Risk Management Escalation Procedure This website is …：风险管理升级程序这网站… .doc

non-clinical non-clinical non-clinical non-clinical non-clinical non-clinical non-clinical non-clinical non-clinical clinicalclinical-risk assurance and escalation policynon clinical policy nee287version: 1 february 2009policy owner: assistant director of corporate servicesapproved on 20th march by the integrated governance committeesreview date: february 2010 (by asst director of corporate services)index1. introduction .page 32. accountability and responsibility.page 33. escalation. page 33.1 escalation process.page 44. assurances.page 54.1 tertiary risk assessors. page 55. administration and implementation of the policy. page 56. conclusion.page 5risk assurance and escalation policy1. introductionrisk management is an essential feature of a modern healthcare organisation and must be an integral part of all practices, processes, activities and business plans. the pct has a board approved risk management strategy policy and this assurance and escalation procedure is intended to clarify and complement that policy. all staff, particularly senior management must be fully aware of both the strategy and this accompanying policy. this policy has the direct support of the board. the teams which form the corporate services group, in particular the risk management team, have the sanction of the board to implement the actions described herein.this policy was developed by the assistant director of corporate services and risk manager. it was discussed and sanctioned by the pcts assistant director & heads of services group and weekly directors operational meeting, both in february 2009. 2. accountability & responsibility fundamental criteria for the successful management of risk are accountability and responsibility. these are clearly defined at all levels in the pct risk management strategy policy (nee132), available from the risk management team or via the pct extranet site.at the heart of first line responsibility and accountability for the resolution of a risk is the risk owner. this person is personally responsible for producing an action plan (high or low intensity) to resolve the risk and should report progress, flag up confounding factors and work with the risk management team (rmt) in the setting and review of the risk rating for their risk, until resolution or acceptable minimisation of risk is achieved.this policy is owned by the assistant director of corporate services and has been adopted by and is accountable to the commissioning integrated governance committee.3. escalation as part of this accountability process it is vital that there is a suitable and sufficient escalation process in place. the aim of the procedure is not to replace the roles and responsibility in relation to risk management, held by individuals, committees or groups, such as the health & safety group, integrated governance committee, dom, provider services committee or the board. this document sets out the escalation process in the event of an individual who is assigned risk responsibility but fails to progress, manage or supply relevant assurances that their owned risk(s) is being adequately mitigated, within a reasonable timescale.the pct has experienced some difficulties in relation to assurances and progress linked to the risk register, serious untoward incidents and safety alerts. the provider and commissioning integrated governance committees have both agreed that the following, simple escalation process will be adopted. this process has, in effect, been apparent for some time but requires formalisation and separating out from bulk policies, where it is incorporated. 3.1 escalation processin the event of a failure or inadequate response to a risk update within the recommended timescale, the risk management team will escalate to the next in-line management/executive tier, as appropriate. once the issue is escalated it is the responsibility of the persons to whom it was escalated to ensure the necessary action is taken to mitigate the risk and/or produce progress reports, as required. for example, if the risk owner is a head of service or assistant director, the issue in the first instance will be escalated to the relevant executive director. if there is no or an inadequate response within a reasonable time frame, then the issue will be escalated to the chief executive. in the unlikely event of an inadequate response from ceo level, in a reasonable time frame, the risk will be escalated to the non-executive director assigned board responsibility for risk management. this person can enlist the support of the pct chairman and the board to elicit action, if need be. diagrammatically (* indicates any of these can be a risk owner):risk nedchairmanboardexecutive* directorceo*asst dir/hos*any grade - risk owner*escalated at discretion of rmt as response target date is reachedbenchmark of 1 week given before discretionary escalation by rmt with ad of cs collusionbenchmark of 1 week given before discretionary escalation by rmt with ad of cs collusionit is envisaged that the application of this escalation process will emphasise individuals responsibilities for risk management, help to tackle the actual risk behind the escalation and in time reduce the number of escalations required. 4. assurancesthe pct board is ultimately responsible for the management of risk and internal controls; as such the board needs appropriate assurances that risk is being managed through suitable and sufficient systems. one aspect of the boards assurance process is the risk register, where the board review all serious or uncontrolled risks. risks which have not been adequately addressed or responded to clearly expose the pct to unnecessary risk and fails to give the board the assurances that they need. 4.1 tertiary risk assessorsif the risk management team is not satisfied that the assurances being given for the control or elimination of a risk are satisfactory or accurate, then they reserve the right, with sanction from the assistant director of corporate services or the director of corporate development & governance, to engage a suitably qualified person with experience in the function/area involved to assess the actual level of risk, in the relevant case. so, for example, a member of the healthcare quality team might be requested to assess a patient safety related risk. these tertiary risk assessors (tra) will always be employed from within the pct. the use of a tra will normally take place with the agreement and co-operation of the risk owner but can be unilaterally placed by the rmt if need be.the report from a tra will be presented initially to the risk owner and, if necessary, to the executive director responsible for the service/function/area in question.it should be noted that the use of a tra is seen as a last resort and will only be used when other methods have failed to establish the required level of assurance, as described above.5. administration and implementation of policy this policy will be promoted by the usual corporate services team process, including via the ceo weekly bulleting and email dissemination. as with all policies and procedures, it should only be accessed via the pcts extranet site.no specific training is required for users but implementation guidance should be sought, if required, from the assistant director of corporate services or the risk manager. compliance with the requirements of the policy will be monitored by the risk management team.6. conclusion a nhs body that fails to manage its risks throughout the organi