- Other aspects of care/service may require risk assessments at the discretion of staff where there is potential for significant risk.
- Any hazards identified must be assessed and appropriate controls identified. Completed assessments will be kept by the lead for the relevant area and a copy submitted to the risk department.
- The outcome of any risk assessments must be communicated to staff, along with notification of the actions that are required by them to reduce associated risks.
Risk registers
- Every site, clinical area and department must have its own risk register reflecting its particular risks and degree of severity.
- Registers will be shared or co-managed with the partner trust.
- Risk registers will be kept by the relevant leads and managers and a copy submitted to the risk department.
- All staff must be fully informed of their responsibilities, populate their local risk registers and update the directorate risk register regularly.
- Formal review of significant risks should take place at least quarterly at performance meetings.
- Where it is not possible for a risk to be managed locally or it is significant, it should be escalated to the corporate risk register, via the relevant director.
- The corporate risk register will contain the high level risks that cannot be managed at directorate level or are organisation-wide or strategic in nature. The executive lead for corporate governance will manage the corporate risk register which will be reviewed by the board.
Risk mitigation
Management of risk should take place day to day in all clinical and non-clinical areas. It is anticipated that the hierarchy below, shown in priority order, will be followed:
- Avoid/eliminate the risk: for example cease the activity with which the risk is associated.
- Treat the risk, ie implement a control measure to reduce either the likelihood or consequence of the risk.
- Transfer the risk to another party, such as an insurance company or contractor.
- Considerations:
– Is the cost of mitigating the risk proportionate?
– Does the mitigation affect other people who should be informed?
– Do you have contingency plans in case the risk materialises?