Annual report 2012-13 - West London Mental Health NHS Trust

3. Risk assessment and managementThe trust’s risk assessment and managementarrangements are described in detail in the trust’srisk management policy, which complementsthe trust’s risk management strategy. These riskmanagement arrangements enable risks to beidentified, assessed, and controlled consistentlyand effectively.The board is aware of the risks in the organisationthrough the use and review of the risk register and isresponsible for ensuring action plans are in place tomanage those risks. Risks are managed in differentways including risk transfer and developing systemsto mitigate risks. All staff within the organisationhave a responsibility for risk management and thetrust has in place a programme of training andeducation for staff which includes risk managementand clinical risk training.Risks that cannot be managed within the highsecure services, specialist & forensic services orlocal services clinical service units or corporatedepartments, are escalated to the trust-wide (level1) risk register. There may be some residual riskthat cannot reasonably be eliminated that theboard will choose to accept where this is necessaryto deliver its objectives.Level 1 risks and the board assurance frameworkare reviewed bi-monthly by the board and regularlyby the audit committee, quality committee,finance & investment committee and the trustmanagement team.The trust has a comprehensive and effectiveclinical audit system in place which is closelyaligned to the board’s assurance framework andreflects clinical risks identified through the incidentreporting system. The clinical audit programme isoverseen by the trust’s quality committee and themedical director is the executive director with theresponsibility for clinical audit.During 2012/13 the trust’s clinical governancearrangements have been externally assessedby Ernst & Young on two occasions against therequirements of the Monitor quality governanceframework. These assessments have demonstrateda progressive improvement. Work is ongoingto further improve the monitoring of clinicalperformance and to ensure the implementation ofthe trust’s recently revised quality strategy.Highest risksThe current highest-rated risks to the trustconcern: (i) potential failure to deliver savings inlocal services; (ii) potential failure to achieve thecost improvement plan (CIP) efficiencies requiredby the current five year trust integrated businessplan; (iii) the impact of failure to redevelop theSt Bernard’s Hospital site; and (iv) the consistentassessment and management of clinical risk.New risks 2012/13In the past year, several new significant trust-widerisks were identified and continue to appear on thetrust-wide risk register. These are:• Lack of an effective quality strategy and metricsleading to inconsistent quality of care resultingin poor patient experience and commissionerdissatisfaction.• Failure to deliver savings in local services inline with commissioners’ intentions 2013/14,resulting in service restrictions and/or closures.In addition, several closely related risks werecombined and are now represented by a singleclinical risk:• Failure to assess and manage clinical riskeffectively, resulting in harm.4. The risk and control frameworkThe risk management strategy, complemented bythe risk management policy, details the lines ofaccountability and the responsibilities of all staff,including accountability arrangements with keystakeholders. It describes the trust committeestructure established to ensure effective riskmanagement and the arrangements in placeto ensure the board receives timely, accurateinformation on the principal risks to achievementof the trust’s strategic aims i.e. the boardassurance frameworkThe board assurance framework details thesignificant risks to the achievement of the trust’sstrategic aims, the key controls in place tomanage those risks, the assurances regarding theeffectiveness of those controls, any gaps in controlor assurance and the actions that are being takento secure more effective control over that risk.Therefore, the board is kept aware of thosesignificant risks to the trust’s achievement ofits strategic aims through its monthly review ofthe trust-wide (level 1) risk register, the reportsit receives from the chairs of the board’s subcommitteesand its bi-monthly review of the boardassurance framework.Significant trust-wide risks are reviewed regularlyby the trust management team, and assurances,regarding the effective management of risk, aregiven by other board sub-committees, which arechaired by non-executive directors. Those subcommitteesroutinely scrutinise the risks and, inthe process, receive from the risk owner detailedinformation about the nature, severity andmanagement of the risk.The audit committee provides the board with furtherassurance regarding the trust’s risk managementarrangements. The audit committee is assisted inits work by the internal audit service which, in thecourse of the year, performs the detailed scrutinyof selected trust-wide risks. Internal audit reportsits findings to the audit committee, commenting,for example, on the appropriateness of the risk keycontrols, the validity of the assurances provided forthat risk and the appropriateness of the plannedadditional risk-mitigating actions.Similarly, in the course of the year, the clinical auditservice performed audits across the trust, focussingon the historically high-risk clinical activities e.g.‘engagement and observation’. The audit findingsare reported to and reviewed by the trust clinicalaudit governance group.The governance arrangements at CSU and directoratelevel complement the governance arrangements atboard and board sub-committee level.The trust’s risk control framework includes theprovision to staff of appropriate induction andrefresher training covering key risk areas e.g.clinical risk, counter-fraud, human resources,financial, health and safety, etc. The trust-widelevel of compliance by staff with their mandatorytraining requirements is monitored monthly by thetrust management team.All staff within the organisation have aresponsibility for risk management. Servicemanagers are required to record on their servicerisk register (and, subsequently, manage effectively)any significant risks affecting their service. The riskescalation process means that risks which cannotbe managed entirely within one CSU or directorateare escalated to the trust-wide risk register.46 Annual Report 2012/201347