Вы находитесь на странице: 1из 9

247559760.xls.

ms_office
RISK
NO.
RISK DESCRIPTION COMMENT ON
RISK
RISK IDENTIFIED
(MM/DD/YYYY)
PREVIOUS RISK
SEVERITY SCORE
RISK CATEGORY CONTROLS CONSEQUENCE
SCORE
LIKELIHOOD
SCORE
CURRENT RISK
SEVERITY
SCORE
(RESIDUAL)
CONTROL
EFFECTIVENESS
SCORE
CHANGE IN
RISK
RISK OWNER RISK STRATEGY RISK
TREATMENT/S
TREATMENT DUE
DATE (MM/DD/YYY)
1 Declines in service delivery standards due
to a shortage of adequately skilled nursing
staff
July 25, 2007 20 OPERATIONAL - HR &
Training
Bursary Programme/ Training
interventions/ Quality
reviews/ incident reporting
and analysis
5 4 20 4 UNCHANGED HR Manager/
Director
Transfer To be confirmed December 31, 2010
7 Inability to attract and retain skilled staff
impacting on service delivery standards
July 25, 2007 12 OPERATIONAL - HR &
Training
Staff development schemes/
Funding obtained to 'top-up'
base pay levels for critical
positions/ Use of recruitment
agencies
4 5 20 3 GETTING
WORSE
HR Manager/
Director
Reduce To be confirmed December 31, 2010
6 Death of patients due to medication errors July 25, 2007 12 CORE SERVICES -
Clinical Effectiveness
Recruitment and training
programmes/ Incident and
near miss reporting in
RiskMan/ Incident
investigation process/
Prescription of high-risk
drugs managed by
experienced senior medical
staff.
4 4 16 2 GETTING
WORSE
Director: Clinical
Services
Reduce To be confirmed December 1, 2010
19 Harm suffered by customers/ patients due
to malfunction of key medical equipment
(e.g. ventilators, heart monitor)
July 25, 2007 4 OPERATIONAL -
Facilities Management
Maintenance programme/
Capital replacement
programme/ Staff training in
equipment usage
4 4 16 2 GETTING
WORSE
UNALLOCATED Reduce To be confirmed September 30, 2010
25 Current IT systems lack adequate
Management Information and Reporting
capabilities, resulting in poor decision
making and funds allocation.
July 25, 2007 12 IT & SYSTEMS -
System Functionality
No controls in place 3 5 15 4 GETTING
WORSE
Financial Manager Avoid To be confirmed January 15, 2011
5 Death of patients due to delays in
admissions process
July 25, 2007 16 OPERATIONAL Internal Audit review and
redesign of Admissions
process (2006)/ New Patient
Records IT system
5 3 15 2 IMPROVING Operations Manager/
Director
Reduce To be confirmed September 20, 2010
23 Life threatening patient care errors and
omissions resulting from overworked/
tired clinical staff.
July 25, 2007 9 CORE SERVICES -
Clinical Risk
Limit to shift length/ Enforced
breaks during shifts/ Annual
leave
5 3 15 2 GETTING
WORSE
Director: Clinical
Services
Reduce To be confirmed August 15, 2010
27 Loss of accreditation due to consistent
pattern of patient harm, caused by
incorrect diagnoses and treatment plans.
July 25, 2007 15 CORE SERVICES
(CLINICAL)
Staff recruitment and training/
Limit to shift length/ Approved
treatment regimes for
common medical conditions/
Enforced breaks during
shifts/ Annual leave/ Junior
medical staff not permitted to
prescribe/ dispense high risk
medicines, managed high risk
patients
5 3 15 2 UNCHANGED UNALLOCATED Reduce To be confirmed August 30, 2010
28 Lack of cash handling procedures and
controls resulting in misappropriation/
theft of funds.
July 25, 2007 20 FINANCIAL - Billing &
Debtors
Patient Admissions IT system
incorporates a billing module/
Daily reconciliation of tills in
pharmacy, admission desks
and canteen/ Internal Audit
reviews/ Cash takings
banked daily, recorded on
Finance system
3 5 15 2 IMPROVING Chief Financial
Officer
Reduce To be confirmed December 1, 2010
24 Inability to meet demand for home-based
care due to shortages of fleet vehicles.
July 25, 2007 12 OPERATIONAL - Asset
& Fleet Management
No controls in place/
Volunteer driver programme
under investigation/ Carers
transported by relatives
3 4 12 4 UNCHANGED Financial Manager Reduce To be confirmed August 15, 2010
10 Unplanned failure/s to core IT systems July 25, 2007 6 IT & SYSTEMS BCP Plan in development/ Off-
site back-up of patient data/
Use of paper-based records
4 3 12 3 GETTING
WORSE
IT Manager/ CIO Reduce To be confirmed February 28, 2010
21 Competition from other institutions (public
and private) in terms of use of new
medical technology, which may result in a
decline in organisations standing, and
hence patient and revenue growth.
July 25, 2007 3 STRATEGIC Medium term strategic
planning process/ Ongoing
research into healthcare
trends/ Membership of
industry discussion forums
4 3 12 2 GETTING
WORSE
CEO Reduce To be confirmed February 28, 2011
30 Failure to meet financial reporting
deadlines resulting in non-compliance
with government/ Auditor General
requirements.
July 25, 2007 6 FINANCIAL - Reporting Annual budgeting and
reporting cycles defined/
Monthly and annual reporting
processes/ Compliance and
risk management reviews
3 4 12 1 GETTING
WORSE
Chief Financial
Officer
Reduce To be confirmed September 1, 2010
12 Injuries, losses and interruptions caused
by a natural disaster (floods, fires etc)
July 25, 2007 5 STRATEGIC -
Business Continuity
State Disaster Management
Processes/ BCP in
development/ Emergency
Response dry-runs
5 2 10 3 GETTING
WORSE
Risk Committee Reduce To be confirmed February 28, 2011
26 Loss of customer records due to IT
system failure/ corruption of system data.
July 25, 2007 8 IT & SYSTEMS BCP Plan in development/ Off-
site back-up of patient data/
Use of paper-based records
5 2 10 3 GETTING
WORSE
IT Manager/ CIO Reduce To be confirmed February 28, 2011
Page 1 of 9
247559760.xls.ms_office
RISK
NO.
RISK DESCRIPTION COMMENT ON
RISK
RISK IDENTIFIED
(MM/DD/YYYY)
PREVIOUS RISK
SEVERITY SCORE
RISK CATEGORY CONTROLS CONSEQUENCE
SCORE
LIKELIHOOD
SCORE
CURRENT RISK
SEVERITY
SCORE
(RESIDUAL)
CONTROL
EFFECTIVENESS
SCORE
CHANGE IN
RISK
RISK OWNER RISK STRATEGY RISK
TREATMENT/S
TREATMENT DUE
DATE (MM/DD/YYY)
8 Failure to deploy and manage resources
effectively to meet required service level
standards
July 25, 2007 20 STRATEGIC -
Strategic Planning
Annual business planning and
budgeting process/ Zero
based budgeting/
Expenditure review
committee/ Internal Audit
5 2 10 2 IMPROVING CEO Reduce To be confirmed December 1, 2010
15 Loss of patient records due to IT system
failures
July 25, 2007 12 IT & SYSTEMS BCP Plan in development/ Off-
site back-up of patient data/
Use of paper-based records
5 2 10 2 IMPROVING IT Manager/ CIO Reduce To be confirmed February 28, 2011
4 Legal claims resulting from breaches of
patient confidentiality requirements
July 25, 2007 20 STRATEGIC -
Compliance & Legal
Secure storage and limited
access rights to patient
records/ Patient consent
forms/ Staff ethics training
3 3 9 3 IMPROVING Legal and
Compliance Officer
Reduce To be confirmed September 1, 2010
22 Corporate failure of Hospital Food
Company, impacting on XYZ Hospitals
ability to meet in-patient nutritional (meal)
requirements.
July 25, 2007 9 OPERATIONAL -
Purchasing and
Supplies
Service Level Agreement with
supplier/ Alternative suppliers
investigated
3 3 9 3 UNCHANGED Operations Manager/
Director
Reduce To be confirmed August 20, 2010
11 Research misconduct by scientist can
lead to patient harm, damage to
institutions reputation and loss of funding
July 25, 2007 10 CORE SERVICES -
Clinical Risk
Clinical Ethics committee/
Research review Board/
Independent researchers not
granted access to research
facilities/ Contract prohibiting
researchers from
communicating with press
3 3 9 2 IMPROVING Director: Clinical
Services
Reduce To be confirmed November 1, 2010
18 Severe injury/ death of staff due to
workplace accidents caused by lack of
maintenance to public areas (lifts,
stairwells, corridors etc.)
July 25, 2007 16 OPERATIONAL -
Facilities Management
Facilities Management
involvement with Worksafe
programmes/ Maintenance
budget/ OH&S training/
Signage of potential dangers/
Access control processes to
high risk areas
3 3 9 2 IMPROVING Facilities Manager Reduce To be confirmed September 30, 2010
14 Loss of public confidence in the
organization due to negative publicity
July 25, 2007 20 STRATEGIC -
Stakeholder Relations
Communications Officer/
Public Communications
Programme/ Researchers
and staff not permitted to
speak directly to press
4 2 8 3 IMPROVING CEO Reduce To be confirmed August 20, 2010
16 Organisations funding allocation from
State is not sufficient to provide for
increasing costs associated with provision
of current services, resulting in possible
decline in patient care levels, removal of
non-core services and/or decline in
patient numbers.
July 25, 2007 16 STRATEGIC Annual budgeting and
business planning process/
Submissions of strategic
plans to healthcare agencies/
Donations and Sponsorship
initiatives
4 2 8 3 IMPROVING CEO Reduce To be confirmed December 31, 2010
20 Organisational services not changing/
adjusting to meet changing public and
customer needs, resulting in a loss of
patients and funding.
July 25, 2007 5 STRATEGIC -
Strategic Planning
Medium term strategic
planning process
4 2 8 3 GETTING
WORSE
CEO Reduce To be confirmed February 28, 2011
2 Personnel job descriptions do not reflect
organisational needs, resulting in
unqualified employees performing critical
tasks.
July 25, 2007 15 OPERATIONAL - HR &
Training
Alignment of job descriptions
to balanced scorecard for
organisation/ Annual review
of reporting structures
4 2 8 2 IMPROVING HR Manager/
Director
Reduce To be confirmed December 31, 2010
9 Inability to implement legislative changes
in a timely manner
July 25, 2007 8 OPERATIONAL -
Health & Safety
Regulatory compliance
workgroup/ Health Legal
updates/ Project
Management Office
4 2 8 2 UNCHANGED Legal and
Compliance Officer
Reduce To be confirmed February 28, 2011
17 Duplication of effort/ critical tasks not
completed due to overlap in staff
responsibilities, lack of role clarity.
July 25, 2007 15 STRATEGIC -
Governance
Alignment of job descriptions
to balanced scorecard for
organisation/ Annual review
of reporting structures
2 4 8 2 IMPROVING HR Manager/
Director
Reduce To be confirmed November 15, 2010
29 Budget over-runs due to poor control of
expenditure relating to the hospital
expansion programme.
July 25, 2007 10 FINANCIAL Annual budgeting process/
Monthly budget variance
reports/ Management
approval of all extraordinary
expenditures/ Internal Audit
reviews/ Financial system
reporting
2 4 8 2 IMPROVING Chief Financial
Officer
Reduce To be confirmed August 25, 2010
13 Failure to raise adequate philanthropic
funds to support ongoing outpatient care
programme.
July 25, 2007 3 FINANCIAL No controls in place 2 2 4 4 GETTING
WORSE
CEO Reduce To be confirmed March 20, 2011
3 Ineffective marketing of aged care
services and facilities leading to under
utilised resources
July 25, 2007 10 STRATEGIC -
Stakeholder Relations
Public Communication
Programme/ Aged Care
Outreach Initiatives
3 1 3 3 IMPROVING PR and Marketing
Manager
Reduce To be confirmed October 16, 2010
Page 2 of 9
RISK CATEGORY
CORE SERVICES (CLINICAL)
CORE SERVICES - Clinical Effectiveness
CORE SERVICES - Clinical Risk
CORE SERVICES - Education & Training
CORE SERVICES - Emergency Services
CORE SERVICES- Consumer Participation
FINANCIAL
FINANCIAL - Billing & Debtors
FINANCIAL - Budgeting
FINANCIAL - Creditors and Payments
FINANCIAL - Reporting
IT & SYSTEMS
IT & SYSTEMS - Data Completeness
IT & SYSTEMS - Data Quality
IT & SYSTEMS - IT Security
IT & SYSTEMS - System Functionality
OPERATIONAL
OPERATIONAL - Asset & Fleet
Management
OPERATIONAL - Customer Services
OPERATIONAL - Facilities Management
OPERATIONAL - Health & Safety
OPERATIONAL - HR & Training
OPERATIONAL - Purchasing and Supplies
STRATEGIC
STRATEGIC - Business Continuity
STRATEGIC - Compliance & Legal
STRATEGIC - Governance
STRATEGIC - Stakeholder Relations
STRATEGIC - Strategic Planning
SCORE DESCRIPTION FINANCIAL
(Additional costs
and/or loss of
income)
1 INSIGNIFICANT < $10,000
2 MINOR $10,000 to $49,999
3 MODERATE $50,000 to
$249,999
4 MAJOR $250,000 to
$999.999
5 CATASTROPHIC >$1,000,000
SCORE DESCRIPTION PERCENT
EFFECTIVE
1 VERY EFFECTIVE CONTROL
DESIGN, WELL
IMPLEMENTED, PREVENT &
DETECT RISKS/ BREACHES
2 SOME CONTROLS IN PLACE,
PARTIALLY EFFECTIVE
3 FEW CONTROLS IN PLACE,
POORLY FUNCTIONING
CONSEQUENCE
CONTROL EFEFCTIVENESS
4 NO CONTROLS IN PLACE, OR
CURRENT CONTROLS HAVE
NO EFFECT
10-20%
RISK
STRATEGY
Avoid
Transfer
Reduce
Accept
REPUTATIONAL LEGAL OPERATIONAL/ PROCESS
Little or no impact Little or no impact Little or no impact
Sporadic localised unfavourable
publicity; No impact on staff morale
Minor delays in meeting legal
requirements/ fulfilling SLAs
etc.
Some inefficiencies and/or delays
in delivery of support services and
non-critical functions. No impact
on client service standards.
Localised negative publicity;
Limited impact on staff morale;
Managed by appropriate response
by Institution's PR/ Marketing
function
Some breach of material terms
of key contracts/ SLAs. Threat
of legal action against
institution, but able to be
resolved through negotiation/
remedial action by institution.
Inability to provide key support
services according to minimal
expected service levels (billing,
security; payroll, canteen; staff
training). No notable impact on
client service standards.
Significant/ continued negative
publicity in local/ regional press;
Low staff morale; Requires
intervention of Institution's
Executive/ CEO to answer public
concerns
Noticeable increase in claims
and legal liability; Most
exposures covered by existing
insurance cover
Delays and inefficiencies in core
processes and systems impacting
significantly on customer service
levels. Increased risk of serious
client injury, disability etc.
Significant/ continued negative
publicity in national press; Low staff
morale resulting in loss of key staff;
Permanent loss of patient trust;
Withdrawal of funding/ key grants
etc.; Possible intervention of
Minister
Significant increase in volume
and value of legal exposures
and claims; Critical services
impacted by cancellation of
supplier contracts; Exposures
not covered by current
insurance cover
Critical processes/ systems not
available for extended period.
Inability to perform core client-
facing functions. Prolonged
inability to provide basic services.
Possibility of client death due to
interruptions to basic services.
CONSEQUENCE
SCORE DESCRIPTION EXAMPLE
1 RARE Highly unlikely to occur in next 5
years. No history of adverse event
in organisation.
2 UNLIKELY Event not likely to occur in next 12
months, but there is a slight
possibility of occurrence.
3 POSSIBLE 50% chance of occurrence in next
12 months.
4 LIKELY There is a strong likelihood that the
event will occur at least once in the
next 6-12 months. History of
event/s in institution or similar
organisations.
5 ALMOST
CERTAIN
The adverse event will definitely
occur, probably multiple times in a
year.
LIKELIHOOD
POSITION
Board of Directors
CEO
Chief Financial Officer
Facilities Manager
Director: Clinical Services
Financial Manager
Head of Nursing
HR Manager/ Director
Internal Audit Manager
IT Manager/ CIO
Legal and Compliance Officer
Operations Manager/ Director
PR and Marketing Manager
Risk Committee
Risk Manager
UNALLOCATED