107559018.xls.

ms_office

RISK RISK DESCRIPTION NO.

COMMENT ON RISK

RISK PREVIOUS RISK IDENTIFIED SEVERITY SCORE (MM/DD/YYYY)

RISK CATEGORY

CONTROLS

CONSEQUENCE SCORE

LIKELIHOOD SCORE

CURRENT RISK CONTROL SEVERITY EFFECTIVENESS SCORE SCORE (RESIDUAL) 20 4

CHANGE IN RISK

RISK OWNER

RISK STRATEGY

RISK TREATMENT/S

TREATMENT DUE DATE (MM/DD/YYY)

Declines in service delivery standards due to a shortage of adequately skilled nursing staff Inability to attract and retain skilled staff impacting on service delivery standards

July 25, 2007

20

July 25, 2007

12

Death of patients due to medication errors

July 25, 2007

12

19

Harm suffered by customers/ patients due to malfunction of key medical equipment (e.g. ventilators, heart monitor)

July 25, 2007

OPERATIONAL - HR Bursary Programme/ & Training Training interventions/ Quality reviews/ incident reporting and analysis OPERATIONAL - HR Staff development & Training schemes/ Funding obtained to 'top-up' base pay levels for critical positions/ Use of recruitment agencies CORE SERVICES - Recruitment and training Clinical programmes/ Incident and Effectiveness near miss reporting in RiskMan/ Incident investigation process/ Prescription of high-risk drugs managed by experienced senior medical staff. OPERATIONAL Maintenance programme/ Facilities Capital replacement Management programme/ Staff training in equipment usage

UNCHANGED HR Manager/

Transfer

To be confirmed

December 31, 2007

Director

20

GETTING WORSE

HR Manager/ Director

Reduce

To be confirmed

December 31, 2007

16

GETTING WORSE

Director: Clinical Services

Reduce

To be confirmed

December 1, 2007

16

GETTING WORSE

UNALLOCATED

Reduce

To be confirmed

September 30, 2007

25

Current IT systems lack adequate Management Information and Reporting capabilities, resulting in poor decision making and funds allocation. Death of patients due to delays in admissions process

July 25, 2007

12

IT & SYSTEMS No controls in place System Functionality

15

GETTING WORSE

Financial Manager Avoid

To be confirmed

January 15, 2008

July 25, 2007

16

OPERATIONAL

Internal Audit review and redesign of Admissions process (2006)/ New Patient Records IT system Limit to shift length/ Enforced breaks during shifts/ Annual leave Staff recruitment and training/ Limit to shift length/ Approved treatment regimes for common medical conditions/ Enforced breaks during shifts/ Annual leave/ Junior medical staff not permitted to prescribe/ dispense high risk medicines, managed high risk patients Patient Admissions IT system incorporates a billing module/ Daily reconcilliation of tills in pharmacy, admission desks and canteen/ Internal Audit reviews/ Cash takings banked daily, recorded on Finance system No controls in place/ Volunteer driver programme under investigation/ Carers transported by relatives BCP Plan in development/ Off-site back-up of patient data/ Use of paper-based records Medium term strategic planning process/ Ongointg research into healthcare trends/ Membership of indusrty discussion forums Annual budgeting and reporting cycles defined/ Monthly and annual reporting processes/ Compliance and risk management reviews State Disaster Management Processes/ BCP in development/ Emergency Response dryruns BCP Plan in development/ Off-site back-up of patient data/ Use of paper-based records

15

IMPROVING

Operations Reduce Manager/ Director

To be confirmed

September 20, 2007

23

27

Life threatening patient care errors and omissions resulting from overworked/ tired clinical staff. Loss of accreditation due to consistent pattern of patient harm, caused by incorrect diagnoses and treatment plans.

July 25, 2007

CORE SERVICES Clinical Risk CORE SERVICES (CLINICAL)

15

GETTING WORSE

Director: Clinical Services

Reduce

To be confirmed

August 15, 2007

July 25, 2007

15

15

UNCHANGED UNALLOCATED

Reduce

To be confirmed

August 30, 2007

28

Lack of cash handling procedures and controls resulting in misappropriation/ theft of funds.

July 25, 2007

20

FINANCIAL - Billing & Debtors

15

IMPROVING

Chief Financial Officer

Reduce

To be confirmed

December 1, 2007

24

Inability to meet demand for home-based care due to shortages of fleet vehicles.

July 25, 2007

12

OPERATIONAL Asset & Fleet Management

12

UNCHANGED Financial Manager Reduce

To be confirmed

August 15, 2007

10

Unplanned failure/s to core IT systems

July 25, 2007

IT & SYSTEMS

12

GETTING WORSE

IT Manager/ CIO

Reduce

To be confirmed

February 28, 2008

21

Competition from other institutions (public and private) in terms of use of new medical technology, which may result in a decline in organisations standing, and hence patient and revenue growth. Failure to meet financial reporting deadlines resulting in non-compliance with government/ Auditor General requirements.

July 25, 2007

STRATEGIC

12

GETTING WORSE

CEO

Reduce

To be confirmed

February 28, 2008

30

July 25, 2007

FINANCIAL Reporting

12

GETTING WORSE

Chief Financial Officer

Reduce

To be confirmed

September 1, 2007

12

Injuries, losses and interruptions caused by a natural disaster (floods, fires etc)

July 25, 2007

STRATEGIC Business Continuity

10

GETTING WORSE

Risk Committee

Reduce

To be confirmed

February 28, 2008

26

Loss of customer records due to IT system failure/ corruption of system data.

July 25, 2007

IT & SYSTEMS

10

GETTING WORSE

IT Manager/ CIO

Reduce

To be confirmed

February 28, 2008

Page 1 of 9

107559018.xls.ms_office

RISK RISK DESCRIPTION NO.

COMMENT ON RISK

RISK PREVIOUS RISK IDENTIFIED SEVERITY SCORE (MM/DD/YYYY)

RISK CATEGORY

CONTROLS

CONSEQUENCE SCORE

LIKELIHOOD SCORE

CURRENT RISK CONTROL SEVERITY EFFECTIVENESS SCORE SCORE (RESIDUAL) 10 2

CHANGE IN RISK

RISK OWNER

RISK STRATEGY

RISK TREATMENT/S

TREATMENT DUE DATE (MM/DD/YYY)

Failure to deploy and manage resources effectively to meet required service level standards

July 25, 2007

20

STRATEGIC Strategic Planning

Annual business planning and budgeting process/ Zero based budgeting/ Expenditure review committee/ Internal Audit BCP Plan in development/ Off-site back-up of patient data/ Use of paper-based records

IMPROVING

CEO

Reduce

To be confirmed

December 1, 2007

15

Loss of patient records due to IT system failures

July 25, 2007

12

IT & SYSTEMS

10

IMPROVING

IT Manager/ CIO

Reduce

To be confirmed

February 28, 2008

Legal claims resulting from breaches of patient confidentiality requirements

July 25, 2007

20

22

11

Corporate failure of Hospital Food Company, impacting on XYZ Hospitals ability to meet in-patient nutritional (meal) requirements. Research misconduct by scientist can lead to patient harm, damage to institutions reputation and loss of funding

July 25, 2007

STRATEGIC Secure storage and Compliance & Legal limited access rights to patient records/ Patient consent forms/ Staff ethics training OPERATIONAL Service Level Agreement Purchasing and with supplier/ Alternative Supplies suppliers investigated CORE SERVICES Clinical Risk Clinical Ethics committee/ Research review Board/ Independent researchers not granted access to research facilities/ Contract prohibiting researchers from communicating with press

IMPROVING

Legal and Compliance Officer

Reduce

To be confirmed

September 1, 2007

UNCHANGED Operations

Reduce

To be confirmed

August 20, 2007

Manager/ Director

July 25, 2007

10

IMPROVING

Director: Clinical Services

Reduce

To be confirmed

November 1, 2007

18

Severe injury/ death of staff due to workplace accidents caused by lack of maintenance to public areas (lifts, stairwells, corridors etc.)

July 25, 2007

16

OPERATIONAL Facilities Management

14

Loss of public confidence in the organization due to negative publicity

July 25, 2007

20

STRATEGIC Stakeholder Relations

Facilities Management involvement with Worksafe programmes/ Maintenance budget/ OH&S training/ Signage of potential dangers/ Access Communications Officer/ Public Communications Programme/ Researchers and staff not permitted to speak directly to press Annual budgeting and business planning process/ Submissions of strategic plans to healthcare agencies/ Donations and Sponsorship initiatives Medium term strategic planning process

IMPROVING

Facilities Manager Reduce

To be confirmed

September 30, 2007

IMPROVING

CEO

Reduce

To be confirmed

August 20, 2007

16

Organisations funding allocation from State is not sufficient to provide for increasing costs associated with provision of current services, resulting in possible decline in patient care levels, removal of non-core services and/or decline in patient numbers. Organisational services not changing/ adjusting to meet changing public and customer needs, resulting in a loss of patients and funding. Personnel job descriptions do not reflect organisational needs, resulting in unqualified employees performing critical tasks.

July 25, 2007

16

STRATEGIC

IMPROVING

CEO

Reduce

To be confirmed

December 31, 2007

20

July 25, 2007

STRATEGIC Strategic Planning

GETTING WORSE

CEO

Reduce

To be confirmed

February 28, 2008

July 25, 2007

15

Inability to implement legislative changes in a timely manner

July 25, 2007

17

Duplication of effort/ critical tasks not completed due to overlap in staff responsibilities, lack of role clarity.

July 25, 2007

15

OPERATIONAL - HR Alignment of job & Training descriptions to balanced scorecard for organisation/ Annual review of reporting structures OPERATIONAL Regulatory compliance Health & Safety workgroup/ Health Legal updates/ Project Management Office STRATEGIC Alignment of job Governance descriptions to balanced scorecard for organisation/ Annual review of reporting structures

IMPROVING

HR Manager/ Director

Reduce

To be confirmed

December 31, 2007

UNCHANGED Legal and

Reduce

To be confirmed

February 28, 2008

Compliance Officer 2 4 8 2
IMPROVING

HR Manager/ Director

Reduce

To be confirmed

November 15, 2007

29

Budget over-runs due to poor control of expenditure relating to the hospital expansion programme.

July 25, 2007

10

FINANCIAL

Annual budgeting process/ Monthly budget variance reports/ Management approval of all extrodinary expenditures/ Internal Audit reviews/ Financial system reporting No controls in place

IMPROVING

Chief Financial Officer

Reduce

To be confirmed

August 25, 2007

13

Failure to raise adequate philanthropic funds to support ongoing outpatient care programme. Ineffective marketing of aged care services and facilities leading to under utilised resources

July 25, 2007

FINANCIAL

GETTING WORSE IMPROVING

CEO

Reduce

To be confirmed

March 20, 2008

July 25, 2007

10

STRATEGIC Stakeholder Relations

Public Communication Programme/ Aged Care Outreach Initiatives

PR and Marketing Reduce Manager

To be confirmed

October 16, 2007

Page 2 of 9

RISK CATEGORY

CORE SERVICES (CLINICAL) CORE SERVICES - Clinical Effectiveness CORE SERVICES - Clinical Risk CORE SERVICES - Education & Training CORE SERVICES - Emergency Services CORE SERVICES- Consumer Participation FINANCIAL FINANCIAL - Billing & Debtors FINANCIAL - Budgeting FINANCIAL - Creditors and Payments FINANCIAL - Reporting IT & SYSTEMS IT & SYSTEMS - Data Completeness IT & SYSTEMS - Data Quality IT & SYSTEMS - IT Security IT & SYSTEMS - System Functionality OPERATIONAL OPERATIONAL - Asset & Fleet Management OPERATIONAL - Customer Services OPERATIONAL - Facilities Management OPERATIONAL - Health & Safety OPERATIONAL - HR & Training OPERATIONAL - Purchasing and Supplies STRATEGIC STRATEGIC - Business Continuity STRATEGIC - Compliance & Legal STRATEGIC - Governance STRATEGIC - Stakeholder Relations STRATEGIC - Strategic Planning

CONSEQUENCE SCORE DESCRIPTION FINANCIAL (Additional costs and/or loss of income) < $10,000

INSIGNIFICANT

MINOR

$10,000 to $49,999

MODERATE

$50,000 to $249,999

MAJOR

$250,000 to $999.999

CATASTROPHIC

>$1,000,000

SCORE 1

CONTROL EFEFCTIVENESS DESCRIPTION PERCENT EFFECTIVE VERY EFFECTIVE CONTROL DESIGN, WELL IMPLEMENTED, PREVENT & DETECT RISKS/ BREACHES SOME CONTROLS IN PLACE, PARTIALLY EFFECTIVE FEW CONTROLS IN PLACE, POORLY FUNCTIONING

NO CONTROLS IN PLACE, OR 10-20% CURRENT CONTROLS HAVE NO EFFECT

RISK STRATEGY Avoid Transfer Reduce Accept

CONSEQUENCE REPUTATIONAL LEGAL OPERATIONAL/ PROCESS

Little or no impact

Little or no impact

Little or no impact

Sporadic localised unfavourable Minor delays in meeting legal publicity; No impact on staff morale requirements/ fulfilling SLAs etc.

Some inefficiencies and/or delays in delivery of support services and non-critical functions. No impact on client service standards. Inability to provide key support services according to minimal expected service levels (billing, security; payroll, canteen; staff training). No notable impact on client service standards. Delays and inefficiencies in core processes and systems impacting significantly on customer service levels. Increased risk of serious client injury, disability etc. Critical processes/ systems not available for extended period. Inability to perform core clientfacing functions. Prolonged inability to provide basic services. Possibility of client death due to interruptions to basic services.

Localised negative publicity; Limited impact on staff morale; Managed by appropriate response by Institution's PR/ Marketing function

Some breach of material terms of key contracts/ SLAs. Threat of legal action against institution, but able to be resolved through negotiation/ remedial action by institution. Noticeable increase in claims and legal liability; Most exposures covered by existing insurance cover

Significant/ continued negative publicity in local/ regional press; Low staff morale; Requires intervention of Institution's Executive/ CEO to answer public concerns Significant/ continued negative publicity in national press; Low staff morale resulting in loss of key staff; Permanent loss of patient trust; Withdrawal of funding/ key grants etc.; Possible intervention of Minister

Significant increase in volume and value of legal exposures and claims; Critical services impacted by cancellation of supplier contracts; Exposures not covered by current insurance cover

LIKELIHOOD SCORE DESCRIPTION EXAMPLE

RARE

Highly unlikely to occur in next 5 years. No history of adverse event in organisation. Event not likely to occur in next 12 months, but there is a slight possibility of occurrence.

UNLIKELY

POSSIBLE

50% chance of occurrence in next 12 months.

LIKELY

There is a strong likelihood that the event will occur at least once in the next 6-12 months. History of event/s in institution or similar organisations. The adverse event will definitely occur, probably multiple times in a year.

ALMOST CERTAIN

POSITION Board of Directors CEO Chief Financial Officer Facilities Manager Director: Clinical Services Financial Manager Head of Nursing HR Manager/ Director Internal Audit Manager IT Manager/ CIO Legal and Compliance Officer Operations Manager/ Director PR and Marketing Manager Risk Committee Risk Manager UNALLOCATED