Risk Assessment Policy and Protocol

Risk Assessment Policy
Version
Name of responsible (ratifying) committee
Risk Assurance Committee
Date ratified
4th February 2013
Document Manager (job title)
Deputy Director of Nursing/Head of Patient Safety
Date issued
1st March 2013
Review date
February 2015 (unless requirements change)
Electronic location
Management Policies
Risk Management Strategy

Guidance for the development of a Sustainable
Related Procedural Documents
Transformation Programme (inc Quality Impact
Assessment)
Risk Assessment Policy; Protocol Risk Register;
Hazard inventory; Risk management; Risk factors;
Key Words (to aid with searching)
Patient safety; Staff health and safety; Preventive
measures; Accident prevention; Contingency planning
In the case of hard copies of this policy the content can only be assured to be accurate on the date
of issue marked on the document.
For assurance that the most up to date policy is being used, staff should refer to the version held on
the intranet
Version
Date ratified
07/03/11
04/02/13
Brief Summary of
Changes
Links to RM Strategy
explicit
Links between Risk
Register and Board
Assurance Framework
clarified
Responsibilities
expanded

Version 4 01/03/2013
(Review date: February 2015 unless requirements change)
Author
Head of Risk Management
and Legal Services
Deputy Director of
Nursing/Head of Patient
Safety
Page 1 of 20
CONTENTS
QUICK REFERENCE GUIDE.............................................................................................................. 3
1.
INTRODUCTION........................................................................................................................... 4
2.
PURPOSE.................................................................................................................................... 4
3.
SCOPE......................................................................................................................................... 4
4.
DEFINITIONS............................................................................................................................... 4
5.
DUTIES AND RESPONSIBILITIES..............................................................................................5
6.
PROCESS.................................................................................................................................... 7
7.
TRAINING REQUIREMENTS.....................................................................................................10
8.
REFERENCES AND ASSOCIATED DOCUMENTATION...........................................................10
9.
EQUALITY IMPACT STATEMENT..............................................................................................11
10. MONITORING COMPLIANCE....................................................................................................12
APPENDICES:
Appendix A: GUIDANCE FOR ASSESSING THE RISKS
Appendix B: RISK ASSESSMENT AND ACTION PLAN
Appendix C: RISK REGISTER
Appendix D: GUIDANCE ON COMPLETION OF THE RISK REGISTER
Appendix E: List of Trust Specialist Advisers

Version 4 01/03/2013
Page 2 of 20
QUICK REFERENCE GUIDE

For quick reference the guide below is a summary of actions required. This does not negate the need
for those involved in the process to be aware of and follow the detail of this policy.
The purpose of a risk assessment is to provide a systematic and methodical tool for identifying risks
associated with legal, moral and financial duties, removing them where possible, or otherwise
adopting all the control measures and precautions that are reasonable and practical in the
circumstances.
1. Identify the risk
Risks may be identified through a variety of mechanisms:
From walking around your workplace and looking afresh at what could reasonably be
expected to cause harm. E.g. change in practice / new equipment
Business and Service Delivery Plans
Adverse Incident reporting
Serious Incidents
Complaints
Claims
Health & Safety Risk Assessments
External Assessment/Audit including: Care Quality Commission, Clinical Negligence
Scheme for Trusts (maternity), National Health Service Litigation Authority Risk
Management Standards, Internal Audit, Audit Commission
National Confidential Enquiries, National Service Frameworks, Recommendations from
other external high level enquiries and reports
2. Assess the risk

Once a risk has been identified a risk assessment should be completed (Appendix B) and the
following recorded:
The consequence(s), on a scale of 1 -> 5, should the risk become a reality

The likelihood of the risk occurring, on a scale of 1 -> 5
The current control measures. This will determine what more will need to be done to reduce
or eliminate the risk
Guidance on assessing the risk is at Appendix A

3. Create an action plan
In drawing up the action plan ask yourself:
Can I remove the risk/hazard altogether?
If not, what controls need to be in place, so that likelihood (chance) of the risk occurring will
be eliminated or reduced as far as is reasonably practicable and / or the consequence
reduced, should the risk be realised?
When are the additional controls likely to become effective (target date)?
What assurance will I be able to get as to whether the controls are working?
What the predicted (residual) risk rating is likely to be once all the controls are in place?
Who will monitor implementation of the action plan?
4. Monitoring / reviewing the risk
All risks should be placed on a risk register (Appendix C) and progress monitored on a monthly
basis by the relevant group. There are three types of risk register, all based on the same risk
register template Guidance on completion is at Appendix D
Specialty risk registers

CSC risk registers
Trust risk register

Version 4 01/03/2013
Page 3 of 20
1. INTRODUCTION
Portsmouth Hospitals NHS Trust accepts that some of its activities may, unless properly
controlled, create risks to patients, staff, visitors, contractors and others, and will endeavour to
take all reasonably practicable measures to reduce these risks to an acceptable level.
To achieve this, the Trust needs to understand its risks, how they are being controlled and
prioritised, whilst recognising the guidance provided by national bodies, existing legislation and
the Trusts Specialist Advisers
The broadest sense of harm and potential harm to the Trust, and its ability to deliver the quality
services to which it aspires, must be the focal point for this exercise.
2. PURPOSE
The purpose of this policy is to provide clear instructions on the identification of hazards and
the process and management of those hazards, with regard to risk assessment. This will
enable the Trust to actively monitor, manage, prioritise and develop a consistent approach to all
risk assessments. It will ensure:
A consistent approach to managing all risks - clinical, financial, environmental and

organisational - and the actions necessary to reduce each risk
A robust mechanism for the integrated prioritisation of all risks
Risk Registers (Trust-wide or local) that are contributed to by all management teams
and Trust specialist advisers
Staff are aware of their roles and responsibilities within the assessment process
The Trust Board is fully aware of the risks
o
o
o
Facing the organisation

To the services it provides
That may affect its key stakeholders e.g. patients and Commissioners
This policy must be read in conjunction with the Risk Management Strategy which details the
overall framework for Risk Management within the organisation.
3. SCOPE
This policy applies to all permanent, locum, agency, bank and voluntary staff of Portsmouth
Hospitals NHS Trust, the MDHU (Portsmouth) and Carillion, whilst acknowledging that for staff
other than those directly employed by the Trust the appropriate line management or chain of
command will be taken into account. Whilst the policy outlines how the Trust will manage its
risks, implementation does not replace the personal responsibilities of staff with regard to
issues of professional accountability for governance.
In the event of an infection outbreak, flu pandemic or major incident, the Trust recognises
that it may not be possible to adhere to all aspects of this document. In such circumstances,
staff should take advice from their manager and all possible action must be taken to
maintain ongoing patient and staff safety
4. DEFINITIONS
Controls
The available systems and processes which help minimise the risk
Consequence The impact or outcome component of a risk, on a scale of 1 -> 5
Likelihood
The probability of a risk occurring or recurring, on a scale of 1 -> 5
Hazard
Risk
Anything with the potential to cause harm

Possibility of exposure to the hazard and therefore the chance of injury, ill

Version 4 01/03/2013
Page 4 of 20
health, harm, damage or loss. It may include substances, equipment, a

work practice or proposed business plan
Risk
Assessors
Competent persons who possess the knowledge, skills and experience

to undertake a risk assessment
Risk
Assessment
A process by which information is collected about an event, process,

organisation or service area, in order to identify existing risks/hazards,
the consequence and the likelihood of harm and what control measures
are in place, or are required to be put in place.
Risk Rating
Each risk is rated, using a 5 x 5 matrix, (consequence x likelihood), which

determines whether the risk is ranked as green, yellow, amber or red.
(Appendix A)
Reactive
Risks
Risks that are identified following an event, such as an incident,

complaint or audit
Proactive
Risks
Residual Risk
Rating
Risks that are identified before they cause an event, or that are being
looked for during the audit process
The remaining risk that exists following implementation of the proposed
measures or controls to reduce the risk
Responsible
Lead
The person with the responsibility for ensuring that actions to control the
risk are implemented
5. DUTIES AND RESPONSIBILITIES

5.1 All Staff
It is the responsibility of all Trust employees to:
Be familiar with the contents of this policy
Be alert to risks and recognise their duty to report them through their line management
arrangements so that appropriate action can be taken.
Be aware of existing risk assessments related to their area of work and relevant procedures
or control measures to be adopted to reduce identified risks.
Contribute to minimising risks wherever possible
Recognise their duty under legislation to take reasonable care for their own safety and the
safety of others that may be affected by the Trusts business
5.2 Risk Assessors have responsibility for ensuring that:
They have undertaken appropriate training and are familiar with, and use, the correct
methods of risk identification and assessment as set out in this policy
Any identified risk issues are communicated through the line management system
5.3 Contractors and Temporary Staf
To follow Trust policies and procedures
Be aware of risk assessments within their area of work and relevant procedures or control
measures to be adopted to reduce identified risks.
Report adverse events as per Adverse Events and Near Miss Policy

Version 4 01/03/2013
Page 5 of 20
5.4 Department Managers/Leads
All departments must have a risk register. The Departmental Manager is responsible for
ensuring risks are identified, assessed, recorded, reported, monitored, and reviewed i.e.
managed within their area using the approach described in this policy and procedure, in
conjunction with the Clinical Service Centre (CSC) Management Team and relevant risk
specialists e.g. Health and Safety Advisor. This is an ongoing process and should include
both proactive and reactive situations.
5.5 Clinical Service Centre (CSC) Management Teams
It is the responsibility of each CSC Management Team to ensure that effective risk
management is taking place across their Directorate.
All CSCs are responsible for maintaining a CSC Risk Register - identifying overarching risks,
clinical, non-clinical, strategic, operational, and those associated with projects and service
transformation (see also Quality Impact assessment process), which may cause damage to
individuals, the environment, impact on activity/quality, loss of reputation, and/or jeopardise
the strategic objectives.
CSC Management teams will review their CSC Risk Register on at least a quarterly basis at
the CSC Governance meetings.
5.6 Risk Management Team

The Risk Management team has responsibility for supporting the operational day-to-day
implementation of this policy by providing specialist advice, and ensuring that the process is
monitored for effectiveness.
Risk Management Coordinator is responsible for ensuring that:
The Trust Risk Register is maintained and updated on a monthly basis
Monthly reports are provided to the Risk Assurance Committee
Responsible Leads are appropriately supported and advised
Monthly and quarterly reports, as per this policy and the Risk Management
Strategy are provided to the Trust Board.
5.7 Health and Safety Advisor
The Health and Safety Advisor is the competent person, accountable to the Director of Human
Resources, who advises the Trust in respect of health and safety policy formulation and
development
5.8 Trust Specialist Advisors have responsibility for ensuring that:
Managers are assisted when undertaking specialist risk assessments
They impart knowledge and use their expertise to help the assessment teams develop their
skills and awareness
They contribute to training programmes on risk assessment and awareness

(Details of Trust Specialist Advisers are at Appendix E)

Version 4 01/03/2013
Page 6 of 20
5.9 Risk Assurance Committee (RAC)

The purpose of the Risk Assurance Committee is to promote effective risk management and
to establish and maintain an Assurance Framework and a trust risk register through which the
Board can monitor the arrangements in place to achieve a satisfactory level of internal
control, safety and quality. The Risk Assurance Committee will ensure that all risks on the
Trust Risk Register and Board Assurance Framework (BAF) have an identified operational
lead responsible for updating the risk information as appropriate, and a responsible
committee identified to ensure that the risk is reflected and managed according to this policy.
5.10 Executive Team & Trust Board
The Trust Board shall review the Board Assurance Framework (BAF) monthly and the Trust
Risk Register quarterly. The Trust Board is responsible for reviewing the effectiveness of
internal controls and sources of assurance, ensuring they are comprehensive and/or
sufficiently independent. The Trust Board is also responsible for assessing the level of
acceptable risk within the Trust Risk Register.
6. PROCESS
6.1 Purpose and Benefits
A risk assessment is no more than a careful examination of what, in your work, could
cause harm to staff, visitors, contractors and others, or affect the Trusts reputation, so
that you can weigh up whether there are enough precautions (controls) in place, or more
should be done to ensure that no one gets hurt, and the Trusts reputation is not affected.
The purpose of a risk assessment is to provide a systematic and methodical tool for
identifying risks associated with legal, moral and financial duties, removing them where
possible, or otherwise adopting all the control measures and precautions that are
reasonable and practical in the circumstances.
The greatest benefits may be obtained by making this a very positive process, by aiming
to produce assessments that are consistent, neat, clear and informative and thus provide
a practical and useful response for training and re-enforcing the safety message
throughout the Trust. Risk assessment is also a key priority of the Risk Management
Strategy, to help ensure that patients, staff and others can feel safe whilst either visiting,
or working in the Trust.
6.2
Undertaking and Recording the Risk Assessment

6.2.1
Identifying the risk

Risks may be identified through a variety of mechanisms:
From walking around your workplace and looking afresh at what could
reasonably be expected to cause harm e.g. change in practice / new
equipment
Business and Service Delivery Plans
Adverse Event reporting
Serious Incidents
Complaints
Claims
Health & Safety Risk Assessments

Version 4 01/03/2013
Page 7 of 20
External Assessment/Audit including: Care Quality Commission, Clinical

Negligence Scheme for Trusts (maternity), National Health Service Litigation
Authority Risk Management Standards, Internal Audit, Audit Commission
National
Confidential
Enquiries,
National
Service
Frameworks,
Recommendations from other external high level enquiries and reports
6.2.2
Assessing the risk

Although the Trust has a standard risk assessment template, there are no fixed
rules about how the assessment should be carried out: it will depend on the nature
of the undertaking and the type and extent of the hazards and risks. Risks and
hazards are identified on a daily basis throughout the Trust by all staff members
and the risks/hazards will vary significantly in consequence and likelihood and
hence the measures for addressing them will also vary.
However, the process should be practical, participative, systematic, and cover
risks which are reasonably foreseeable. For small undertakings with few or simple
hazards a suitable and sufficient risk assessment can be a straightforward process
based on personal judgment, experience and knowledge. In larger or more
complex cases, specialist knowledge may be required. Whatever the type of risk
assessment, it should be suitable and sufficiently detailed to determine whether
adequate control has been achieved.
Consider who or what is at risk. Do not forget
Young workers, trainees, new and expectant mothers etc, who may be at
particular risk
Cleaners, visitors, contractors, maintenance workers, etc who may not be
in the workplace all the time
Members of the public, or people with whom you share your workplace, if
there is a chance they could be harmed by your activities
Trust reputation or financial position
Once a risk has been identified a risk assessment should be completed using the
standard template (Appendix B) and the following recorded:
The consequence(s), on a scale of 1 -> 5, should the risk become a

reality (Appendix A)
The likelihood of the risk occurring, on a scale of 1 -> 5 (Appendix A)
The current control measures. This will determine what more will need to
be done to reduce or eliminate the risk
Once the risk assessment has been undertaken an action plan to address the
identified problems must be completed
6.2.3
Creating the action plan

First, ask yourself whether you have done all the things that the law says you have
got to do. For example, there are legal requirements on prevention of access to
dangerous parts of machinery and for the storage of some substances. Then ask
yourself whether generally accepted standards are in place. However, dont stop
there think for yourself, because the law also states that you must do what is
reasonably practicable to keep your workplace safe. Your real aim is to eliminate
risks altogether. However, it is recognised that in some instances this is not
possible and in such situations it is essential that risks are reduced to the lowest
level by adding to your precautions as necessary.
In drawing up the action plan be realistic. So ask yourself:
Can I remove the risk/hazard altogether?

Version 4 01/03/2013
Page 8 of 20
6.2.4
If not, what controls need to be in place so that the consequence, should

the risk be realized and the likelihood (chance) of the risk occurring, can be
eliminated or reduced as far as is reasonably practicable?
When are the additional controls likely to become effective (target date)?
What assurance will I be able to get as to whether the controls are
working?
What the predicted (residual) risk rating is likely to be once all the controls
are in place?
Who will monitor implementation of the action plan?
Monitoring / reviewing the risk

All risks should be placed on a risk register and progress monitored at the
appropriate level on a monthly basis. There are three types of risk register, all
based on the same risk register template (Appendix C). Guidance on completion is
at Appendix D

CSC risk registers
Trust risk register
6.3 Risk Registers

6.3.1

These are held by each specialty/department and monitored at least quarterly by
the responsible team. Any risk that the specialty considers cannot be managed at
that level, has the potential to affect the CSC in which the specialty is located, or
scores 15 or above (red) should be escalated to the relevant CSC governance
meeting for consideration of inclusion on the CSC risk register
6.3.2
CSC risk registers

These are held by each CSC and monitored at least quarterly by the CSC
governance meetings. Any risk that the CSC considers cannot be managed at that
level, has the potential to affect the Trust as a whole, and/or scores 15 or above
(red) should be escalated to the Risk Assurance Committee for consideration and
escalation to the Trust risk register
6.3.3
Trust Risk Register

This is monitored monthly by the Risk Assurance Committee and quarterly by the
Trust Board (red risks) and contains those risks that, cannot be managed by the
specialties or the CSCs for whatever reason, or have the potential to have Trustwide consequences
6.3.4
Interface Between Trust Risk Register and Board Assurance Framework

All red risks on the Trust Risk Register must either be reflected or linked to the
strategic risks on the BAF. The BAF enhances the information in the Trust Risk
Register by detailing through assurance how well the highest risks to the delivery
of strategic objectives are being controlled and mitigated to satisfy both internal
and external requirements. In turn it will inform the Board where the delivery of
principal objectives are at risk due to a gap in control and/or assurance.
The Trust Risk Register and the BAF work together to provide a flow of information
regarding achievement and threats against strategic objectives. The highest
scoring risks on the Trust Risk Register inform the strategic risks on the BAF either
individually (where the risk is replicated on the two documents) or collectively
(where risks from the Trust risk register are grouped into an overarching strategic
risk on the BAF), this is evidenced through cross referencing between the 2
documents. In turn each BAF risk is clearly cross referenced to the Trusts strategic
objectives thus allowing a clear mapping of objectives, risks, controls, and

Version 4 01/03/2013
Page 9 of 20
assurance across all 3 documents. The Risk Coordinator coordinates this process
with the risk owners, on behalf of the Risk Assurance Committee and Trust Board.
6.4 Acceptable Risk
The Trust acknowledges that some of its activities may, unless properly controlled create
organisational risks, and/or risks to staff, patients and others. The Trust will therefore make all
efforts to eliminate risk or ensure that risks are contained and controlled so that they are as low
as reasonably practical.
However it is not always possible to reduce an identified risk completely and it may be
necessary to make judgments about achieving the correct balance between benefit and risk. A
balance needs to be struck between the costs of managing a risk and the benefits to be gained.
A decision must therefore be made regarding the level which a risk would be deemed
acceptable to tolerate. A risk is considered acceptable when there are adequate control
measures in place and the risk has been managed as far as is considered to be reasonably
practicable. Tolerated risks should be brought to the attention of RAC through CSC risk
registers or the Trust Risk Register on an annual basis.
Where a risk has been reduced to the point where the cost of further controls to reduce the risk
outweigh the benefit they may provide, it may not be considered reasonably practicable to
implement those controls. However where risk controls are available it is the duty of the
organisation to demonstrate that the cost of implementation outweighs the benefit, or, that
alternative effective control measures have been implemented. Risks requiring a cost benefit
analysis must be fed into the Trust Risk Register for wider debate and decision on
acceptability at RAC.
7. TRAINING REQUIREMENTS
7.1
All staff who undertake risk assessments should undergo training relevant to their
involvement in the process. Training is delivered in a variety of ways.
Mandatory corporate induction and essential skills updates, which includes
reference to risk assessment training
Health & Safety e-learning
Health & Safety Risk Assessment Workshops
IOSSH Training, which is held as and when appropriate
Departmental/locally delivered update training
7.2
All training is monitored via the Electronic Staff Records from which the Learning and
Development Team provide a monthly heatmap to each CSC to enable monitoring of
compliance
7.3
Compliance is further monitored through the CSC performance reviews with the
Executive Teams
8. REFERENCES AND ASSOCIATED DOCUMENTATION

External
Health and Safety at Work Act 1974

Management of Health and Safety at Work Regulations 1999
Workplace (Health, Safety and Welfare) Regulations 1992
Manual Handling Operations Regulations 1992
Control of Substances Hazardous to Health Regulations 1999 (COSHH)
Personal Protective Equipment (PPE) Regulations 1992
Health and Safety (Display Screen Equipment) Regulations 1992

Version 4 01/03/2013
Page 10 of 20
Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1985

(RIDDOR)
Internal
This policy is applicable to clinical and non-clinical issues: it is of great importance that it should
be read in conjunction with other appropriate Trust strategies and policies. The following
documents are a good starting point:
Risk Management Strategy

COSHH Policy
Lone Worker Policy
Display Screen Equipment Policy
Manual Handling Policy
Fire Policy
Guidance for the Development of a Sustainable Transformation Programme
(inc Quality Impact Assessment)
All Strategies and Policies may be accessed via the Trust Intranet. If you do not have access to
the Intranet, please ask your line manager
9. EQUALITY IMPACT STATEMENT

Portsmouth Hospitals NHS Trust is committed to ensuring that, as far as is reasonably
practicable, the way we provide services to the public and the way we treat our staff reflects
their individual needs and does not discriminate against individuals or groups on any grounds.
This policy has been assessed accordingly

Version 4 01/03/2013
Page 11 of 20
10. MONITORING COMPLIANCE

Element to be monitored
Lead
All risk registers utilise the

standard template as set
out
in
this
policy,
incorporating:
o Source of risk
Deputy Director of
Nursing/Head of
Patient Safety
o Description of risk
o Risk score
o Risk treatment plan
Tool
Audit
of
selection of
Frequency of Report
of Compliance
random
10 Specialty risk
registers
Five CSC risk
registers
Five risks from Trust
risk register
Annually
Reporting arrangements
Policy audit report to:

Risk Assurance Committee
o Date for review

o Residual risk
All risk registers are up to
date and show risks from
a variety of sources

Version 4 01/03/2013
Page 12 of 20
Lead(s) for acting on

recommendations
Deputy Director of
Nursing/Head of Patient
Safety / CSC Heads of
Nursing
Appendix A
GUIDANCE FOR ASSESSING THE RISKS
The risk matrix below is simple to use and designed to assist you in assessing risk in a consistent
and systematic way: just follow each step of the process
Step 1: If the risk occurred what are the likely consequences (C) to person(s) or the Trust? Use the
table below to grade the consequence
CONSEQUENCE
SCORE (1 5)
Injury (physical /
psychological)
1
Insignificant/None
(Green)
Adverse event leading to
minor injury not requiring
first aid and managed
satisfactorily on the ward
2
Minor
(Yellow)
Minor injury or illness, first aid
treatment needed
Staff sickness <3 days
3
Moderate
(Amber)
RIDDOR / Agency reportable.
Adverse event which impacts
on a small number of people
4
Major
(Red)
Major injuries or long term
incapacity / disability (e.g. loss
of limb)
5
Extreme
(Red)
Incident leading to death or
permanent incapacity. Ev
which impacts on large num
of people
Bruise/graze
(no time off work)
Injury requiring more than 3

days off work/admission <
24hrs
Mismanagement of patient
care + short term effects (less
than a week)
Fractured of major bone, loss

of limb, post-traumatic stress
disorder
Mismanagement of patient
care + long term effects (more
than a week)
Increased length of stay more
than 1 week. Long term HAI.
Grade 4 pressure ulcer
Claim above excess level.
Multiple justified complaints
Infant abduction. Remova

wrong body part leading to
or permanent incapacit
Multiple claims or single m
claim
Uncertain delivery of key

objective / service due to lack
of staff. Serious error due to
ineffective training
Non-delivery of key object

service due to lack of sta
Critical error due to insuffic
training
Sustained loss of service with

serious impact on delivery of
care: major contingency plans
involved
Trust would be unable to
comply effectively with the
majority of its reporting
requirements.
Recovery would be highly
complicated and timeconsuming
. Permanent loss of core se

or facility. Disruption to fac
leading to significant knock
effect across Local Heal
Economy
Trust would be unable to m
key reporting requiremen
Recovery would be extrem
complicated
Additional
Guidance
Outpatient clinic waits
Complaints /
Claims
Locally resolved complaint
Laceration, sprain. Anxiety

requiring counselling (less
than 3 days off work)
Unsatisfactory patient
experience directly related to
clinical care readily
resolvable
Drug error with no apparent
adverse outcome, grade 1
pressure ulcer
Justified complaint peripheral
to clinical care
Short term low staffing

level (<1 day), where there
is no disruption to service
Ongoing low staffing levels

resulting in minor reduction in
quality of care
Interruption in a service
which does not impact on
the delivery of care or the
ability to continue to
provide the service
Trust would not encounter
any significant
accountability implications
Short tem disruption to

service with minor impact on
care
Some accountability
implications but would not
affect Trusts ability to meet
key reporting requirements
Increased length of stay less

than 1 week. HAI (short term)
Grade 2/3 pressure ulcer
Below excess claim. Justified
complaint involving lack of
appropriate care
Late delivery of key objective /
service due to lack of staff.
Minor error due to ineffective
training. Ongoing problems
with staffing levels
Some service disruption with
unacceptable impact on care.
Non-permanent loss of ability
to provide service
Trust may experience
difficulty in complying with
some key reporting
requirements
Insignificant cost increase /

schedule slippage. Barely
noticeable reduction in
scope or quality
< 5% over budget / schedule

slippage. Minor reduction in
quality / scope
10% over budget / schedule

slippage. Reduction in scope
or quality
10 24% over/ under budget/

schedule slippage. Does not
meet secondary objectives
Small loss
Small number of
recommendations which
focus on minor quality/
process improvement
issues
Loss < 5% of budget

Minor recommendations
which can be addressed by
low level of management
action
Loss < 10% of budget

Challenging
recommendations but can be
addressed with appropriate
action plan
Loss of 10 25% of budget
Loss of > 25% of budge
Enforcement Action. Critical

report / low rating
Prosecution. Zero Ratin

Severely critical report
Additional
Guidance
Quality of the
patient
experience /
outcome
Staffing and
Competence
Service /
Business
Interruption
Projects
/ objectives
Financial
Inspection / Audit
Reduced quality of patient

experience not directly
related to delivery of
clinical care

Version 4 01/03/2013
Death, paralysis
Totally unsatisfactory pati

outcome or experience
> 25% over /under budge

schedule. Doesnt meet pri
objectives. Reputation of
Trust seriously damaged. F
to appropriately manage fina
Page 13 of 20
Adverse
Publicity /
Reputation
Coverage in the media,

little effect on public
confidence / staff moral
Local media short term.

Minor effect on public
attitude / staff morale
Local media long term.
Public perception of the

organisation would remain
intact
Public perception of the

organisations may alter
slightly but with no significant
damage or disruption
Considerable adverse public

reaction / staff morale may be
affected
N/A
1-2
3-15
No. Of Persons
Affected
National media < 3 days.

Usage of services affected
National media > 3days.

concern (questions in the H
Public confidence in trust

undermined: could result in
major problems
Major adverse public reac
16-50
>50
Step 2: Look at what is being assessed and ask the question: What is the likelihood (L) of harm to
persons or the Trust, given the current controls/precautions in place? Use the table below to grade
the likelihood.
LIKELIHOOD
DESCRIPTOR
DESCRIPTION
Rare
Not expected to happen again except only in exceptional

circumstances e.g. once a decade, or a probability of <1%
Unlikely
The event may re occur infrequently, but it is a possibility e.g. once a

year or a probability of 1-5%
Possible
The event may re occur e.g. once a month, or a probability of 6-20%
Likely
The event will probably re occur e.g. weekly or a probability of 2150%
Highly likely
The event is likely to re occur on many occasions, is a constant

threat e.g. at least once a day or probability of >50%. More likely to
occur than not.
Step 3: To obtain the risk rating, multiply the consequence x the likelihood
CONSEQUENCE
LIKELIHOOD
1 Rare
Not expected to occur
2 Unlikely
Occurs infrequently
3 Possible
Once or twice a year
4 Likely
Hazard will occur but is
not persistent.
There are no issues of
custom and practice.
5 Certain
Constant threat is
custom and practice
1
Insignificant
2
Minor
3
Moderate
4
Major
5
Extreme
1
LOW
2
LOW
3
LOW
2
LOW
4
MODERATE
6
MODERATE
3
LOW
6
MODERATE
9
HIGH
4
MODERATE
8
SIGNIFICANT
12
HIGH
5
MODERATE
10
HIGH
15
EXTREME
4
MODERATE
8
HIGH
12
HIGH
16
EXTREME
20
EXTREME
5
MODERATE
10
HIGH
15
EXTREME
20
EXTREME
25
EXTREME
Risk Ranking
These are applied for purposes of ranking the risk for use and for reporting to the National Patient
Safety Agency (NPSA)
Low (1 3)
Moderate Risk (4 6)
High Risk (8 12)

Extreme Risk (15 25)
Step 4: Risk Level and Action Required.

Version 4 01/03/2013
Page 14 of 20
Score
1-3
4-6
8-12
15-25
Risk Preventative Measures to be Taken or Planned

Low Risk manage by routine procedure. Implement any action that will eliminate/control the risk.
Remains Departmental Risk Register
Moderate Risk Management action must be specified. The departmental manager must devise, agree,
and implement an action plan to reduce or eliminate the risk. Department Risk Register
High Risk Senior Management action. The CSC Management Team must be aware of any risks scoring
12 or above and the Departmental Manager must devise and implement an action plan to reduce, control,
or eliminate the risk. Risk must be inputted onto CSC Risk Register (score of 12 or above) and Trust Risk
Register where appropriate (see Risk Management Policy).
Extreme Risk Immediate action required. The CSC Management Team must be made aware and are
responsible for ensuring an investigation and action plan is commenced immediately to reduce, control, or
eliminate the risk. The risk must be inputted onto the CSC Risk Register and Trust Risk Register as
appropriate according to the Risk Management Policy.

Version 4 01/03/2013
Page 15 of 20
Appendix B
RISK ASSESSMENT AND ACTION PLAN
TYPE (may be more than one type)
SOURCE OF RISK
Risk scores are calculated by
C = Clinical
F = Financial
H&S = Health &

Safety
L = Legal
Q&P = Quality /
Performance
Incident
Assessment
Escalated from
other risk register
CAS alert
Other please specify
Consequence (C) x Likelihood using the 5 x 5 matrix

Issue 3 29 March 2011
Page 16 of 20
R = Reputation
SD = Service Delivery
Hospital Site
QAH/SMH
Date
Clinical Services Centre
Assessor
ASSURANCE MECHANISM /
MONITORING
(how are you going to monitor
whether your controls are
working)
RESPONSIBLE LEAD / COMMITTEE
IMPACT
FURTHER ACTIONS
REQUIRED TO ACHIEVE
PREDICTED (RESIDUAL) RISK
RATING
TARGET DATE
ACTIVE CONTROLS
ALREADY IN PLACE
PREDICTED RESIDAUAL RISK RATING
(C X L)
RISK / HAZARD
DESCRIPTION
INITIAL RISK RATING
DATE OPENED
ID /
CQC
Ref
TYPE / SOURCE-
Dir/Dept/Specialty/Ward
Appendix D
GUIDANCE ON COMPLETION OF THE RISK REGISTER
SECTION
Ref No
COMMENTS
A number which allows the risk to be uniquely identified: this will inserted, once the risk
is placed on the register

Version 4 01/03/2013
Page 17 of 20
Type
This is outlined on the top of the risk assessment form
Date
The date the risk was first placed onto the Register
Risk Description
A statement that provides a brief, unambiguous and workable description, which enables
the risk to be clearly understood, analysed and controlled
Consequence
This is the consequence should the risk be realised
Likelihood
This is the chance of the risk being realised
Active Controls
Details of any actual controls already in place i.e. factors that are exerting material
influence over the risks likelihood and impact: the risk rating.
An effective control is one that is properly designed and delivers the intended objective /
mitigates the risk
Initial Risk Rating
The rating determined by likelihood x consequence using the 5 x 5 matrix

o
o
Current Risk Rating
Consequence: the impact should the risk occur - this score should take into
account the existing controls
Likelihood: the likelihood of the risk happening - this score should take into account
the existing controls
This will initially be the same as the initial risk rating

As time progresses, the current risk rating should decrease (if your controls are
appropriate and effective) and move closer to the predicted residual risk rating
Further actions
Further action(s) required to be taken in order to eliminate, mitigate or control the risk
Progress Update
A brief update on progress made since the last review. NB: if no progress has been
made, do not make it up.
/
How you are going to monitor that the controls in place are effective in managing the
risk
Plus
Evidence that shows risks are being reasonably managed
Predicted Residual
Risk
The risk rating after the further actions have been implemented: expressed as the
product of the likelihood x the consequence
Target Date
Realistic date by which you consider the proposed actions will be completed
Monitoring
Assurance

Version 4 01/03/2013
Page 18 of 20
Responsible Lead
This is you and you should

o
o
o
Responsible
Committee
Understand the risk and monitor it through its lifetime

Ensure the appropriate controls are enacted
Report on the risk whenever required to do so
The Committee which has responsibility for monitoring progress of the management of
the risk

Version 4 01/03/2013
Page 19 of 20
Appendix E
List of Trust Specialist Advisers
Specialist Adviser
Contact Details
Control of Infection
7700 6261
Falls
7700 6675
Health and Safety
7700 3645
Manual Handling
7700 3642
Radiation Protection
7700 3299
Risk Management
7700 3479
Tissue Viability
7700 6985

Issue 3 29 March 2011
Page 20 of 20

Risk Assessment Policy and Protocol

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Assessment Policy and Protocol

Uploaded by

Copyright:

Available Formats

Risk Assessment Policy

Name of responsible (ratifying) committee

Risk Assurance Committee

4th February 2013

Document Manager (job title)

Deputy Director of Nursing/Head of Patient Safety

1st March 2013

February 2015 (unless requirements change)

Risk Management Strategy