Risk Management in the HSE Overview of Policy

Risk Management in the HSE Overview of Policy and Guidance 2017

What is Risk Management? It is about being aware of the potential of things that can adversely affect your service/function (risks) and putting in place actions (controls) to make sure that the likelihood of them occurring is reduced in so far as is reasonably practicable.

Risk v’s Incident A risk is something that COULD happen An incident is something that HAS happened In the period Jan – December 2016 7382 – Acute Hospital 1962 – CHO ‘Incidents’ reported were in fact issues where staff identified that there was a ‘risk’ of an incident occurring!

Consequences of this 1. It is ‘skewing’ incident reporting data 2. It is reducing the opportunity for services to identify and manage risks

Addressing this issue Through consultation and training we plan to phase out the recording of risks on the NIMS system. In the future these issues will need to be reported through the service’s Risk Management Process.

Why Manage Risk? Internal • Need to deliver high quality safe services • A requirement of good governance • Assist in delivery of agreed objectives External • A regulatory requirement e. g. HIQA, MHC, HSA etc • Public confidence

This is not new • The HSE has had an Integrated Risk Management Policy since 2007 • Risk Management is a feature of many functions in the HSE However……!

It is often seen as…. • Someone else’s business • A piece of compliance e. g. a ‘have to do’ • Complex • Irrelevant

We need to move to a position where it’s seen as …. • • Everyone’s business Relevant Adding value Accessible

But isn’t risk management the job of the risk manager/advisor? NO! - Everybody is a risk manager for their area of responsibility!

During a visit to the NASA space centre in 1962, President JFK noticed a janitor carrying a broom. He interrupted his tour, walked over to the man and said, "Hi, I'm Jack Kennedy. What are you doing? “ "Well, Mr. President, " the janitor responded, "I'm helping put a man on the moon. "

HSE Framework for Risk Management

HSE Framework for Risk Management

HSE Framework for Risk Management

HSE Framework for Risk Management

Integrated Risk Management Policy Key messages • Articulates the HSE’s position in relation to risk and its management • Seeks to embed risk management as part of the normal day to day activities rather than a separate activity • Sets out the roles and responsibilities for Risk Management • Identifies a consistent process for risk management and provides an overview of this process

Risk Management Process Similar to the 2011 Policy it is aligned to the ISO 31000 Risk Management

Managing Risk in Everyday Practice - Guidance This guidance is intended to provide you with an understanding of the need for and your responsibilities in relation to, managing risk in your area of responsibility

Managing Risk in Everyday Practice 4 key themes each with a core question

Anticipate Anticipation involves thinking ahead and envisioning the things that are most likely to contribute to risk or safety failures e. g. • • • The environment of care, The way care is delivered, The vulnerability of your service users, The competence of your staff, The extent to which team working is the norm etc.

Vigilance in this context refers to the heightened sense of awareness that you need to adopt and engender within the workplace on a day to day basis to ensure ongoing safety in the delivery of services e. g. • Vulnerabilities relating to individual service users e. g. medication, deterioration, self harm, tissue viability, falls risk etc. • Service vulnerabilities e. g. staff fatigue due to long shifts, availability of equipment, wider organisational issues that might impact on service delivery.

Responding in this context refers to using data and information in relation to issues occurring e. g. from incidents or audits to effectiveness of the mitigation of risks on your register e. g. if falls has been identified as a risk on your register and is being actively managed what does your falls data tell you about the success of the controls that you have in place. If the controls are effective you should be seeing a reduction in falls, if not your controls may need to be reviewed.

Learn and Improve This relates to taking a broader look at available information from both within your service and external to your service i. e. not just that relating to assessed risks in order to act as: – A prompt for further questions or action e. g. what do we do that would prevent this happening here? – An early warning mechanism of risk about poor quality e. g. is there a pattern which might indicate an emerging risk? – A mechanism to identify opportunities to drive quality improvement.

Risk Assessment and Treatment Key Messages Establishing your services context for risk management is a critical first step. Within that context what are your key service objectives? Consider the risks that might threaten the achievement of those objectives? Describe any risks identified in a consistent and targeted way e. g. use the ICC approach.

Identifying Risk

Not all risk needs a formal management plan!

Not all risk needs a formal management plan! e m e g a n e S l b si k s i R e n a M t n

Risk Analysis, Evaluation and Treatment Key Messages Risks that require a management plan to address should be formally assessed. Risk assessment should be carried out by someone who know the subject matter relating to the risk. Risk advisors/managers can support and advise on the risk assessment process.

The importance of the Risk Description The quality of the risk assessment is critically dependant on a good risk description e. g. Infection Control V’s Risk of harm to patients due to the a failure to comply with infection prevention and control standards in X service.

Characteristics of a Good Risk Description The ‘ICC Rule’ – Impact, Cause and Context Risk of harm to patients (Impact) due to the a failure to comply with infection prevention and control standards (Cause) in X service (Context).

Identifying Controls Next ask a number of questions • What should be in place if this risk is to be managed? • Of these, what is in place? • Are there any ‘yes but. . ’ answers?

How do I identify the controls that should be in place? Are all the controls listed in place? List here (one per line) all Controls Required to Manage the Risk Description Yes No Yes But… Enter Risk Description here

Existing Controls 1. Those controls that are in place i. e. Yes answers 2. Those elements of the Yes but. . Answers that are in place

Rating the Risk Taking account of the EXISTING CONTROLS only and using the HSE’s Risk Assessment Tool assign an impact score and a likelihood score. Risk Rating = Impact X Likelihood

HSE Risk Assessment Tool

Additional Controls (Actions) Required 1. Controls that should be in place but are not in place. 2. The balance of the ‘yes but…’ controls required

A word about actions! • They must be SMART • They must have a deliverable attached • They must be assigned a ‘due date’ • They must be assigned to a named person for completion

Rules for assigning actions • To your self • To a member of your team • To your manager

Managing and Monitoring Risk Registers Key Messages • Include formally assessed risks on the risk register • Monitoring relates both to the robustness of existing controls and to the completion of additional controls required. • Decisions to close or monitor a risk will relate to changes in the rating of the risk i. e. that the level of risk is acceptable.

Re-rating Risk Depends on a review of the ‘existing controls’ e. g. Where actions have been completed they become ‘new existing controls’ and may serve to reduce the likelihood of the risk occurring Or conversely; Where controls that existed at the time of assessment no longer exist it may serve to increase the likelihood of the risk occurring

Conclusion • The management of risk is everyone’s business • Risk is an inevitable part of health service delivery • Staff must develop a level of risk awareness within day to day operations • Risks that require a formal management plan to mitigate should be formally assessed. • Monitoring of assessed risks should be on-going and focus on reducing the level of risk to an acceptable level.

Any Questions?

HSE EXCEL RISK REGISTER • Excel Risk Register and • Instructions manual are available on hse. ie QAVD section http: //www. hse. ie/eng/about/QAVD/riskmanagement/ • Download and save as ‘Excel Macro Enabled Workbook’

HSE EXCEL RISK REGISTER The Excel Risk Register contains 6 Sections (Sheets) 6 sections: 1. Basic Details 2. Dash Board 3. Summary 4. Risk Register 5. Risk Action Log 6. Closed Risks

HSE EXCEL RISK REGISTER Section 1: Basic Details 1. Enter the Name of Risk Register 2. Enter the Risk Register Owner. 3. Generating Reports TIP: - It is useful to use a meaningful naming convention when naming your Risk Register. The name of the Risk Register is linked to the Risk ID that is assigned to each new risk entered on the Register. Acute Hospital Division Hospital Group A County General Hospital = AHDHGACGH

HSE EXCEL RISK REGISTER Section 2: Dash Board 1. Series of pie and bar charts to display: o o o Risk Status Current Risk Rating Initial Risk Rating Actions Status Risk Category Risk Criteria

HSE EXCEL RISK REGISTER Section 3: Summary 1. The majority of data on this screen defaults in from the risk data entered on the Risk Register and Risk Action Log sections. 2. The only data entry required on this screen is inputting the Risk Rating change within reporting cycles.

HSE EXCEL RISK REGISTER Section 4: Risk Register 1. 2. 3. 4. 5. 6. 7. 8. Enter new risks – unique Risk ID auto generates Close Risks Add or delete Risk Owner Add or delete Risk Coordinator Enter or delete existing controls Enter Initial Risk Rating Risk Review date Creating Sub Register reports to send to Risk Coordinators

HSE EXCEL RISK REGISTER Section 5: Risk Action Log 1. Enter additional actions to mitigate risk 2. Assign Action Owners & action due date 3. Enter Action Update 4. Action status 5. Current Risk Rating 6. Add or delete ‘Action Owner(s)’

HSE EXCEL RISK REGISTER Section 6: Closed Risks Closing a Risk moves the Risk from the Risk Register Risk Action Log & Summary section(s) into the Closed Risk Section.

HSE EXCEL RISK REGISTER Preparing Sub Registers to send to Risk Coordinators 1. Enter relevant month on Basic Details section 2. In Risk Register section click the Sub-register radio button 3. Locate file, rename, save and send to the Relevant Risk Coordinator to provide updates. 4. On receipt of updates from Risk Coordinators enter updates into the Master Risk Register.

HSE EXCEL RISK REGISTER Generating a Report 1. Enter the relevant month in the Basic Details section e. g. February-17. Then click on the Report radio button. 2. On Risk Detail section in the Workbook, right click and Choose ‘Select All sheets’ 3. Then save the file: Click on File, Save As, enter file name e. g. February 2017 Report and save as a ‘PDF’ file.

Exercise Entering a Risk onto the Excel Risk Register from a Risk Assessment Form