take responsibility for this function within their directorates.
3.1.2 The director (or lead manager) should liaise with each manager within their
directorate to ensure that they are aware of their duties regarding the risk
management system. It is the responsibility of each manager to identify the
risks associated within their particular operational area. As part of this risk
identification process, managers should seek the involvement and comments
of their staff. This will enable ownership of the process to be shared throughout
the PCT.
3.1.3 It is recommended that the ‘top down’ approach to the identification and
consideration of risks within each department should be undertaken formally at
least twice per annum and linked of the production of the Local Delivery Plan.
Risks are also likely to be identified on a ‘bottom up’ ad hoc basis.
3.1.4 Risks identified by either the top down or bottom up approaches, should be
considered against the organisational/departmental objectives. Managers
should consider with their staff what they perceive to be the risks to achieving
each of these objectives. Appendix A outlines a number of risk types that
managers may wish to consider when undertaking the formal risk
assessments. The categories included in the Appendix are not considered to
be exhaustive and some will not be applicable to all departments.
3.1.5 Details of all risks identified must be recorded by the departmental manager on
a Risk Form (Appendix B).
3.1.6 The completed Risk Form will be sent to the relevant director for approval, who
will then forward to the Assistant Director of Corporate Services in order that
details can be entered onto the Risk Register. The departmental manager
should retain a copy of each Risk Form completed.
3.1.7 Although the top down process should be undertaken formally twice per
annum, all managers and staff should be encouraged to consider their actions
and functions in terms of risk at all times. Any additional risks identified outside
of the formal review process should be discussed with the departmental
manager and a Risk Form completed and sent to the relevant director as soon
as possible.
3.1.8 Risks may also be identified from a number of other sources including:
3.2.1 In order to decide how to handle risk, it is essential not only to identify that a
certain risk exists, but also to evaluate its significance. The Risk Form will
include the departmental manager’s assessment of the risk.
3.2.2 Risk analysis may concentrate on impacts in one area only or on several
possible areas of impact. Areas of impact include the following:
3.2.3 The significance of the identified risk will be assessed in terms of likelihood,
and consequence, each of which will be categorised on a scale of 1 to 5. The
following is intended to assist in the assessment of risk:
Consequence
1 2 3 4 5
Likelihood
1 1 2 3 4 5
2 2 4 6 8 10
3 3 6 9 12 15
4 4 8 12 16 20
5 5 10 15 20 25
3.2.5 The above approach does not automatically identify which areas of risk require
greatest attention. However, it will help to inform discussion about which risks
are most significant and what action is required to address them. The risks
that score the most points are likely to be those which most demand some
form of control action and those risks which are assessed as “Significant” or
“High” should be given particular attention.
3.2.6 If the Director, or the Assistant Director of Corporate Services disagree with
the original assessment of the risk, this will be discussed with the lead
manager before the risk is entered onto the Risk Register.
3.3.1 The selection of the most appropriate option for treating risks involves
balancing the cost of implementing each option against the benefits derived
from it. Where large reductions in risk may be obtained with relatively low
expenditure, such options should be implemented. Further options for
improvement may be uneconomic and judgement needs to be exercised as to
whether they are justifiable.
3.3.3 The arrangements for risk treatment and control, outlined in the Strategy are as
follows:
Medium Risks (4 – 6)
These risks are the maximum acceptable by the PCT, providing they are
effectively controlled. They should, however, be monitored as the likelihood or
impact could increase in the future.
Low Risks (1 - 3)
These are not significant now and are not likely to increase in future.
3.4.1 All identified risks will be recorded on the Risk Register, maintained by the
Assistant Director of Corporate Services.
3.4.2 All risks classified as “High” or “Significant” will be used to inform the
Assurance Framework.
3.4.3 The Risk Register will be used to generate regular reports to line managers
and directors to enable them to monitor the risks within their own areas of
responsibility as well as the periodical reports to the Integrated Governance
Committee and the Board.
3.5.2 The Assistant Director of Corporate Services will provide training in the
operation of the risk management processes as required to directors and
managers. In addition, risk management will be included as a topic on the PCT
induction courses.
3.6.1 Having identified the risks and determined a plan of remedial action, it is
essential that assurance regarding the effectiveness of the action is obtained.
3.6.2 All responsible managers will provide periodical updates, as required, to the
Assistant Director of Corporate Services regarding the progress made in
reducing/removing risks. This information will be used to update the Risk
Register which will be the source of monitoring reports for the Integrated
Governance Committee and directors.
3.6.3 The Integrated Governance Committee will be responsible for the ongoing
monitoring and review of the Risk Management Strategy and the effectiveness
of the risk management processes. In addition an Annual Risk Management
Report will be presented to the Integrated Governance Committee and the
Primary Care Trust Board.
3.7 Summary
Financial
Environmental
Political/Economic
Infrastructure Transport systems for staff, power supply systems, suppliers, business
relationships with partners, dependency on internet and e-mail.
Legal & Regulatory Laws and regulations which if complied with should reduce hazards.
Natural Events
Technological
Appendix B
Gloucestershire Primary Care Trust
Risk Form
The responsible manager should complete this form by reference to the Risk
Management Procedure. The form should then be forwarded/e-mailed to the relevant
Director for approval, who should in turn forward/e-mail to the Assistant Director –
Corporate Services in order that the details can be entered onto the PCT’s Risk
Register.
Directorate:
Department:
Location:
Clinical Group:
Date of completion:
Name of responsible manager
completing:
Details of risk:
Risk identified
Risk analysed
(Likelihood &
Consequence)