Risk Management Strategy

The Trust Board has a duty to ensure that all persons using its premises are protected from all foreseeable hazards / risks in so far as they may be affected by the activities of the Royal National Orthopaedic Hospital NHS Trust.

The Trust Board is committed to ensuring that risks are managed appropriately in line with statutory, mandatory and best or good practice requirements. The aim of the risk management programme is to make the effective management of risk an integral part of everyday management practice. This can be achieved if there is a comprehensive and cohesive risk management system in place, underpinned by clear accountability arrangements throughout the management organisational structure. The Trust takes a holistic approach to risk management incorporating both clinical and non-clinical risk The risk management strategy will be integrated into the achievement of the Trust's business objectives and will in turn support the organisations strategic plan. The aims and objectives are developed with consideration of the assurance framework and risk register which reflects all risks as well as those identified through the requirements of internal and external agendas.

Accountability arrangements

The Chief Executive has overall responsibility for having an effective risk management system in place within the Trust and for meeting all statutory requirements and adhering to guidance issued by the Department of Health in respect to Governance.

Directors are responsible for organising and arranging risk management matters within their General Management Units. Intractable problems are referred to the Chief Executive. Three Executive Directors, have on behalf of the Chief Executive been delegated responsibility for managing specific areas of risk as detailed below; -

Director of Human Resources and Corporate Affairs has delegated responsibility for managing the strategic development and implementation of organisational risk management, non-clinical risk and controls assurance.

Director of Nursing has delegated responsibility for managing strategic development and implementation of clinical risk management and clinical governance.

Director of Finance has delegated responsibility for managing the strategic development and implementation of financial risk management.

Service Managers (Risk Facilitators) are responsible for co-ordinating on behalf of the Chief Executive / Executive Director the activities of the Risk Officers at ward / departmental level and have the authority to manage risks that are within their level of competency and budgetary constraints.

Ward / Departmental Mangers are responsible for the management of risk relating to the staff they supervise and the workplaces they control. They have the authority to manage risk within their level of competency and within the financial constraints of their ward / department.

Risk Officers (Link Person Within Each Ward / Department) act as the link person at ward / departmental level for all matters relating to risk management issues.

Responsibilities Of All Staff
All staff have a statutory requirement to take care as far as is possible of their health and safety and that of others who may be affected by their acts or omissions at work. Staff must act in accordance with training and instruction provided by the Trust.
Staff must use all machinery, equipment, dangerous substances, means of production, transport equipment and safety devices in accordance with any relevant training and instruction provided by the Trust and inform employers of dangerous situations and short comings in the health and safety arrangements of the organisation. This can be achieved by using the incident reporting procedure.

Responsibilities Of Contractors And Agency Staff
Contractors and agency staff must work in accordance with the health and safety arrangements of the Trust.

Risk management organisational structure

Figure One (attached) outlines the Trust Board committee structure that defines and lists the reporting structure sitting beneath the formal sub-committees of the Board. The aim of this structure is to integrate the Trust's risk management structure to ensure a supportive and comprehensive risk management organisational structure.

Risk Management Board - Purpose
The purpose of the Risk Management Board is to have overall responsibility for establishing a strategic approach to risk management across the organisation, ensuring that the approach is pro-active. The Board is also responsible for the overall co-ordination of risk management activity. It ensures that the necessary processes are in place to achieve compliance with statutory requirements and to protect the Trusts' patients, staff and assets. Risk management will be an integral part of the Trusts' strategic and operational objectives.

As part of this process, it receives information from the following groups; -

  • Clinical Governance Board
  • Finance Committee
  • Audit Committee
  • IM&T Board
  • Joint Staff Management Committee - JSMC

Establishment of Risk Management Board
The Risk Management Board is established in accordance with Standing Financial Instructions Section 2 and guidance set out by the NHS Executive.

Authority and Accountability
The Board is a formal sub group of the Trust Board, which is authorised to make executive decisions regarding the management of risk. The Board reports to the Trust Board by the submission of minutes of each meeting and provides regular reports for information and approval. These are detailed in the table below.

Table One: Reports Sent To Risk Management Board
Documentation Frequency of Issue to Trust Board
Assurance Framework Every 8 weeks
Risk Management Board Minutes Every 8 weeks
Corporate Risk register and Accepted Risk Register Every 6 months
Risk Management Strategy Annually
Risk Management Report Annually


  • Agree, monitor and ratify the Trust's risk management strategy and policies. The Board will be made aware of all policies approved by the Clinical Governance Board, Finance Committee and Audit Committee, ensuring the policies are implemented effectively, reviewed, updated and approved
  • Act as the Trust co-ordinating body on all risk-related policies and procedures in conjunction with other specialist committees
  • Assist the Board in defining acceptable risk within the organisation
  • Ensure that adequate organisational systems are in place for implementing controls assurance
  • Make recommendations to the Trust Board on priority risk areas and appropriate action required
  • Oversee identification and implementation of the risk management action plan and risk registers
  • Review all directorate risk registers
  • Review and approve the "accepted" risk registers
  • Monitor and review the Trusts assurance framework and monitor the assurances detailed within the document
  • Receive information on incidents and their analysis on a Trust wide basis and assess trends and developments and make recommendations on appropriate improvements
  • Prepare an annual progress report for the Trust Board at the end of each financial year
  • Review the Risk Management Strategy on an annual basis
  • Ensure that all requirements are met for the Chief Executive to sign the annual Statement of Internal Control
  • To be informed of any serious untoward incidents and ensure that follow up actions plans are developed, implemented and monitored
  • To be informed of external visits, assessments or requests for information by members of inspection bodies, audit bodies or other external agencies

Frequency of meetings
The committee will meet every eight weeks

The quorum will be the chair (or deputy chair), 2 Directors with delegated responsibility for risk and 4 other group members.

Reporting Arrangements into the Committee from Sub-committees
The Risk Management Board receives and reviews all minutes of committees with delegated responsibilities for specific areas of risk:

  • Clinical Governance Board
  • Finance Committee
  • IM&T Board
  • Joint Staff Management Committee - JSMC

Required Frequency of Attendance by Members
It is highly important that members attend the Risk Management Board on a regular basis. No more than two meetings should be missed in any one year unless due to extenuating circumstances. Where possible a delegated deputy should attend the meeting in the absence of a Risk Management Board member.

If a committee member is unable to attend the meeting or send a deputy then a formal summary report of progress made against their areas of responsibility should be given to the Risk Manager, in advance of the meeting, identifying the key issues that should be raised.

Process for Monitoring the Effectiveness of all of the above
The effectiveness of the Risk Management Board is monitored through the following:

  • Trust Board minutes
  • Internal audit
  • Quarterly Trends Analysis Report
  • Annual Risk Management Report
  • Corporate risk register and corporate accepted risk register
  • Associated action plans related to controls assurance framework

The terms of reference will be reviewed every year or sooner if necessary

Reporting to the Trust Board
The Board will receive the following; -

  • an annual progress report which also contains details of the Trust's assurance framework, risk register and progress made against the Standards For Better Health
  • the assurance framework will be submitted with the minutes from the Risk Management Board to every second Trust Board meeting for monitoring and review
  • six monthly progress reports regarding the high risk area that have been identified on the corporate risk register i.e. category orange (medium) and red (high). Links between the assurance framework and risk register will be summarised
  • reporting is also undertaken as necessary by exception

Assurance framework

To ensure that the Board is confident that the systems, policies and people that are in place are operating in a manner that is effective in driving the delivery of objectives by focusing on minimising risk an assurance framework has been developed. This framework provides the Trust with a simple but comprehensive method for the effective and focused management of the principal risks to meeting our principal objectives. The framework has been developed by Board members in conjunction with the Risk Manager and is monitored and reviewed through the Risk Management
Board (at all meetings) and the Board itself (quarterly).

Risk Register

The risk register provides a comprehensive picture of all risks that effect the Trust.

Role Of Risk Manager
The Risk Manager is responsible for compiling and managing the risk register and acting as a central reference point for all risk related issues within the Trust.

The Risk Manager ensures that the register remains a living document by monitoring new developments, developing knowledge and expertise and acting as a liaison point for risk management issues, both within the Trust and with external bodies.

The Risk Manager arranges for the distribution, review and updating of risk registers. The following process is in place: -

The Risk Manager monitors all initiatives and checks that they are compliant with good risk management practice. A number of measures are used to ensure effective monitoring such as; -

  • audit / investigations by competent advisors
  • inspections
  • trend analysis
  • monitoring and review of policies and procedures

The Risk Register is maintained by the Risk Manager through the Safeguard risk management database. Appropriate individuals have access to the risk register so that action plan progress can be monitored.

Information Sources
To compile the risk register information is drawn from numerous sources including; -

  • deficiencies with various controls assurance standards
  • deficiencies with various elements of the Standards For Better Health
  • underlying "root" causes of incidents, complaints and claims. Risk assessments - findings from department specific and organisational wide hazard reports and risk assessments
  • recommendations and reports from external agencies such as NHS Litigation Authority (NHSLA), Improving Working Lives (IWL), HSE, LFEPA, Patient Environment Action Team (PEAT) etc
  • actions taken to reduce risks which could not be or were not implemented for various reasons such as resource limitations
  • recommendations and reports from internal and external auditors
  • any other sources of information that could be considered to be a threat to patient, staff, visitors, environmental safety or the organisations well-being
  • estates risk profile
  • financial / business plans / IT reports
  • underlying causes related to poor trends identified from key performance indicators

Reports, action plans, risk assessments for inclusion on the risk register are submitted to the Risk Manager. On receipt, by the Risk Manager the documentation is reviewed, the item (s) added to the risk register and a copy of the updated risk register forwarded to the appropriate director.

Reporting Arrangements
Trust Board

The Trust Board receives a copy of the corporate risk register (high and medium risks) as well as the corporate "accepted" risk register every six months. The register will be supported by the assurance framework as well as a summary sheet detailing the links between the risk register and the assurance framework.

Risk Management Board
The Risk Management Board monitors the risk register at each of its meetings (held every two months) by reviewing each of the directorate risk registers. Progress against all action plans is monitored.

The Risk Management Board is responsible for agreeing designated leads for each action point.

The Risk Management Board also receives and approves the "accepted" risk register at each of its meetings.

Audit Committee
The Audit Committee receives a copy of the Audit Committee Risk Register as well as the relevant "accepted" risk register at each meeting (quarterly) These documents are reviewed, agreed and action plans closely monitored.

Executive Team
The Chief Executive receives via e-mail a copy of all directorate risk registers on a monthly basis. Each director receives via e-mail a copy of their directorate risk register on a monthly basis.

The Director Of Finance receives a copy of the Audit Committee risk register as well as the Audit Committee "accepted" risk register.

Organisational Structure

How helpful did you find this page?
Not helpful
Very helpful *
Required fields *

*We use this information to make improvements to our website and appreciate any feedback you can offer. Comments are emailed to the Communications Team at RNOH. The personal information collected is only used for email replies (Name and Email) and is stored encrypted in our database for 30 days and then permanently deleted.

Risk Management