13.0 Annual Governance Statement13.1 Scope of ResponsibilityAs Accounting Officer, I have responsibility formaintaining a sound system of internal control thatsupports the achievement of the NHS FoundationTrust’s policies, aims <strong>and</strong> objectives, whilstsafeguarding the public funds <strong>and</strong> departmentalassets for which I am personally responsible, inaccordance with the responsibilities assigned tome. I am also responsible for ensuring that theNHS Foundation Trust is administered prudently<strong>and</strong> economically <strong>and</strong> that resources are appliedefficiently <strong>and</strong> effectively. I also acknowledge myresponsibilities as set out in the NHS FoundationTrust Accounting Officer Memor<strong>and</strong>um.<strong>Sheffield</strong> <strong>Health</strong> <strong>and</strong> <strong>Social</strong> <strong>Care</strong> NHS FoundationTrust forms part of the <strong>Sheffield</strong> social <strong>and</strong>healthcare communities. As the AccountingOfficer I work closely with NHS <strong>Sheffield</strong>, who isthe main commissioner of the Trust’s services. Weare also accountable to <strong>Sheffield</strong> City Council forthe social care it provides through the Section 75Agreement which is monitored on a monthly basisby the Joint Performance Group, <strong>and</strong> quarterly viaa Partnership Board. Part of the agreement includesan accountability framework. We also have aNon-Executive Director on our Board of Directorswho is an elected member of the Council. Positiverelationships with NHS North of Engl<strong>and</strong>, (formedin October 2011 from three Strategic <strong>Health</strong>Authorities – Yorkshire <strong>and</strong> the Humber, NorthEast <strong>and</strong> North West), have been maintained.Art therapy atMoncrieffe RoadOT exercise session at theLongley Centre13.2 The Purpose of the Systemof Internal ControlThe system of internal control is designed to managerisk to a reasonable level, rather than to eliminate allrisk of failure to achieve policies, aims <strong>and</strong> objectives;it can therefore only provide reasonable <strong>and</strong> notabsolute assurance of effectiveness. The system ofinternal control is based on an on-going processdesigned to identify <strong>and</strong> prioritise the risks to theachievement of the policies, aims <strong>and</strong> objectives of<strong>Sheffield</strong> <strong>Health</strong> <strong>and</strong> <strong>Social</strong> <strong>Care</strong> NHS FoundationTrust, to evaluate the likelihood of those risks beingrealised <strong>and</strong> the impact should they be realised,<strong>and</strong> to manage them efficiently, effectively <strong>and</strong>economically. The system of internal control hasbeen in place in <strong>Sheffield</strong> <strong>Health</strong> <strong>and</strong> <strong>Social</strong> <strong>Care</strong>NHS Foundation Trust for the year ended 31 March2013 <strong>and</strong> up to the date of approval of the AnnualReport <strong>and</strong> Accounts.13.3 Capacity to H<strong>and</strong>le Risk13.3.1 Risk Management leadership <strong>and</strong> StructureCorporate leadership, support <strong>and</strong> advice for h<strong>and</strong>lingrisk is provided through the Integrated GovernanceTeam (including risk management <strong>and</strong> clinicalgovernance functions). During the year leadershipfor risk management <strong>and</strong> governance has changedfrom the Executive Director of Nursing <strong>and</strong> IntegratedGovernance (current title Chief Operating Officer/Chief Nurse) to joint leadership between the DeputyDan Jarvis MP, Arts<strong>and</strong> WellbeingConference 2012Chief Executive <strong>and</strong> the Medical Director. Thisprovides assurance on the Trust’s capacity to h<strong>and</strong>lerisk through the various reports that are providedto the Quality Assurance Committee, the Audit <strong>and</strong>Assurance Committee <strong>and</strong> the Board of Directors itself.Roles <strong>and</strong> responsibilities for risk management aredescribed in detail in the Trust’s Risk ManagementStrategy. Responsibilities include:• All directors are operationally responsible forsafety <strong>and</strong> the effective management of riskwithin their areas of responsibility• All managers including team managers/leaders<strong>and</strong> heads of departments are responsible forhealth <strong>and</strong> safety <strong>and</strong> the effective managementof risks within their teams, services or departments• All staff in the Trust, including those ontemporary contracts, placements or secondments,<strong>and</strong> contractors must keep themselves <strong>and</strong> otherssafe. All staff have a duty of care to provide safeservices <strong>and</strong> do no harm. All health <strong>and</strong> socialcare staff working directly with service users <strong>and</strong>carers are responsible for ensuring that their workis safe <strong>and</strong> that they use systematic clinical riskassessment <strong>and</strong> management processes in thedelivery of care <strong>and</strong> treatment.13.3.2 Staff Training <strong>and</strong> DevelopmentStaff training <strong>and</strong> development needs with regardto risk management <strong>and</strong> safety are described in theTrust’s M<strong>and</strong>atory Training Policy. This policy wasrevised <strong>and</strong> approved by the Executive Directors’Group (in accordance with the Trust’s Policy onPolicies) in January 2011.Development for the Board <strong>and</strong> senior managersin 2012/13 has included various workshops onannual planning, looking at the external <strong>and</strong>internal environment, service <strong>and</strong> financial planning,financial challenges, optimising value in care <strong>and</strong> theimplications of the <strong>Health</strong> <strong>and</strong> <strong>Social</strong> <strong>Care</strong> Bill 2012.Training provided by the Trust for its staff includes:• Corporate Welcome – An introduction tothe organisation• Core Training – An intensive 4 day trainingpackage for all new starters, which includes riskmanagement, health <strong>and</strong> safety, equality <strong>and</strong>human rights, information governance, infectioncontrol etc. Training is tailored, dependent uponthe individual’s job role• Incident Reporting <strong>and</strong> Investigation (includingroot cause analysis);• Mental <strong>Health</strong> Act• Mental Capacity Act• <strong>Health</strong>, Safety <strong>and</strong> Security, including Fire Safety• Equality & Human Rights• Respect (Managing Violence <strong>and</strong> Aggression)• First Aid <strong>and</strong> Life Support (including Resuscitation)• Root Cause Analysis• Clinical Risk Assessment <strong>and</strong> Management• Medicines Management• Safeguarding Children <strong>and</strong> Vulnerable Adults• Infection Control• <strong>Care</strong> Programme Approach.The service directorates <strong>and</strong> the professional groupsalso provided a range of regular training up-datesfor their staff during the year.National Institute for <strong>Health</strong> <strong>and</strong> Clinical Excellence(NICE) guidance <strong>and</strong> evidence-based practicecontinue to be incorporated into clinical practice.NICE guideline implementation groups are establishedfor all mental health guidelines, progress is reportedthrough the Quality Improvement Group <strong>and</strong> quarterlyto the Quality Assurance Committee of the Boardof Directors. Performance on implementation ismonitored by the Medical Director <strong>and</strong> also by NHS<strong>Sheffield</strong>. All relevant NICE Technical Appraisals havebeen implemented within timescales.The Trust employs a range of suitably qualified<strong>and</strong> experienced persons who are accessible to allstaff to advise on risk issues, such as clinical risk,infection control, risk assessment, health <strong>and</strong> safety,litigation, liability, fire <strong>and</strong> security, environmental,estate management, medicines management,psychological therapies governance, safeguardingchildren <strong>and</strong> vulnerable adults, human resources<strong>and</strong> finance among others.137138
13.3.3 Learning from Good PracticeThe Trust utilises a number of methods for ensuringthat good practice <strong>and</strong> lessons learned are sharedacross the services. These include:• Utilising clinical audit/clinicaleffectiveness reports• Quality Improvement Group• Staff <strong>and</strong> service user surveys <strong>and</strong> thedissemination of results• Reports of compliments received <strong>and</strong> thelearning from complaints, incidents <strong>and</strong> claims• Improving quality events• Quality check meetings;• Team <strong>and</strong> directorate governance reports<strong>and</strong> events• Inpatient Forum (formerly Acute <strong>Care</strong> Forum)• Community <strong>Care</strong> Forum• Service User Safety Group• Sharing Good Practice events• Making contributions at conferences• Risk Register Leads meetings.A key learning point from incidents reported in theperiod is ensuring that service users’ families <strong>and</strong>carers are involved in care planning <strong>and</strong> decisionmaking. The Trust is continuing to improve recordkeeping to ensure comprehensive <strong>and</strong> timelyrecords are made. Communication between NHSprofessionals also needs to be strengthened to ensureinformation is shared appropriately.Learning is also shared through the Service UserSafety Group, as well as through a variety ofcommunications, for example Risk ManagementUpdate <strong>and</strong> Litigation News. As Chief Executive, Isend out a monthly letter to all staff, which includesreferences to good practice <strong>and</strong> achievements thatthe Trust has identified.The Trust’s annual Quality Accounts provide abalanced view of the Trust’s performance onquality issues.13.4 The Risk <strong>and</strong> Control Framework13.4.1 Risk Management StrategyThe Trust recognises that positive <strong>and</strong> managedrisk taking is essential for growth, development<strong>and</strong> innovation. ‘Risks’ are not seen as barriersto change <strong>and</strong> improvement; instead they arerecognised, considered <strong>and</strong> managed effectivelyas part of improvements.The Trust’s Risk Management Strategy, which wasrenamed <strong>and</strong> revised during 2012/13 <strong>and</strong> ratified inMarch 2013, is shared with new staff at induction,h<strong>and</strong>ed out at training courses <strong>and</strong> is available onthe Trust’s intranet <strong>and</strong> internet sites, together withother policies <strong>and</strong> procedures to inform practice.The Risk Management Strategy describes:• The Trust’s vision, values, attitude <strong>and</strong> strategicapproach to safety <strong>and</strong> risk management;• The Trust’s structure <strong>and</strong> governancearrangements for safety <strong>and</strong> risk management;• Roles, responsibilities <strong>and</strong> accountabilities forsafety <strong>and</strong> risk management;• The risk assessment <strong>and</strong> management processes;• Key components of risk management, namely:– Board Assurance Framework– Risk Registers– Incident <strong>and</strong> Serious Incident Reporting– Identification <strong>and</strong> analysis, control<strong>and</strong> monitoring,– Learning <strong>and</strong> sharing learning from Incidents,Complaints <strong>and</strong> Claims;• Staff Learning <strong>and</strong> Development• Involving Service Users <strong>and</strong> <strong>Care</strong>rs;• The Trust’s operational approach to riskmanagement;• Using evidence-based practice;• Using information effectively.Other policies related to the effective assessment<strong>and</strong> management of risk are available to all staffvia the Trust intranet <strong>and</strong> internet sites <strong>and</strong> arereferenced in the Risk Management Strategy.A system is in place to prompt the review <strong>and</strong>revision of policies as required.13.4.2 Risk Assessment <strong>and</strong> Monitoring SystemsIdentifying <strong>and</strong> managing risk is embedded in theactivity of the organisation through the governancestructure. This includes service governance withineach of the service directorates <strong>and</strong> agencies, <strong>and</strong>team governance in all clinical teams. Each teamproduces a report at least annually, for directoratereview. All Directorates are reviewed through aregular performance review with the Executive Team.Risks to achieving the Trust’s corporate objectives<strong>and</strong> risks to the viability of the Trust are recorded<strong>and</strong> monitored through the Board AssuranceFramework, which is linked to the broader Trust(Corporate) Risk Register. All risks are assessed usinga stepped approach which identifies <strong>and</strong> analysesthe risk, identifies the control measures in place<strong>and</strong> how effective these are <strong>and</strong> the actions thatneed to be taken to reduce/mitigate/remove therisk. Risks are graded according to their severity<strong>and</strong> likelihood of recurrence, using a 5 x 5 riskgrading matrix based upon guidance produced bythe former National Patient Safety Agency. All risksthat are categorised as moderate or high (scoring12 or above) are entered onto the Corporate RiskRegister, together with all risks that are categorisedas cross-Trust risks, for example, information riskswhich affect more than one directorate. Risks arerecorded on the Ulysses Safeguard system which isan electronic database with sub sections for eachdirectorate. Within directorates, individual teamsor departments also have their own sub-sections.All recorded risks have an accountable individual<strong>and</strong> are reviewed <strong>and</strong> monitored by the appropriateoperational governance group.Directorate Risk Registers are reviewed as part ofthe service review process to ensure that they are‘live’ <strong>and</strong> being managed effectively <strong>and</strong> efficiently.Each directorate has a risk register lead who isresponsible for reviewing <strong>and</strong> maintaining their riskregister. The Corporate Risk Register is administeredby the Risk Register Co-ordinator, who also providesadvice, support <strong>and</strong> guidance for the directorate riskregister leads.All high level risks are reported to the ExecutiveDirectors Group <strong>and</strong> the Board of Directors monthlyusing a Board Risk Profile. The Corporate RiskRegister is reviewed <strong>and</strong> reported to the ExecutiveDirectors’ Group, the Quality Assurance Committee<strong>and</strong> the Audit <strong>and</strong> Assurance Committee quarterly.Risks are also highlighted via feedback from incidents,including serious incidents, complaints, concerns,claims <strong>and</strong> other queries. The Executive Directors’Group, Clinical, Service <strong>and</strong> Support Directors receivea monthly overview of all on-going serious incidents.Directorates also receive monthly reports on theirown incidents..The Quality Assurance Committee of the Board ofDirectors <strong>and</strong> directorates receive quarterly reportson incidents <strong>and</strong> complaints which analyse thedata from these sources for any trends <strong>and</strong> issuesidentified. National benchmarking information fromthe National Patient Safety Agency (responsibilitiespassed to National Commissioning Board) is usedto underst<strong>and</strong> <strong>and</strong> interpret the Trust’s incidentreporting patterns. The findings of external inquiries<strong>and</strong> national reports are also shared <strong>and</strong> acted uponas described in the Trust’s National ConfidentialEnquiries Policy.13.4.3 Board Assurance FrameworkThe Board has an approved Board AssuranceFramework for the period 1st April 2012 to31st March 2013, which was last approved by theBoard in March 2013. The Assurance Frameworkis based on the Trust’s strategic aims, as describedin the Annual Business Plan, <strong>and</strong> the corporateobjectives derived from these strategic aims. TheBoard Assurance Framework was further developedthis year to take into account recommendationsfrom Internal Audit reports. Key high level <strong>and</strong>corporate risks identified through risk registerswere incorporated during the development ofthe Framework.Implementation of the actions in the BoardAssurance Framework is monitored through theExecutive Directors’ Group. The Framework isup-dated <strong>and</strong> reviewed quarterly by the ExecutiveDirectors’ Group <strong>and</strong> the Audit <strong>and</strong> AssuranceCommittee <strong>and</strong> bi-annually by the Board.As at 1st April 2013, there are no high level risksrecorded on the Assurance Framework. There are,however, a number of risks graded as moderate orbelow. The Board Assurance Framework recordsrisks associated with the achievement of the Trust’sstrategic objectives <strong>and</strong> acknowledges <strong>and</strong> identifiesareas where improvements are required. However,none of the areas identified are deemed to besignificant or pose a serious risk to the effectiveness139140