Plymouth Community Healthcare CIC

Risk Register & Risk Assessment Procedure

Version No 1

Notice to staff using a paper copy of this guidance

The policies and procedures page of Healthnet holds the most
recent and approved version of this guidance. Staff must
ensure they are using the most recent guidance.

Author:

Health, Safety & Security Manager

Asset Number:

819

Page 1 of 24
Risk Register & Risk Assessment Policy and Procedure

Reader Information and Asset Registration

Title

Risk Register & Risk Assessment Procedure V1

Information Asset
Register Number
Rights of Access
Type of Formal Paper
Category
Format
Language

819

Subject
Document Purpose
and Description

Author
Ratification Date
Publication Date
Review Date and
Frequency of Review
Disposal Date
Job Title of Person
Responsible for
Review
Target Audience

Public
Procedure
Corporate
Microsoft Word 2003 and PDF
English
How to pro-actively manage identified risks locally and when to
escalate it.
This document underpins the Risk Management Strategy,
describes the responsibilities and procedures associated with
the process of risk assessment and promotes dynamic use and
maintenance of Risk Management Workbooks enabling formal
PCH risk management processes.
Assistant Director of Risk and Safety
27th September 2012. Policy Ratification Group.
12/11/2012
Review at least two-yearly
The Policy Ratification Group will retain an e-signed copy for
the database in accordance with the Retention and Disposal
Schedule; all previous copies will be destroyed.
Health, Safety & Security Manager

All Plymouth Community Healthcare staff

Electronic: Via Plymouth Healthnet
Written:
Upon request to the Policy Ratification Secretary
on 01752 435104
Circulation List
Please note if this document is needed in other formats or
languages please ask the document author to arrange this
Consultation was undertaken with members of the Health,
Safety & Security and Operational Risk Management
Committees from the following areas:
Central & North East Locality
City / Corporate Locality
Consultation Process
Plym / Plymstock Locality
South West Locality
South East Locality
North West Locality
Childrens & Families Services Workforce Development
Estates and Facilities
JCCN
Equality Analysis
Checklist completed
NHSLA Risk Management Standards for 2012-13 (for non-NHS
Providers of NHS Care)
Health and Safety at Work Act 1974
References/Source
Management of Health and Safety at Work Regulations 1999
Workplace (Health, Safety and Welfare) Regulations 1992
Manual Handling Operations Regulations 1992

Page 2 of 24
Risk Register & Risk Assessment Policy and Procedure

Control of Substances Hazardous to Health Regulations 1999

(COSHH)
Personal Protective Equipment (PPE) Regulations 1992
Health and Safety (Display Screen Equipment) Regulations
1992
Reporting of Injuries, Diseases and Dangerous Occurrences
Regulations 1985 (RIDDOR)
Supersedes
Document
Author Contact
Details

New document
By post:

Tel:
Fax:
Publisher (for
externally produced
information):

Mount Gould Local Care Centre

200 Mount Gould Road
Plymouth
Devon PL4 7PY
0845 155 8085
01752 272522 (LCC Reception)

N/A

Document Review History

Version
Number

V1

Details
i.e. updated
or full
review
New
document

Date

July 2012

Originator of
Change
Risk
Management
Advisor

Description of
and reason for change(s)
Formal PCH procedure to
support statutory
requirements, strategy, health
and safety policies, and inhouse training provision.

Page 3 of 24
Risk Register & Risk Assessment Policy and Procedure

Contents of Risk Register and Risk Assessment Procedure

Page

Introduction

Purpose

Definitions

Risk Register & Risk Assessor Responsibilities

Formal Risk Management Process

10

5.1 Risk Register & Risk Assessor Training

10

5.2 Risk Management Workbook

11

5.3 Risk Register

11

5.4 Risk Assessments

11

5.5 Resources

12

5.6 Support for Risk Assessors

12

Central Monitoring of Risk Registers

13

Escalation of Risk

13

Training Implications

13

Monitoring Effectiveness

13

10

Associated Documentation

14

Appendix A

Risk Scoring Matrix

15

Appendix B

Escalation of Risk Flow Chart

20

Appendix C

Example and Blank Risk Assessment Template

21

Appendix D

Quick Risk Assessment Reference Guide

23

Page 4 of 24
Risk Register & Risk Assessment Policy and Procedure

Risk Register & Risk Assessment Policy and Procedure

1

Introduction

1.1

This policy is part of a suite of policies that enables the delivery of Plymouth
Community Healthcares (hereafter referred to as PCH) Risk Management
Strategy. It describes the responsibilities and procedures associated with the
process of risk assessment and the development and maintenance of risk registers
in PCH.

1.2

Proper risk assessment can help all NHS organisations, teams and individuals set
their priorities and improve decision-making to reach an optimal balance of risk,
benefit and cost. Risks can be described as clinical, environmental, financial,
political or affecting public perception and reputation (NPSA, 2006).

1.3

Risk assessment is a risk management and clinical governance tool which the
organisation uses to:
a)
b)
c)
d)
e)
f)
g)

Gather facts about various activities and services and their associated
hazards and risks;
Assist in the identification of risks that are a threat to the achievement of
strategic objectives;
Highlight the need to eliminate or manage identified hazards and risks, in
order to protect the safety and well-being of staff, patients, visitors and the
organisation as a whole;
Take corrective actions when new risks are identified or existing risks are not
adequately controlled;
Assess the likelihood and consequence of risks causing harm or damage;
Gauge the consequence of non-compliance;
Consider the consequences of not meeting key objectives.

1.4

PCH is committed to a process of proactive risk assessment and management

within current services and activities. The organisation will use risk assessment as
part of Corporate, local business and project planning, in the establishment,
restructuring or redesigning of services and in the development of Risk Registers.

1.5

A risk register is a management tool that provides an organisation with information

on its risk profile and is a repository for risk information across all areas of activity.
This repository is at the heart of the internal control system and contains details of
the risks that threaten PCHs success in achieving its stated aims and objectives.

1.6

PCH will face a number of risks which will potentially affect achievement of its aims
and objectives; these include:
a)

Corporate risks ~ operating within powers, fulfilling responsibilities,

accountability to public;

b)

Risks to Reputation ~ quality of services, communication, patient experience

c)

External risks ~ political, environmental, social, environmental, meteorological

Page 5 of 24
Risk Register & Risk Assessment Policy and Procedure

d)

Clinical risks ~ associated with service standards, competencies,

complications, equipment, medicines, staffing, patient information;

e)

Health and safety risks ~ ensuring the well being of staff and patients whilst
providing or using services;

f)

Business Risks ~ associated with managing the affairs of the organisation,

human resources, information & IT, financial and internal management,
achieving objectives;

g)

Risks to Assets ~ security, protection, optimum use, maintenance,

replacement

1.7

In PCH, the Risk Registers are populated through the organisations risk
assessment and evaluation process. This process enables risks to be quantified
and ranked. It provides a structure for collecting information about risks that will
assist both in the analysis of risk, and in decisions about whether or how these
risks must be controlled, managed and monitored.

1.8

Risk Registers can also support decision making on how resources should be
allocated. Ideally, all decisions such as changes in policy, procedures or practices,
service developments, enterprises such as new projects and all associated
resource commitments should result in reductions to the organisations highest
priority risks. At all levels, proposals to make changes or commit resources must
include reference to the effect this may have on the risk profile of the organisation.

1.9

In PCH, risk assessments must be recorded in Risk Registers which are located in
Risk Management Workbooks found locally on the Groups:\ network drive.

Purpose

In addition to supporting the Risk Management Strategy and Health & Safety
Policy, the purpose of this document is to ensure that PCH has a general
assessment process which:
a)

Defines a risk assessment, risk register and other associated terms

commonly used;

b)

Clarifies who is responsible throughout the process from identification to

resolution;

c)

Specifies how they will be considered, prioritised and managed within PCH;

d)

Is simple to use;

e)

Provides consistent scores when used by staff from a variety of roles and
professions;

f)

Is capable of assessing a wide range of risks.

Page 6 of 24
Risk Register & Risk Assessment Policy and Procedure

Definitions

3.1

Hazard is anything with the potential to cause harm, loss or damage. Hazards
can be broken down into Biological, Chemical, Physical, Ergonomic, Psychosocial,
Financial and Clinical.

3.2

Risk the chance of suffering harm caused by a hazard, loss or damage or the
possibility that PCH will not achieve one or more of its objectives.

3.3

Risk Assessment is consideration of what may cause harm to people or PCH

functions and whether or not precautions to prevent harm or loss are possible.

3.4

Corporate Risk Register a documented and prioritised log of the overall

assessment of a range of risks faced by the organisation.

3.5

Local Risk Register an Excel worksheet in the Risk Management Workbook

used by services / units / wards / departments at local level that require
addressing, and detail remedial actions arising from the risk assessment process
in their areas effectively realising an action plan.

3.5

Risk Management Workbook an Excel document located on the

Groups:\network drive; one for every service / unit / ward / department. The Risk
Management Workbook (RMW) incorporates the Risk Register wherein all risk
assessments are undertaken, scored and formulated into dynamic local Action
Status Reports notifying managers of remedial actions, and current status of risk
assessments (i.e. due or overdue).

3.6

Escalation of Risk the route through which risks, unable to be resolved at local
level, may be escalated for Board level ownership into the Corporate Risk
Register.

3.7

Reasonably Practicable this is a balance of cost or possible negative impact of

implementing controls against the level of risk.

3.8

Safe System of Work is a formal and approved procedure with safe working
methods stated that employees must follow in order to control or eliminate work.

3.9

Risk Issues/Types are problems that face PCH (i.e. clinical, health and safety,
business, etc).

3.10

Risk Management is the pro-active (i.e. internal and external audits, risk
assessments, self-assessment of risk, central alert system (CAS), etc) and
reactive management (incidents, complaints, litigation, external and internal audits,
etc) of uncertainty that may impact upon PCH to deliver its services in a safe and
appropriate way

3.11

Local for the purposes of this policy, local refers to activities undertaken at
services / units / wards / departments level.

3.12

Competent in terms of risk assessors, the member of staff should possess

sufficient skill and knowledge in relation to the service and activities in which they
are engaged, including IT capabilities (i.e. Excel).

Page 7 of 24
Risk Register & Risk Assessment Policy and Procedure

Risk Register & Risk Assessor Responsibilities

4.1

Corporate Responsibility - the Corporate Risk Register is reviewed by the

Executive Team and the Board, on a quarterly basis. Executive Directors consider
the content and grading of corporate risks on a quarterly basis.

4.2

All Locality Managers shall:

4.3

a)

attend the requisite Managers Core Mandatory Risk Management Training

followed by Risk Register & Risk Assessor Training for Managers sessions,
and subsequent two-yearly refresher training;

b)

ensure each manager has read and understand the Risk Management
Strategy and associated health and safety policies;

c)

through locality management meetings, ensure Risk Register information is

reviewed on a quarterly basis so that they remain effective;

d)

ensure identified risks recorded on Risk Registers are appropriately reviewed

to reflect learning outcomes from incident / complaint / legal investigations.

All PCH Managers shall:

a)

attend the requisite Managers Core Mandatory Risk Management Training

followed by Risk Register & Risk Assessor Training for Managers sessions,
with regular support being offered by the Risk Management Team where it is
deemed necessary;

b)

must familiarise themselves with this policy and procedure, which should be
read in conjunction with the Risk Management Strategy and health and safety
policies;

c)

ensure they understand the risk process and how risk registers are used to
identify, record and address risk issues;

d)

use risk assessment to pro-actively manage risk issues within their area of
responsibility, and ensure that sufficient and suitable controls are
implemented that are proportionate to the level of risk;

e)

ensure significant high risks identified are escalated immediately (see

Escalation of Risk section) if a control measure is not possible or the required
actions are outside their remit of responsibility;

f)

co-operate in communicating information from their own local Risk Registers

to their staff, managers or Corporate Risk Register;

g)

ensure new risks or changes to existing risk assessments are recorded in the
Risk Register, monitoring remedial actions to eliminate, reduce or control
risks until the issue is resolved;

h)

involve staff in the review and completion of risk assessments and the Risk
Register;

Page 8 of 24
Risk Register & Risk Assessment Policy and Procedure

4.4

4.5

i)

depending on the size of their service / unit / ward / department, appoint at

least one other capable member of staff to be trained as a Risk Assessor in
order to support them in their role; this role to be included in the appointed
member of staffs job description and is additional to their substantive role
and provided with appropriate time to undertake their Risk Assessor duties;

j)

complete the Care Quality Commission (CQC) column (yellow) assuring their
Risk Assessors that risk assessments inputted by them have been duly
reviewed;

k)

ensure that their staff are aware of the process and content of the Risk
Register.

Appointed Risk Assessors shall:

a)

attend Health and Safety Risk Assessor Training with subsequent regular
refresher training / support deemed as required;

b)

support their manager by bringing to their attention local operational risk

issues that they have either identified or had brought to their attention by
other staff members, recording such risks onto their local Risk Register and
discussing appropriate remedial actions, owners and deadlines;

c)

liaise with their risk assessor colleagues / managers to annually complete a

set of self-audits and any resulting risk assessment, as per training;

Risk Management Team:

a)

will provide all risk management training, including Risk Register and Risk
Assessor training in order to facilitate undertaking of risk assessments at local
level;

b)

provide appropriate advice, support and extra 1:1 tuition to staff as required;

c)

centrally manage all Risk Management Workbooks to ensure health and

safety compliance by all services / units / wards / departments;

d)

provide exception reports to the Risk Management Committee for areas of

service demonstrating non-compliance.

4.6

All PCH employees are responsible for ensuring they understand the process of
and findings of risk assessments, and follow the controls and identified actions
outlined in the Risk Register and risk assessments. They must make managers
aware of any risks to patient safety, health and safety or other risk issues.

4.7

Staff Health & Wellbeing should be consulted on risk assessment issues where
they may be an impact on the health of staff.

Page 9 of 24
Risk Register & Risk Assessment Policy and Procedure

Formal Risk Management Process

5.1

Risk Register & Risk Assessor Training

5.1.1

Only competent persons can carry out risk assessments. By definition, this is
someone with relevant knowledge, training and experience of the hazards and risk
associated with the processes to be assessed.

5.1.2

All staff will have access to risk management and health and safety information,
instruction and training, including how to effectively use the Risk Management
Workbook; the level and nature of the training will vary according to local need.

5.1.3

PCHs Executive Team will collate the annual training needs of the Board, such as
risk management training incorporating Risk Registers and Risk Assessor Training
delivered at the appropriate level.

5.1.4

Locality / Deputy Locality Managers and all local managers will receive Risk
Register & Risk Assessor Training for Managers, and to attend refresher sessions
on a two-yearly basis; course dates are available from the Professional Training &
Development Department.

5.1.5

Local managers are to nominate at least one member of staff from each of their
teams to attend Health & Safety Risk Assessor Training, and to attend refresher
sessions on a two-yearly basis; course dates are available from the Professional
Training & Development Department.

5.1.6

Training programmes will consist of the legal requirements behind the need for risk
assessments, the methodology for assessing and recording risks, an introduction
to the Risk Management Workbook, and live undertaking of practical risk
assessments in line with local health and safety self-audits.

5.1.7

Risk management and incident reporting are introduced in the corporate induction
training.

5.1.8

A record of any training and any names of attendees / non-attendees will be

recorded and passed to the Professional Development & Training Department for
recording on the Electronic Staff Record (ESR); managers will be contacted for
following up any non-attendees.

5.2

Risk Management Workbook

5.2.1

Only staff who have attended Risk Register and Risk Assessor training have
access to their local Risk Register, which is an Excel workbook located on the
Groups:\ network drive (i.e. G:\District Nurse_C&NE). Either the Locality Manager
or their deputy will also have access to the Risk Management Workbooks (RMW)
within the remit of their responsibility, provided they too have received, or are
scheduled to receive, Risk Register and Risk Assessor training.

Page 10 of 24
Risk Register & Risk Assessment Policy and Procedure

5.2.2

Risk Management Workbooks (RMW) are made up of a number of worksheets:

a)
b)
c)
d)
e)
f)
g)

Risk Register
Self Audits (Health and Safety issues i.e. clinical waste, infection prevention
and control, display screen equipment, manual handling, etc)
Equipment Register (a log of all equipment held locally, which will
automatically populate a MEMS worksheet)
Quarterly Fire Checklists
Fire Risk Assessment
Workplace Assessment
Action Status Report

5.3

Risk Register

5.3.1

A Risk Register is a log of all risk

assessments that have identified issues
that may threaten the service / unit /
ward / department from effective service
provision thus, collectively, impacting
upon PCHs business objectives.

Health and
Safety

Workforce
Planning

Quality /
Complaints /
Audit

Business
Interruption

Risk Register

Business
Objectives /
Projects

Adverse
Publicity /
Reputation

Finance
including claims

5.3.2

Risk Registers (within RMWs) must be

used to record risk assessments,
detailing identified risks and how they
are being controlled.

5.3.3

There are two levels of Risk Register within PCH; local and corporate. There are
Risk Registers set up on the Groups:\ network drive for all PCH services/teams
managed locally, however, there is only one Corporate Risk Register managed by
the Risk Management Team on behalf of the Board.

5.4

Risk Assessments

5.4.1

A risk assessment seeks to answer four simple questions:

Staff
Development /
Competence

Do nothing; review
occasionally to ensure
position remains the same.

What can
go
wrong?

How
bad?

How
often?

No
Is there a
need for
action?
Yes
Identify and implement
actions to reduce the harm or
likelihood of recurring.

Page 11 of 24
Risk Register & Risk Assessment Policy and Procedure

5.4.2

A suitable and sufficient risk assessment can be undertaken by following the five
steps, in brief, from the HSEs guidance 5 Steps to Risk Assessment:
Step 1 Identification of hazards and associated risks (i.e. use of syringe and
potential for inoculation injury or severe staffing shortages impacting on
patient care and service delivery)
Step 2 Decide who or what might be affected and how (injury, loss or damage).
Step 3 Evaluate the risks and decide whether the existing control measures /
precautions in place are adequate or whether more should be done. A
risk-scoring matrix is available to assist with the evaluation of the severity
and likelihood of the risk. Treat the risk (i.e. decide what additional
remedial action can be taken); this could range from to eliminating,
reducing or controlling the risk, to accepting the risk if it is minimal.
Step 4 Record your findings in and communicate the risk and controls measures
to those who need to know (i.e. all people who could be affected).
Step 5 Review the assessment looking at the effect of the risk and any actions
taken.

5.4.3

Further information is also available from Healthcare Risk Assessment Made Easy
published by the National Patients Safety Agency (NPSA).

5.4.5

PCH utilises the NPSA Risk Scoring Matrix (Appendix A) with minor amendment to
restrict the risk gradings to low, medium and high risk, the use of which within Step
3 (see above) is discussed in detail during training of Risk Assessors. Further
information can also be found in NPSAs publication: A risk matrix for risk
managers.

5.4.6

Risk assessments should be retained whilst they remain current, and for six years
following the date of their review.

5.5

Resources

5.5.1

No additional resources have been identified as a result of approval of this Policy

and Procedure, however, it is likely that issues will arise which will require
resources when establishing effective controls that need to be put in place to
manage risks. As such issues arise a full review will be undertaken and resources
may be identified as part of the remedial action planning process.

5.6

Support for Risk Assessors

5.6.1

Once trained, every Risk Assessor irrespective of grade or role will also have
access to the Risk Management Workbook Manual; a detailed pictorial guide to
support learning from training sessions, covering all topics as detailed in 5.2.2
above.

Page 12 of 24
Risk Register & Risk Assessment Policy and Procedure

5.6.2

All trained Risk Assessors have access to the Risk Workbook Manual, available on
the Groups:\ network drive. This manual is a detailed and pictorial tool to further
support Risk Assessors navigate their way around the Risk Management
Workbook, including the Risk Register and risk assessments.

5.6.3

In addition to the manual, verbal risk management advice, information and support
are freely available from the Risk Management Team, together with additional 1:1
tuition for trained Risk Assessors upon request.

Central Monitoring of Risk Registers

6.1

All Risk Registers (within RMWs) are on the Groups:\ network driving allowing
central monitoring of Risk Registers and statutory health and safety compliance
(i.e. completion of self-audits on RMWs) by the Risk Management Team.

6.2

The Risk Management Team will undertake exception reporting to the Risk
Management Committee of statutory non-compliance and risks recorded as high,
in order to identify whether advice, support and extra 1:1 tuition is required to
reduce the risk to a more appropriate level (i.e. perhaps risk has been scored too
high, or more remedial actions are required, or whether risk is unable to be
managed with local resources).

Escalation of Risks (Appendix B for Escalation of Risk Flow Chart)

7.1

Trained Risk Assessors undertake risk assessments locally. Risks that need
further controls are entered onto their local Risk Register, which is regularly
reviewed and maintained through team meetings (using print outs of the Action
Status Reports). Risks requiring action outside the remit of the local service / unit /
ward / department should be referred to the Risk Management Team, following
discussion with the relevant Locality / Deputy Locality Manager.

7.2

The Risk Management Team will determine whether it can offer appropriate advice
and support and may refer it on to the Risk Management Committee (a sub-group
of the Board) for wider consultation and, if not, will forward it to the Executive
Team to discuss whether or not to place it upon the Corporate Risk Register.

Training Implications (Please refer to 5.1 above)

Monitoring Effectiveness

9.1

Locality / Deputy Locality Managers and their managers are responsible for
regularly reviewing local Risk Registers within all areas of their remit.

9.2

Risk Management Team

9.2.1

The commercial insurers of PCH are keenly interested in the risk management
process for the organisation and, in particular, statutory compliance. Therefore,
Risk Registers have been created and placed on the Groups:\ network drive to
enable regular effective monitoring of local risk issues by the Risk Management
Team.

Page 13 of 24
Risk Register & Risk Assessment Policy and Procedure

9.2.2
9.2.3

Compliance will also be monitored by internal auditors and external agencies (i.e.
CQC, HSE, etc) as part of periodic reviews / inspections.
With effect from October 2012, exception reporting on a quarterly basis will
commence to the Risk Management Committee, as a standing agenda item.

9.2.4

The Health, Safety & Security Committee will receive assurances on a quarterly
basis that the Risk Register is effectively implemented and managed locally.

9.2.5

The Safety & Quality Committee, on behalf of the Board, will review the Corporate
Risk Register on a quarterly basis.

10

Associated Documentation
Risk Management Strategy
Information Governance Strategy
*Health and safety policies
Clinical policies
Workforce Development policies and guidance

Page 14 of 24
Risk Register & Risk Assessment Policy and Procedure

Appendix A
PCHs RISK SCORING MATRIX
Plymouth Community Healthcare CIC has chosen to continue using the NPSA risk matrix
as its standard method of grading risk.
Levels of Consequence
Choose the most appropriate domain for the identified risk from the left hand side of the
table Then work along the columns in same row to assess the severity of the risk on the
scale of 1 to 5 to determine the consequence score, which is the number given at the top of
the column.
Consequence score (severity levels) and examples of descriptors
Domains
Impact on
the safety
of patients,
staff or
public
(physical /
psychological
harm)

1
Negligible
Minimal injury
requiring
no/minimal
intervention
or treatment.
No time off
work

2
Minor
Minor injury or
illness, requiring
minor
intervention

3
Moderate
Moderate injury
requiring
professional
intervention

Requiring time off

work for >7 days

Requiring time off

work for 7-14 days

Increase in length
of hospital stay
by 1-3 days

Increase in length
of hospital stay by
7-15 days
RIDDOR/agency
reportable incident
An event which
impacts on a small
number of patients

Quality /
complaints
/ audit

Peripheral
element of
treatment or
service
suboptimal
Informal
complaint /
inquiry

Overall treatment
or service
suboptimal
Formal complaint
(stage 1)
Local resolution
Single failure to
meet internal
standards

Treatment or
service has
significantly
reduced
effectiveness
Formal complaint
(stage 2) complaint
Local resolution
(with potential to go
to independent
review)

Minor
implications for
patient safety if
unresolved

Repeated failure to
meet internal
standards

Reduced
performance
rating if
unresolved

Major patient safety

implications if
findings are not
acted on

4
Major
Major injury
leading to longterm
incapacity/disa
bility

5
Catastrophic
Incident leading
to death

Requiring time
off work for >14
days
Increase in
length of
hospital stay by
>15 days
Mismanagement of patient
care with longterm effects
Noncompliance
with national
standards with
significant risk
to patients if
unresolved
Multiple
complaints/
independent
review
Low
performance
rating

Multiple
permanent
injuries or
irreversible
health effects
An event which
impacts on a
large number of
patients

Totally
unacceptable
level or quality
of treatment /
service
Gross failure of
patient safety if
findings not
acted on
Inquest/ombud
sman inquiry
Gross failure to
meet national
standards

Critical report

Page 15 of 24
Risk Register & Risk Assessment Policy and Procedure

Human
resources /
organisational
development /
staffing /
competence

Short-term
low staffing
level that
temporarily
reduces
service
quality (< 1
day)

Low staffing level

that reduces the
service quality

Late delivery of key

objective/ service
due to lack of staff
Unsafe staffing
level or
competence (>1
day)
Low staff morale
Poor staff
attendance for
mandatory / key
training

Uncertain
delivery of key
objective /
service due to
lack of staff

Non-delivery of
key objective /
service due to
lack of staff
Ongoing
unsafe staffing
levels or
competence

Unsafe staffing
level or
competence
(>5 days)

Loss of several
key staff

Loss of key
staff

No staff
attending
mandatory
training / key
training on an
ongoing basis

Very low staff

morale
No staff
attending
mandatory /
key training

Statutory
duty /
inspections

No or
minimal
impact or
breech of
guidance /
statutory duty

Breech of
statutory
legislation
Reduced
performance
rating if
unresolved

Single breech in
statutory duty

Enforcement
action

Multiple
breeches in
statutory duty

Challenging
external
recommendations /
improvement notice

Multiple
breeches in
statutory duty

Prosecution

Improvement
notices

Complete
systems
change
required

Low
performance
rating

Zero
performance
rating

Critical report
Severely critical
report
Adverse
publicity /
reputation

Rumours
Potential for
public
concern

Local media
coverage
short-term
reduction in
public confidence

Local media
coverage
long-term reduction
in public confidence

Elements of
public
expectation not
being met

National media
coverage with
<3 days service
well below
reasonable
public
expectation

National media
coverage with
>3 days service
well below
reasonable
public
expectation.
MP concerned
(questions in
the House)
Total loss of
public
confidence

Page 16 of 24
Risk Register & Risk Assessment Policy and Procedure

Business
objectives /
projects

Insignificant
cost increase
/ schedule
slippage

<5 per cent over

project budget

510 per cent over

project budget

Schedule
slippage

Schedule slippage

Noncompliance
with national
1025 per cent
over project
budget

Incident leading
>25 per cent
over project
budget
Schedule
slippage

Schedule
slippage

Key objectives
not met

Key objectives
not met
Finance
including
claims

Small loss
Risk of claim
remote

Loss of 0.10.25
per cent of
budget
Claim less than
10,000

Loss of 0.250.5
per cent of budget
Claim(s) between
10,000 and
100,000

Uncertain
delivery of key
objective/Loss
of 0.51.0 per
cent of budget

Non-delivery of
key objective/
Loss of >1 per
cent of budget
Failure to meet
specification/
slippage

Claim(s)
between
100,000 and
1 million
Purchasers
failing to pay on
time

Loss of
contract /
payment by
results
Claim(s) >1
million

Service /
business
interruption
Environmental
impact

Loss /
interruption of
>1 hour
Minimal or no
impact on the
environment

Loss/interruption
of >8 hours

Loss/interruption of
>1 day

Minor impact on
environment

Moderate impact
on environment

Loss /
interruption of
>1 week

Permanent loss
of service or
facility

Major impact
on environment

Catastrophic
impact on
environment

Page 17 of 24
Risk Register & Risk Assessment Policy and Procedure

Likelihood score (L)

What is the likelihood of the consequence occurring?
The frequency-based score is appropriate in most circumstances and is easier to identify. It
should be used whenever it is possible to identify a frequency.
Likelihood
score

Descriptor

Rare

Unlikely

Possible

Likely

Almost
certain

This will
probably never
happen/recur

Do not expect it
to happen/recur
but it is possible
it may do so

Might happen or
recur
occasionally

Will probably
happen/recur but
it is not a
persisting issue

Will
undoubtedly
happen/recur,
possibly
frequently

Frequency
How often
might it/does it
happen

Risk scoring = Consequence x Likelihood (C x L)

Likelihood
Likelihood
score

Rare

Unlikely

Possible

Likely

5 Catastrophic

10

15

20

Almost
certain
25

4 Major

12

16

20

3 Moderate

12

15

2 Minor
1 Negligible

2
1

4
2

6
3

8
4

10
5

For grading risk, the scores obtained from the risk matrix are assigned grades as follows:
14
5 12
15 - 25

Low risk
Medium risk
High risk

Page 18 of 24
Risk Register & Risk Assessment Policy and Procedure

Authority of Managers With Regard to Managing Risk:

KEY:

Low risk

Low risks are deemed as acceptable risks to Plymouth

Community Healthcare, and require no immediate
action but must be monitored regularly by the service
and reviewed annually or when circumstances change.
Managers are encouraged to take action on low risks
particularly when these risks can be easily minimised be
eliminated. These risks will be actioned locally within
the service and entered as a local risk on the Risk
Register within the Risk Management Workbook.

Medium risk

Medium Risk - not acceptable unless a consensual

decision is taken by a senior manager and team.
Similarly not acceptable for a clinical risk unless a
consensual decision is taken by a senior manager and
senior clinician and team.
Where appropriate the service should consider the risks
and an agreed remedial action plan. These risks will be
actioned locally and entered as a local risk on the Risk
Register. The service will monitor the application of the
action plan and review the risk grading and, if required,
adjust.
Risks that cannot be reduced locally should be notified
in the first instance to the Locality Manager who may,
after consideration, take the issue to the Risk
Management Team. The risk will be evaluated and, if
appropriate, entered onto the Corporate Risk Register.
All risks should have developed and implemented
appropriate remedial action plans. The Locality
Manager will monitor the application of any such action
plans and, if required, reduce the risk grading.

High risk

High Risk - not acceptable unless the Board makes a

consensual decision. These risks will be entered on the
Corporate Risk Register. Appropriate actions may be
developed and implemented. The Risk Management
Team will monitor the application of any such remedial
action plans and review and, if required, reduce the risk
grading.
The Corporate Risk Register will go to Plymouth
Community Healthcares Board for discussion every
three months or more frequently if needed.

Page 19 of 24
Risk Register & Risk Assessment Policy and Procedure

Appendix B
New Risk Identified at Service/Unit//Ward/Department
Record risk assessment on Risk Register
(incorporated within the Excel based Risk Management Workbook)

Risk to be reviewed by Manager

Yes

No

Can risk be managed locally?

Escalate risk to Locality Manager

Manage risk
Yes
Manager monitors Local
Risk Register as part of
normal governance
arrangements along with
feedback on reported
incidents.

Can risk be managed locally?

No

Risk Management Team

review assessment of risk
Yes

Can risk be managed

with assistance from Risk
Management Team?

No

Intervention by Risk Management Team

Risk Management Team
forwards risk to the
Executive Team of
PCH Board.
The Executive Team discuss risk and agree if
it should go on the Corporate Risk Register.
PCH Board will monitor the Corporate Risk
Register quarterly. If a commissioning risk it
will be forwarded to the Commissioners
accordingly.

Review at PCH Board

Risk accepted by
Plymouth Community Healthcare CIC

Intervention / Control

Page 20 of 24
Risk Register & Risk Assessment Policy and Procedure

Appendix C
Date

Hazard & Associated Risks

[i.e. 3 Jul
date will
automatic
ally
format)

V1 - Document Management - lack of

document organisation within shared
folder will result in:
a) Duplication and confusion, especially
if documents are not version- controlled;
b) Additional occupational stress for staff
trying to locate documents
c) Mis-understanding/communication
when relaying information to staff /
patients
d) Potential for clinical negligence,
complaints, adverse publicity possibly
leading to lack of public confidence,
downward turn in business and
subsequent threat to service provision

CQC
Outcome

Controls in Place

Outcome 1:
Respecting
and involving
people who
use services

Hyperlink

1) Team members have access to a shared

folder on the Groups:./ drive

Likelihood

Consequence

Risk
Score

Likely - 4

Moderat
e-3

12
Medium

undertaken by [name of risk assessor]

REMEDIAL ACTIONS
1st Remedial Action
Discuss proposed changes re
document organisation to team
members, with a flow chart, if
required

Owner

Due Date

Team Manager
[state their name]

[i.e. 3 Jul
date will
automatic
ally
format)

Date
Completed

2nd Remedial Action

[i.e. 3 Jul
date will
automatically
format)

Identify MOS to review

current arrangements and
agree new arrangements
with team.

Owner

Due Date

Date
Completed

MOS
[state their
name]

[i.e. 3 Jul
date will
automatically
format)

[i.e. 3 Jul
date will
automatically
format)

Tip: Alt+Enter allows user to

create more lines in an Excel cell.

Page 21 of 24
Risk Register & Risk Assessment Policy and Procedure

Blank template Risk Assessment from Excel Risk Register in Risk Management Workbook
Date

Hazard & Associated Risks

CQC
Outcome

Controls in Place

Hyperlink

Likelihood

Consequence

Risk
Score

REMEDIAL ACTIONS
1st Remedial Action

Owner

Due Date

Date
Comp

2nd Remedial Action

Owner

Due Date

Date
Comp

Page 22 of 24
Risk Register & Risk Assessment Policy and Procedure

Appendix D
Quick Risk Assessment Reference Guide
For ease of reference, and in support of training provided by the Risk Management Team,
the guide below is a summary of actions required. This does not negate the need for those
involved in the process to be aware of and follow the detail of this procedure. The purpose
of a risk assessment is to identify risks associated with legal, moral and financial duties in
relation to your service activities, removing them where possible, or otherwise adopting all
the control measures and precautions that are reasonable and practical in the
circumstances.
1)

Identify the risk - risks may be identified through a variety of mechanisms from:

Walking around your workplace and looking afresh at what could reasonably be
expected to cause harm (i.e. change in practice / new equipment / relocation)
Business / Service Delivery Plans / Eligibility Criteria
Incident Forms / Serious Incidents
Complaints / Litigation
Health & Safety Risk Self-Audits / Workplace Inspections
External Assessment / Audit including: Care Quality Commission, Environmental
Health, Internal Audit, Audit Commission
National Confidential Enquiries, National Service Frameworks, Recommendations
from other external high level enquiries and reports

NB:

Dont forget to consider who could be at risk of harm / what could be at risk of loss or
damage.

2)

Assess the Risk - once a risk has been identified a risk assessment should be
completed directly onto the Risk Register, incorporated within the Risk Management
Workbook, the risk evaluated and scored in accordance with the risk scoring matrix
(Appendix A), the outcome of which will identify whether more needs to be done to
reduce or control the risk accordingly. Record appropriate remedial actions where
they have been identified as being required to further reduce the risk of the harm /
loss / damage being realised, giving each remedial action an owner and a deadline
to be completed this becomes the Action Plan. When considering remedial
actions, ask yourself:

Can I remove the risk/hazard altogether?

If not, what controls need to be in place, so that likelihood (chance) of the risk
occurring will be eliminated or reduced as far as is reasonably practicable and / or
the consequence reduced, should the risk be realized?
What assurance will I be able to get as to whether the controls are working?
What the predicted (residual) risk rating is likely to be once all the controls are in
place?

3)

Monitoring / Reviewing the Risk - all risks recorded on local Risk Registers
(incorporated within the Risk Management Workbook) will require regular monitoring
by the service / unit / ward / team manager and communicated to your staff. In
addition to this local monitoring, quarterly monitoring and exception reporting will be
undertaken by the Risk Management Team to the Operational Risk Management
Committee.

Page 23 of 24
Risk Register & Risk Assessment Policy and Procedure

All policies are required to be electronically signed by the Lead Director

(the policy will not be accepted onto Healthnet until the e-signature is
received).
The proof of signature for all policies is stored in the policies database.
The Lead Director approves this document and any attached appendices.
Signed:
Title: Deputy Chief Executive/Director of Governance

Date:

Page 24 of 24
Risk Register & Risk Assessment Policy and Procedure