Annual Report 2006 - Royal Devon & Exeter Hospital

Statement of Internal Control1.0 Scope of responsibility1.1 As Accounting Officer, I have responsibility formaintaining a sound system of internal control thatsupports the achievement of the Trust’s policies,aims and objectives, whilst safeguarding thepublic funds and departmental assets for which Iam personally responsible, in accordance with theresponsibilities assigned to me. I am also responsiblefor ensuring that the Trust is administeredprudently and economically and that resourcesare applied efficiently and effectively. In addition,I also acknowledge my responsibilities as set outin the NHS Foundation Trust Accounting OfficerMemorandum.2.0 Purpose of the system of internalcontrol2.1 The system of internal control is designed tomanage risk to a reasonable level rather than toeliminate all risk of failure to achieve policies,aims and objectives; it can therefore onlyprovide reasonable and not absolute assurance ofeffectiveness. The system of internal control isbased on an ongoing process designed to:• identify and prioritise the risks to theachievement of the policies, aims andobjectives of the Trust;• evaluate the likelihood of those risks beingrealised and the impact should they berealised, and to manage them efficiently,effectively and economically.2.2 The system of internal control has been in placein the Trust for the year ended 31 March 2006 andup to the date of approval of the Annual Report andAccounts.3.0 Capacity to handle risk3.1 The Governance Committee (sub committee ofthe Board of Directors) provides leadership to therisk-management process. This committee deals withall types of risk, both clinical and organisational.The risk-management department offers adviceand teaching to the Trust on all matters of riskmanagement. Specialist functions also exist tomanage various agendas.These include:• governance and risk manager;• fire, infection control and radiation advisors;• occupational health physician and healthadvisors;• governance support unit providing clinicalaudit and research ethics advice;• Trust solicitor;• complaints department;• Patient Advice and Liaison Service (PALS).3.2 Guidance and training are provided to staffthrough both corporate and local induction,update training, specific risk-managementtraining, policies and procedures and feedbackfrom audits, inspections and incident reporting.Included within this is the sharing of good practiceand learning from incidents.3.3 Risk-management training courses are run on afrequent basis to teach the necessary skills neededto undertake risk-management duties. Root-causeanalysistraining has also been undertaken toequip the organisation with the necessary skills toinvestigate and learn from more serious incidents.3.4 Policies and procedures are updated on afrequent basis to offer a benchmark to the Truston how to manage risk. Some of these policies,specifically the risk-management strategy, riskassessment policy and procedure and the incidentand investigation policy and procedure, alsoinform external stakeholders of the Trust positionin these areas.4.0 The risk and control framework4.1 A key element of the risk-managementstrategy is a standard methodology in which risk isevaluated, using a likelihood consequence matrix.The roles and responsibilities of key players andall members of staff within the organisationare also detailed. The terms of reference ofthe Governance Committee and the governancestructure are also highlighted along with the termsof reference of all committees reporting to theGovernance Committee.4.2 The Trust uses a risk register to manage boththe higher level and trustwide risks that arefaced by the organisation. Directorate-based riskregisters have also been developed to enabledirectorates to manage the risk-assessmentprocess.4.3 Directorates undertake risk-managementactivities within their own sphere of responsibilityby holding regular directorate governance groupsmeetings.29