1 of 5

Report to Board, 26 July 2017

Report title Board assurance framework and corporate risk register

Report from Geoff Stokes, company secretary

Prepared by Geoff Stokes, company secretary

Previously discussed at Individual executive owners

Attachments Board assurance framework and corporate risk register

Brief summary of report

Board will be aware of the developments that have been made over the past few months to the corporate risk register and the need to develop a board assurance framework.

The revised format incorporates the previous corporate risk register in the board assurance framework and includes new risks that have been identified, in part, as a result of the strategy refresh. The covering report includes an analyses of risks by strategic objective to give an overview which can be reviewed in conjunction with the strategic objectives progress report elsewhere on the agenda

Risk descriptions have been changed to make them clearer and additional columns have been added to show gaps in control and assurance.

Action Required/Recommendation.

Board is asked to receive assurance from the updated board assurance framework and corporate risk register including the removal of 7 risks due to de-escalation or replacement.

For Assurance For decision For discussion To note

Item 11

2 of 5

Board assurance framework and corporate risk register

1. Introduction Attached is the board assurance framework (BAF) which incorporates the corporate risk register (CRR). Risks have been reviewed by executive leads and include new and updated risks.

The BAF/CRR shows which strategic objective (if any) each risk affects and these have been summarised in section 3.

2. Overall Analyses Since the last review by the board, there have been an additional 8 risks added, mostly as a result of the strategy refresh. These are highlighted below;

Risk Ref

Co

rpo

rate

o

bje

ctiv

e

Exe

cuti

ve

Ow

ner

Source of risk Risk description

Cu

rren

t ri

sk s

core

57

Fin

ance

Ste

ven

Dav

ies

Strategy refresh April 2017

IF commissioners introduce restrictions or bureaucratic processes for clinical treatments THEN patients will not get the care they need and the trust may lose activity LEADING TO poor patient care, loss of income and damage to reputation

12

58

Res

earc

h

Pen

g K

haw

Strategy refresh, April 2017

IF sufficient patients are not recruited to research studies THEN externally set targets may not be met LEADING TO withdrawal of funding or damage to reputation

6

60

Kno

wle

dge

Sha

ring

Dav

id

Pro

bert

Director of human resources

IF an education director is not appointed THEN there is a risk that progress to deliver the strategy will be delayed LEADING TO lack of opportunity to develop and exploit education in trust and beyond

8

74

Pol

icy

Joha

nna

Mos

s Strategy refresh April 2017

IF the trust does appropriately consider or co-ordinate its involvement in policy development THEN the trust may get unconsciously involved in contentious areas of policy or expend effort in low priority areas LEADING TO damage to reputation

9

75

Res

earc

h

Pen

g K

haw

Quality and safety committee

IF research governance is not robust THEN there may be clinical or operational risks that are not managed or escalated appropriately LEADING TO harm to patients, withdrawal of funding or damage to reputation

8

76

Infr

astr

uctu

re

Joha

nna

Mos

s Strategy and investment committee

IF the future operational state of the hospital is not determined THEN the building may not be fit for purpose LEADING TO failure to deliver the project objectives

16

77

Infr

astr

uctu

re

Elis

a S

teel

e

EMR programme board

IF the EMR project is not implemented effectively THEN a new medical records system will not be delivered in a timely manner LEADING TO increased costs and clinical risk or damage to reputation

8

3 of 5

Risk Ref

Co

rpo

rate

o

bje

ctiv

e

Exe

cuti

ve

Ow

ner

Source of risk Risk description

Cu

rren

t ri

sk s

core

78

Car

e

John

Q

uinn

Company secretary

IF the preparation and systems are not effective THEN the outcome of the CQC inspection of Moorfields Private may not be as required LEADING TO regulatory intervention, loss of income or damage to reputation

9

Overall there are 59 risks on the BAF/CRR (compared with 51 on the previous CRR) and changes in the profile of risks from the last board review are shown below.

The following 7 risks are recommended for removal from the BAF/CRR. If agreed, these will be removed from the next report and, where de-escalated, will be managed at divisional level.

Risk Ref

Co

rpo

rate

o

bje

ctiv

e

Exe

cuti

ve

ow

ner

Risk description

Cu

rren

t ri

sk s

core

Reason

38

Ent

erpr

ise

John

Q

uinn

IF the growth in Moorfields Private is not to plan THEN there will not be sufficient revenue generated LEADING TO pressure on trust finances elsewhere

8 Replaced (merged with risk 4, commercial income)

23

Peo

ple

Dec

lan

Fla

naga

n

IF the educational standards of trainees are not maintained THEN sufficient MPET funding may not be attracted LEADING TO loss of income and damage to reputation

6 De-escalated

29

Ope

ratio

nal

Elis

a S

teel

e IF there are high vacancy rates in IT with

reliance on key members of staff THEN service and project delivery may be affected LEADING TO loss if income, clinical risk and loss of reputation

6 De-escalated

45

John

Qui

nn IF there is poor management or increasing

demand against capacity THEN national treatment targets (RTT) may not be met LEADING TO poor patient experience, damage to reputation or potential regulatory intervention

6 De-escalated

4 of 5

Risk Ref

Co

rpo

rate

o

bje

ctiv

e

Exe

cuti

ve

ow

ner

Risk description

Cu

rren

t ri

sk s

core

Reason

34

Ent

erpr

ise

Mar

iano

G

onza

lez

IF the licence to operate is revoked for Moorfields Dubai THEN the trust will not be able to treat patients LEADING TO loss of income and damage to reputation

4 De-escalated

35

Ent

erpr

ise

Mar

iano

G

onza

lez

IF the licence to operate is revoked for Moorfields Abu Dhabi THEN the trust will not be able to treat patients LEADING TO loss of income and damage to reputation

4 De-escalated

30

Infr

astr

uctu

re

Elis

a S

teel

e IF OpenEyes cannot be developed into a viable

system THEN the trust will not have an effective medical records system LEADING TO clinical risk, loss of income and damage to reputation

8 Replaced by risk 77 (implementation of EMR)

3. Analyses by objective One of the key features of the board assurance framework is that it enables the board to assess risks against the strategic objectives, and the following diagrams show the risks in BAF/CRR that have been analysed against strategic objectives. There are 18 risks that have do not related to individual strategic objectives.

4. Other risk management activities As the board will be aware, a review is being carried out of all risk registers across the trust which may identify further risks to be added to the BAF/CRR or enable risks to be de-escalated for management on divisional risk registers.

This review should be finished within the next few weeks and an update will be given to the audit and risk committee and the board at its next review.

5 of 5

An electronic system for managing risks is being introduced and this is being piloted using the BAF/CRR. It is intended that this will be used to produce the next review, at the end of quarter 2.

5. Conclusions The BAF/CRR summarises the key risks of concern to the board and, alongside the risk management arrangements across the trust, should provide the board with assurance that risks are being properly managed.

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

43

Elis

a St

eele

IF there is a successful

cyber-attack

THEN the trust may suffer

from a loss of service

and/or corruption of data

LEADING TO poor patient

care or experience, loss of

income and damage to

reputation

IT risk assessment • IT security policy

• Annual penetration tests

carried out

• Disaster recovery plan in place

including cyber-security action

cards

• NHS Cyber alerts actions

• Annual cyber-security

assessment

• Robust patching policy and

procedures

4 4 16 • 17/18 penetration test

and completion of

action plan

• 17/18 cyber-security

assessment and action

plan

• Additional toolsets to

support cyber-security

• Address issues arising from

recent penetration test (ES,

Sep 17)

• Further penetration test to

be carried out (ES, Oct 17)

4 2 8

14

Ju

l 20

17

1 O

ct 2

01

7

16 16 16 IG Committee 1 • Independent

review

• Internal audit review,

(KMPG, 17)

• IG Committee review of

cber-security (IG

committee, Aug 17)

76

Infr

astr

uct

ure

Joh

ann

a M

oss

Stra

tegy

& In

vest

men

t C

om

mit

tee IF the future operational

state of the hospital is not

determined

THEN the building may not

be fit for purpose

LEADING TO failure to

deliver the project

objectives

Strategy and

investment committee

4 4 16 • Service development

programme

• Appoint external advisors to

support service development

work (JM, Oct 17)

4 1 4

13

Ju

l 20

17

1 O

ct 2

01

7

New

ris

k

16 16 Strategy & Investment

Committee

11

Car

e

Joh

n Q

uin

n

IF there is poor

environment, practices or

behaviour

THEN outpatient clinics

may not be managed

effectively

LEADING to poor patient

experience, low staff

morale or damage to

reputation

• Buzzers provided to make

waiting more convenient

• Outpatients improvement

programme created

• Service improvement projects

to improve patient flow has

commenced in glaucoma,

medical retina and external

diseases at City Road.

3 5 15 • Systematic approach

to management of clinic

flows

• Glaucoma – implementation

of new flow (KWA, Oct 18)

• Medical retina

implementation of new flow

(KWA, Dec 18)

• External disease

implementation of new flow

(KWA, Mar, 2019)

3 3 9

27

Ju

n 2

01

7

1 O

ct 2

01

7

15 15 15 SIS Programme board 1

13

Fin

ance

Stev

en D

avie

s

Fin

ance

co

mm

itte

e

IF a financial surplus at the

required level is not

maintained

THEN there may be a

shortage of available funds

LEADING TO a reduction in

or cancellation of major

capital projects (e.g. Oriel),

regulatory intervention or

cash flow issues

NHSI and treasury

investment rules

• Financial plan/budget

development, including cost

improvement plans.

• Major capital expenditure &

funding sources identified

• Short term capital investment

commenced to maintain and

increase capacity of services and

improve environment.

• Active engagement by CFO with

the local health system

• SFIs reviewed Mar 2017

• Divisional performance

management meetings in place

• Costing project initiated

5 3 15 • Confirmation of

financial commitments

• Better understanding

and tighter control of

costs

• Report to Board on longer

term financial planning

including Project Oriel (SD, Jun

17)

• PMO in place to support

management of savings plans.

(JQ, Jun 17)

• Implement improvements in

managing costs (SD, Sep 17)

• Draw up plan for

engagement of wider trust

leadership team with the local

health system (SD, Aug 17)

• Patient level costing to be

put in place (SD, Dec 17)

5 2 10

22

Ju

n 2

01

7

1 O

ct 2

01

7

15 15 15 Finance committee 2

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

12

Joh

n Q

uin

n

IF data quality is poor

THEN this could reduce the

ability of the trust to

manage its activities

LEADING TO poor patient

care, a reduction in income

or damage to the trust's

reputation

External and internal

auditors

• A data quality group is leading

the development of systems to

ensure robust data entry,

monitoring and review.

• A data assurance framework

describes the approach to

improving data quality for all the

key areas across the organisation.

• Internal audit has been

undertaken

• A data quality action plan has

been written based on the

reports from internal and

external audit.

• An action plan has been

developed which is being

monitored through the Trust

Access group.

3 4 12 • Implementation of

data quality action plan

• Data quality action plan to be

implemented (RS, Sep 17)

3 3 9

27

Ju

n 2

01

7

1 O

ct 2

01

7

12 12 12 Data quality group 1 • External audit • External audit (Deloitte, May 18)

16

Peo

ple

Sally

Sto

rey

Peo

ple

, Div

ersi

ty a

nd

Ed

uca

tio

n

Co

mm

itte

e

IF the trust is unable to

shift its culture

THEN poor behaviour will

continue (e.g. bullying,

harassment and lack of

opportunity)

LEADING TO poor staff,

morale, high turnover and

damage to the trust's

reputation as an employer

Staff survey results • The Moorfields Way behaviours

published and woven into

existing policies and processes.

• Local action plans to bring TMW

to life and address specific staff

survey concerns in place.

• Leadership development

programme has commenced

following clinical restructure

3 4 12 • Lack of consistent

application of policy in

dealing with 'breaches'

of The Moorfields Way

behaviours

• Leadership development for

retention to commence. (SSt,

Sep 17)

• Internal audit planned to

review equalities and diversity

in 17/18 (SSt, Sep 17)

• Agree standards for dealing

with 'breaches' of The

Moorfields Way. (SSt, tbc)

3 2 6

23

Ju

n 2

01

7

1 O

ct 2

01

7

9 12 9 Management executive 1

17

Car

e

Joh

ann

a M

oss

IF policies and standards

are not consistent across

the network

THEN operating models

and service quality may

vary

LEADING TO poor patient

care, a reduction in income

or damage to the trust's

reputation

CQC report • Local quality partners in place

• Policies are in place across the

whole organisation including all

network sites.

• Vanguard programme is in

place

• Network toolkit launched

3 4 12 • Local monitoring of

quality standards

• Consistent application

of standards across the

network

• Sanctions or

enforcement for non-

compliance

• Local quality and safety

dashboards to be introduced

(IT, Aug 17)

• Identify approaches needed

across the network. (JM, Sep

17)

3 3 9

13

Ju

l 20

17

1 O

ct 2

01

7

12 12 12 Local management 1 • No independent

assurance

• Determine corporate

assurance process

• Report to quality &

safety committee in the

first instance (TL, tbc)

31

Infr

astr

uct

ure

Joh

n Q

uin

n

IF SIS programme is not

effective

THEN the organisation will

not transform quickly

enough

LEADING TO poor patient

experience, reduced

income or damage to

reputation

Board • Service Improvement &

Sustainability programme Board

has been established.

• A governance structure has

been put in place and is now

operational.

• Programmes of work have been

identified and teams with SROs

agreed.

3 4 12 • Comprehensive

delivery plans

• Specific plans to be

developed for all projects

within each programme. (JQ,

Sep 17)

3 3 9

27

Ju

n 2

01

7

1 O

ct 2

01

7

12 12 12 SIS Programme board 1 • Programme

management

arrangements

• Programming

monitoring arrangements

(JQ, Sep 2017)

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

50

Joh

n Q

uin

n

IF theatre plant breaks

down on Duke Elder ward

(SGH)

THEN there may be delays

in treatment

LEADING TO poor patient

experience, loss of income

and damage to reputation

Incident reports • SLA signed with SGH 3 4 12 • Confirmed plans for

refurbishing theatre

plant

• Refurbishment plan

(including decant) to be

confirmed. (CH, Jun 17)

• Completion of refurbishment

plan (CH, Dec 17)

3 1 3

16

Mar

20

17

1 J

ul 2

01

7

12 12 12 Chief operating officer 1

18

Car

e

Joh

ann

a M

oss

IF service level agreements

across the network are not

in place or properly

managed

THEN service standards

may be inconsistent

LEADING TO poor patient

care, a reduction in income

or damage to the trust's

reputation

CQC report • Ad hoc conversations and

meetings between MEH local

leads and host trusts

• Most SLAs in place with host

sites

• Project group established for

longer term work (JM, May 17)

4 3 12 • Enact SLAs for remaining

sites (JM, Aug 17 )

• Implement robust SLA

management arrangements

(JM, Mar 18)

4 2 8

13

Ju

l 20

17

1 O

ct 2

01

7

12 12 12 Director of strategy and

business development

1

19

Infr

astr

uct

ure

Joh

ann

a M

oss

Stra

tegy

& In

vest

men

t C

om

mit

tee IF the key assumptions

behind Project Oriel are

not achieved

THEN there may be

insufficient capital (human,

financial etc.) available

LEADING TO failure to

deliver the project

objectives

Strategy and

investment committee

• Some analysis of patients who

can be repatriated has taken

place across the network.

4 3 12 • PA consulting are designing

an activity model (JM, Aug

17)

• Revised set of assumptions to

be determined and agreed

(JM, Sep 17)

• Engagement of all relevant

colleagues in new assumptions

(JM, Sep 17)

4 2 8

13

Ju

l 20

17

1 O

ct 2

01

7

12 12 12 Strategy & Investment

Committee

2

20

Fin

ance

Joh

ann

a M

oss

Stra

tegy

& In

vest

men

t C

om

mit

tee

IF there are delays in

Project Oriel

THEN the programme may

become unaffordable

LEADING TO failure to

deliver the project

objectives

Strategy and

investment committee

• Active engagement with

current owner of preferred site as

part of NCL sustainability and

transformation plan

• 'Influencing strategy' for key

individuals across the system is in

operation.

• Optimism bias built into

business case

• Land purchase business case

agreed by board

4 3 12 • Land purchase to be pursued

following review by

membership council (TF, Jul

17)

4 2 8

13

Ju

l 20

17

1 O

ct 2

01

7

12 12 12 Strategy & Investment

Committee

2

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

25

Po

licy

Joh

ann

a M

oss

IF the trust fails to respond

to government policies or

plans

THEN opportunities may be

missed or threats ignored

LEADING TO regulatory

intervention, loss of

income and/or damage to

reputation

• Director of Strategy and

Business Development oversees,

with team.

• Business planning cycle ensures

policy review is taken into

account

• Board strategy half-days, twice

per year

• Strategy refresh carried out,

including explicit objective on

'influencing policy'

4 3 12 Lack of agreed approach

and prioritisation

• Delivery of 'current state'

report (JM, Oct 17)

• Board to agree policy

priorities and approach to

policy activity (JM, Dec 17)

4 2 8

13

Ju

l 20

17

1 O

ct 2

01

7

9 12 9

27

Joh

ann

a M

oss

Stra

tegy

& In

vest

men

t C

om

mit

tee

IF there is insufficient

planning, monitoring or

executive ownership of the

strategy

THEN the trust may fail to

implement its strategy

LEADING TO poor patient

care, loss of income or

damage to reputation

Strategy refresh • Quarterly review of progress to

Board

• Board strategy half-days, twice

per year

• Board assurance framework

aligned to corporate objectives

• Revised strategy agreed

• Revise templates for action

plans and reports

4 3 12 • Longer term planning

to ensure 5 year

objectives met

• Planning for years 2 to 5

(JM, Dec 17)

• Develop a plan to embed in

planning cycle (JM, Dec, 17)

4 2 8

13

Ju

l 20

17

1 O

ct 2

01

7

8 12 8 Board 2

51

Infr

astr

uct

ure

Elis

a St

eele

IF data warehouse fails

THEN activity may not be

recorded

LEADING TO a loss of

income

IT risk assessment • Monitoring tool implemented.

• Manual checks implemented

between flex and freeze to check

activity unchanged

• Permanent employee secured

• Documentation and standard

operating procedures reviewed

4 3 12 • Procure replacement

solution (ES, Jul 18)

4 2 8

14

Ju

l 20

17

1 O

ct 2

01

7

12 12 12 IT security group 1 • Management

executive overview

57

Fin

ance

Stev

en D

avie

s

IF commissioners introduce

restrictions or bureaucratic

processes for clinical

treatments

THEN patients will not get

the care they need and the

trust may lose activity

LEADING TO poor patient

care, loss of income and

damage to reputation

Strategy refresh Apr

2017

• Signed contract with

commissioners

4 3 12 • Negotiation with

commissioners (SD, Jul 17)

4 1 4

22

Ju

n 2

01

7

1 O

ct 2

01

7

New

ris

k

12 12 Chief financial officer 1

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

4

Fin

ance

Stev

en D

avie

s

Stra

tegy

& In

vest

me

nt

Co

mm

itte

e

IF the growth in

commercial activities is not

to plan

THEN there will not be

sufficient revenue

generated

LEADING TO pressure on

trust finances elsewhere

Strategy and

investment committee

• Regular granular reports to

Board on commercial activity

• Budget re-set approved by S&I

• Commercial governance

structure approved by S&I

• Revised plan for Abu Dhabi

factored in to financial plan,

following review by S&I

members

• Moorfields Private business

case approved

• Commercial opportunities

screening tool

5 2 10 • Review financial processes

and systems in Moorfields

Private (MD, Jul 17)

• Review effectiveness of

improvement plan in Abu

Dhabi (MG, Nov 17)

4 2 8

22

Ju

n 2

01

7

1 O

ct 2

01

7

9 10 10 Strategy & Investment

Committee

2

7

Infr

astr

uct

ure

Elis

a St

eele

IF there is a major IT failure

THEN access to the trusts IT

systems could be disrupted

LEADING TO poor patient

care, a reduction in income

or damage to the trust's

reputation

IT risk assessment • Disaster Recovery and Business

Continuity Plans are documente

and reviewed annually

• Further configuration changes

to secondary server room and

network completed

• Follow up DR exercise carried

out in March 2017

• Annual desktop disaster

recovery and business continuity

exercise

• Key systems (e.g. PAS,

OpenEyes) disaster recovery test

3 3 9 Disaster recovery and

business continuity

plans need to be

updated

• Limitations of

recovery for some

systems (e.g. imaging)

• Investigate options to move

out of Ebenezer Street and

outsource secondary data

centre (ES, Dec 17)

3 2 6

14

Ju

l 20

17

1 O

ct 2

01

7

12 9 9 IG Committee 1 • External validation

of disaster recover

plans

• Internal audit review

due, (KPMG,2021/22)

8

Peo

ple

Sally

Sto

rey

Peo

ple

, Div

ersi

ty a

nd

Ed

uca

tio

n C

om

mit

tee

IF mandatory training

standards are not met

THEN staff may not be

competent to carry out

their functions

LEADING TO poor patient

care, a reduction in income

or damage to the trust's

reputation

Performance report to

board

• Oversight by mandatory

training group

• Insight system is now

embedded across the

organisation.

• Reports continually produced

to hold departments/managers

to account.

• The ten core high-volume

mandatory training subjects have

been converted to online

programmes

• From Jan 2017 new starters are

required to complete ten core

programmes before starting in

role

3 3 9 • Strengthen

accountability of

divisional management

• Fines for DNAs will be

introduced (SSt, Sep 17 )

3 2 6

23

Ju

n 2

01

7

1 O

ct 2

01

7

12 9 9 Board 2

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

9

Car

e

Dec

lan

Fla

nag

an

Qu

alit

y &

Saf

ety

Co

mm

itte

e

IF proper clinical practice is

not followed

THEN there may be serious

clinical incidents

LEADING TO patient harm

and damage to reputation

Serious incident

reporting

• Robust clinical governance

arrangements exist.

• Generally good clinical

procedures and guidelines are in

place.

• The level of serious incidents

remains fairly consistent from

year to year and very low

compared to other trusts

• Revised WHO checklist process

in place

3 3 9 • Serious incidents and

never events have

occurred in areas

thought to be controlled

• To be determined 3 2 6

2 M

ar 2

01

7

1 J

ul 2

01

7

9 9 9 Quality and safety

committee

2 • WHO checklist not

consistently

followed

• Monthly audits taking

place (ADw, Aug 2017)

21

Stev

en D

avie

s

IF the City Rd estate is not

maintained effectively

THEN this could lead to

operational or service

failure

LEADING TO poor patient

care, loss of income or

damage to reputation

Capital programme

and oversight group

• Backlog and other maintenance

programme embedded in

working practices of estates team

• System in place to monitor

compliance and delivery

3 3 9 • Approval of land purchase

(JM, Dec 17)

3 3 9

22

Ju

n 2

01

7

1 O

ct 2

01

7

12 9 9 Quality and safety

committee

2

39

Peo

ple

Sally

Sto

rey

Peo

ple

, Div

ersi

ty a

nd

Ed

uca

tio

n C

om

mit

tee

IF Brexit affects

recruitment and retention

THEN there may be staff

shortages and skills gaps

LEADING TO poor patient

care or a reduction in

income

Feedback from

affected staff

• Currently recruitment is open

world-wide and is not restricted

to EU applicants

• CEO message of support to all

EU staff

• CEO and HRD engaged in

influencing ministers through

various national groups

• seminars arranged for EU staff

to provide legal advice about

residency

• Nursing strategy actions to

improve ability to recruit nurses

Extra resource added to support

retention

3 3 9 • Regular communications to

affected staff (SSt, tbc)

3 2 6

23

Ju

n 2

01

7

1 O

ct 2

01

7

9 9 9 Management executive 1

40

Stev

en D

avie

s

Qu

alit

y &

Saf

ety

Co

mm

itte

e

IF there is inconsistent

management of the estate

across the network

THEN there may be a

failure to meet statutory

obligations for the

management of estate

related issues

LEADING TO poor patient

experience, loss of income

or damage to reputation

• System in place for recording

statutory and mandatory

compliance and identifying where

areas of non-compliance exist.

• Some leases are in place (incl.

St George's)

• Compliance assurance sought

regularly from host trusts

• Interim compliance officer

appointed

3 3 9 • Effective (e.g.

enforceable) leases in

place across the

network

• Convert existing agreements

to leases (CH, Jan 18)

3 2 6

22

Ju

n 2

01

7

1 O

ct 2

01

7

12 9 9 Quality and safety

committee

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

42

Stev

en D

avie

s

IF the cost of new

technology or treatments is

not cobvered by tariff or

pass-through

THEN treatmeents may not

be available or need to be

funded from elsewhere

LEADING TO poor patient

experience or pressure on

trust finances

• Engage with commissioners to

give notice of forthcoming

funding pressures

3 3 9 • Arrange meeting with R&D to

improve notice for forthcoming

funding pressures (SD, Aug

17 )

3 2 6

22

Ju

n 2

01

7

1 O

ct 2

01

7

9 9 9

44

Peo

ple

Sally

Sto

rey

Peo

ple

, Div

ersi

ty a

nd

Ed

uca

tio

n C

om

mit

tee IF the introduction of IR35

affects the trust's ability to

retain key agency and

interim staff

THEN there may be staff

shortages and skills gaps

LEADING TO poor patient

care, a loss of income or a

delay in implementing

projects

HM Treasury and NHSI

guidance

• Management executive have

reviewed all temporary staff

falling under new arrangements

• Agency staff have been moved

to bank or payroll in many cases

3 3 9 None No further mitigations at this

stage

3 3 9

23

Ju

n 2

01

7

1 O

ct 2

01

7

12 9 9 • Management executive 3

52

Joh

n Q

uin

n

IF cancer pathway is not

clear or patients exercise

their choice

THEN national cancer

treatment targets may not

be met

LEADING TO poor patient

care, damage to reputation

and potential regulatory

intervention

NHSI licence condition • Regular performance meetings

within the service to monitor the

target and develop plans to

deliver the target. NHSE are

invited to these and minutes

shared with them.

• Staff now encourage patients to

attend by highlighting the

urgency of these referrals.

3 3 9 Plan to improve cancer

services

• Project to develop process

improvement (JQ, tbc)

3 3 9

16

Mar

20

17

1 J

ul 2

01

7

9 9 9 Board (through the IPR) 2

53

Joh

n Q

uin

n

IF medical records are

missing or not available

THEN there may be delays

in treatment

LEADING TO poor patient

experience, low staff

morale and damage to

reputation

• Better PAS guidance on case

note tracking.

• Correct preparation of medical

records.

• Strict authorisation policy for

the use of temporary records.

• Biggest improvement is arising

from the A&C review and the

formation of a closed library.

• Healthcare operational group is

monitoring records at SGH and

City Rd

3 3 9 • Changes to medical

records management

• Business plan for outsourcing

of patient records (tbc, Aug

17)

3 2 6

16

Mar

20

17

1 J

ul 2

01

7

9 9 9

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

54

Trac

y Lu

cke

tt

IF there are no written

safeguarding arrangements

between Moorfields and

the local safeguarding

teams.

THEN there may be

inconsistency across the

network

LEADING TO poor patient

care, reputational damage

and potential regulatory

intervention

Director of nursing and

allied health

professions

• Flow charts within SGA and SGC

policy for all satellite units have

been produced and

implemented.

• Up to date policies that explain

the processes of who to contact if

a child or an adult is deemed as

vulnerable

3 3 9 • Incorporation of MEH

safeguarding processes

with network hosts

• Written agreement (SLAs)

with host satellites to ensure

processes are in place and

working (JM, Mar 18 )

3 2 6

23

Ju

n 2

01

7

1 O

ct 2

01

7

12 9 9 Director of nursing and

allied health professions

1

55

Elis

a St

eele

IF imaging equipment at

satellites fails

THEN data may not be

backed up

LEADING TO increased,

costs, clinical risk or

damage to reputation

IT Risk assessment • Monitoring programme

developed for Open Eyes to

check connectivity

• Procedures defined with EBME

3 3 9 • Completion of asset

revalidation

• Alternative

connection mechanisms

• Audit all equipment, ensure

asset register correct and

confirm network connectivity

(ES, Aug 17)

3 2 6

14

Ju

l 20

17

1 O

ct 2

01

7

12 9 9 Digital infirmation strategy

board

1

61

Peo

ple

Sally

Sto

rey

IF retention is not

improved

THEN there may be staff

shortages and skills gaps

LEADING TO high agency

spend, poor patient care,

or a reduction in income

Workforce KPIs on

turnover

• KPIs reported monthly to

directorates and departments;

local action plans; nursing

strategy actions

• Detailed understanding of the

drivers of high turnover

weekly staff bulletin shows

current vacancies

3 3 9 • Actions arising from

report

• Action plan to follow

analysis; improved on-

boarding processes; career

clinics for staff wanting to

progress within the trust;

(SSt, Sep 17)

3 2 6

23

Ju

n 2

01

7

1 O

ct 2

01

7

9 9 6 Board (through the IPR) 2

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

78

Car

e

Joh

n Q

uin

n

Qu

alit

y &

Saf

ety

Co

mm

itte

e

IF the preparation and

systems are not effective

THEN the outcome of the

CQC inspection of

Moorfields Private may not

be as required

LEADING TO regulatory

intervention, loss of

income or damage to

reputation

Company Secretary • Previous CQC inspection of

GOOD

• Action plan in place

• Approval of additional resource

to manage project

3 3 9 • Appointment of

project manager

• Interim project manager

being sourced (MD, Jul 17)

3 1 3

17

Ju

l 20

17

1 O

ct 2

01

7

New

ris

k

9 9 Quality and safety committee 2 • Confirmation of

CQC inspection date

47

Res

earc

h

Pen

g K

haw

IF high quality research

staff cannot be engaged

THEN research activities

will not be fulfilled

LEADING TO withdrawal of

funding or damage to

reputation

Director of research

and development

• Programme underway led by

Dep CD of Clinical Research

Facility, Dr Richard Lee and Mr

Praveen Patel to work with peers

to champion research

involvement.

2 4 8 • Review incentives, reward

and recognition for this

endeavour. (PK, Apr 17)

• Assess effectiveness of

revised incentives on

engagement (MH, Oct 17)

• Engage SIS programme to

align operational and research

activity (MH, Mar 17)

2 4 8

12

Jan

20

17

1 J

ul 2

01

7

8 8 8 Director of research and

development

1

48

Car

e

Trac

y Lu

cke

tt

IF there is insufficiently

skilled paediatric trained

staff

THEN then there may be

non-compliance with NSF

and CQC standards

LEADING TO poor patient

experience, potential

regulatory intervention or

damage to reputation

• Play specialist available for one

paediatric clinic per week.

• All staff trained to a minimum

of level 2 in child protection and

key staff trained to level 3

• Separate waiting areas for

children and adults

• Specialist staff appointed

2 4 8 • Appropriate specialist staff

start (TL, Sep 17)

• Ensure any new facility will

be designed and built with

dedicated separate children's

space. (JQ/CH tbc)

1 4 4

9 M

ar 2

01

7

1 J

ul 2

01

7

10 8 8

49

Trac

y Lu

cke

tt

Qu

alit

y &

Saf

ety

Co

mm

itte

e

IF inpatient wards are not

designed or managed

properly

THEN the trust will breach

mixed sex accommodation

standard

LEADING TO a poor patient

experience, reputational

risks and potential

regulatory intervention.

• Staff are as flexible as possible

to ensure minimal breaches by

full use of the side rooms

• Reported through the IPR

2 4 8 • Configuration of Duke

Elder ward limits

flexibility

• Duke Elder ward is being

refurbished as part of the St

George's development ( SD,

Dec 17 )

2 1 2

23

Ju

n 2

01

7

1 O

ct 2

01

7

8 8 8 Board (through the IPR) 2 • Ensure design is

suitable

• Ensure

development work

is on track

• Confirmation of decant

arrangements for

refurbishment (JQ, Jul 17)

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

60

Kn

ow

led

ge S

har

ing

Dav

id P

rob

ert

IF an education director is

not appointed

THEN there is a risk that

progress to deliver the

strategy will be delayed

LEADING TO lack of

opportunity to develop and

exploit education in trust

and beyond

Strategy refresh Apr

2017

• Key actions are being addressed

by Dir of HR, Dir of Nursing and

Med Dir

• Robust job description and

person specificatio in place

2 4 8 • Recruitment process

underway (SSt, Aug 17)

2 1 2

New

ris

k

1 O

ct 2

01

7

New

ris

k

8 8

1

Ian

To

mb

leso

n

IF the trust does not meet

its statutory obligations in

relation to health & safety,

fire, infection control etc.

THEN there could be

breaches in standards and

other failures

LEADING TO regulatory

intervention or patient

harm.

Statutory obligations • Controls exist through

management oversight groups,

for example fire safety and

infection control.

• The large majority of policies

are up to date and obligations are

met.

• Scrutiny and challenge by the

audit and risk committee, the

quality and safety committee and

the board.

• CQC rating of 'good' achieved

• Reduced fire risk re medical

records storage at City Road (see

risk O2)

• Permanent Head of Legal

Services in post

4 2 8 • Backlog maintenance

is covered under risk

C21.

4 2 8

13

Ju

l 20

17

1 O

ct 2

01

7

8 8 8 Quality and safety

committee

3

2

Joh

n Q

uin

n

IF medical records are not

stored appropriately

THEN there is a fire risk

LEADING TO damage to the

building, disruption In

service and risk to patients

and staff

Directors' walk round • Medical records have been

organised better to reduce the

possibility of combustion (min

30cm from heat source).

• Business case developed to re-

provide medical records storage

off site.

4 2 8 • Long term off-site

storage solution

• Reduce reliance on

paper (introduce

electronic document

management system)

• Identification of off site

solution for City Rd (JQ, Sep

17)

• Business case for EDM to be

approved (JQ, Oct 17)

4 1 4

27

Ju

n 2

01

7

1 O

ct 2

01

7

8 8 8 Management group 1 • External fire

inspection

• Fire inspection due

(CH, Oct 17)

5

Dav

id P

rob

ert

IF the trust fails to meet its

licence conditions

THEN there could be

regulatory intervention

LEADING TO financial

pressure and a restriction

on the trust's ability to

operate.

Foundation trust

licence

• The trust maintains a financial

surplus.

• There are no potentially serious

breaches to the trust's licence

• CQC rating of 'good' achieved

4 2 8 • Report from Deloitte review

of corporate governance (DP,

Aug 17)

4 1 4

18

Ju

l 20

17

1 J

ul 2

01

7

9 8 6 External audit

NHSI

3

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

6

Car

e

Joh

n Q

uin

n

IF there is a major internal

or external incident (e.g.

fire, flood, power failure

etc.)

THEN trust services could

be disrupted

LEADING TO poor patient

care, a reduction in income

or damage to the trust's

reputation

Business continuity

planning assessment

• The Trust has an emergency

response policy.

• Business continuity plans are in

place and subject to regular multi-

disciplinary exercise programme.

• Senior leaders receive briefings

from the emergency planning

lead as required

• Building maintenance

programme

• Regular inspections

• The Trust has been externally

audited and is rated 'good' for

EPRR preparedness.

4 2 8 None 4 2 8

27

Ju

n 2

01

7

1 O

ct 2

01

7

8 8 8 Emergency planning group 1 • Board awareness

of arrangements

• Board training session

to be held (JQ, Sep 17)

28

Joh

ann

a M

oss

IF there is no proactive

consideration given to

communications or

dedicated communicaions

resource

THEN communication may

be uncoordinated or not

considered

LEADING TO damage to

reputation

Director of strategy

and business

development

• Governance arrangements

utilise monitoring/feedback

controls and assurances etc. to

ensure that the organisation is

sensitive to changes and can

respond accordingly.

• The Trust maintains a financial

surplus.

• Communications team active,

e.g. built good relationships with

key journalists

4 2 8 • See risks C5, C6, C9, C10, C18,

C41, O1

• Co-ordinate and align

reputation management across

Moorfields NHS and

commercial divisions (JM, Sep

17)

4 2 8

13

Ju

l 20

17

1 O

ct 2

01

7

8 8 8

30

Infr

astr

uct

ure

Elis

a St

eele

Stra

tegy

& In

vest

men

t C

om

mit

tee IF OpenEyes cannot be

developed into a viable

system

THEN the trust will not

have an effective medical

records system

LEADING TO clinical risk,

loss of income and damage

to reputation

IT risk assessment • Support outsourced to third

party company.

• Current development

outsourced to third party

company.

•Outline Business Case for

strategic EMR approved

• EMR procurement confirmed

4 2 8 • Implement phase 1 (ES, Jul

18)

4 1 4

14

Ju

l 20

17

1 O

ct 2

01

7

12 8

Rep

lace

d b

y ri

sk 7

7

Programme steering group 1

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

36

Ente

rpri

se

Mar

ian

o G

on

zale

z

Stra

tegy

& In

vest

me

nt

Co

mm

itte

e

IF there is a major IT

problem affecting UAE

operations

THEN clinical activity may

be affected

LEADING TO loss of income

or damage to reputation

• Moorfields Abu Dhabi uses IT

infrastructure of UEMS (MEH

partner in AD)

• 3 levels of backup in place

(RAID, offsite tape, and UK-based

servers)

• Paper based clinical record

system is on standby.

• A capacity assessment process

for the current servers is

currently in place.

• Back up is in place and aligned

with Health Authority of Abu

Dhabi and UEMS policies and

procedures.

• Data connectivity in place

between all UAE sites

4 2 8 Offsite duplicate server

backup (not currently

being pursued)

4 1 4

1 J

ul 2

01

7

8 8 8 Commercial director 1 Independent

assessment of

arrangements

37

Ente

rpri

se

Mar

ian

o G

on

zale

z

Qu

alit

y &

Saf

ety

Co

mm

itte

e

IF clinical practices in the

UAE are not managed

effectively

THEN there may be serious

clinical incidents

LEADING to patient harm

loss of income and damage

to reputation

Medical director • Maintaining high clinical

standards,

• Reporting incidents early and

being open and transparent with

regulator.

• Good links with Moorfields in

London

• Ensuring that lessons are

learned where necessary.

• Implementation and

consolidation of Clinical

Governance practices in MEHD

and MEHCAD.

4 2 8 4 2 8

11

Jan

20

17

1 J

ul 2

01

7

8 8 8 Commercial director 1

38

Ente

rpri

se

Joh

n Q

uin

n

Stra

tegy

& In

vest

me

nt

Co

mm

itte

e

IF the growth in Moorfields

Private is not to plan

THEN there will not be

sufficient revenue

generated

LEADING TO pressure on

trust finances elsewhere

• The business is mature.

• An LLP has been developed

which is supported by the

majority of consultants and this

may develop further into new

operating arrangements.

• A substantial expansion has

taken place at the Moorfields

Private Outpatient Centre, Bath

Street

• Business case approved for

Moorfields Private development

4 2 8 4 1 4

27

Ju

n 2

01

7

1 O

ct 2

01

7

8 8

Me

rge

wit

h r

isk

4

Strategy & Investment

Committee

2

41

Car

e

Ian

To

mb

leso

n

Qu

alit

y &

Saf

ety

Co

mm

itte

e

IF the trust does not

adhere to current policies

or the CQC action plan is

not implemented at

sufficient pace

THEN clinical standards

may not be met

LEADING TO patient harm

and a failure to maintain a

CQC rating of 'good'

CQC licence • Action plan process in place

• Widespread communications

about need to address concerns

in CQC report

• Quality summit held

• Robust process for

implementing action plan

• CQRG monitoring of action plan

• Implemented more than 50% of

actions

4 2 8 • Implement action plan (IT,

Mar 18)

4 2 8

13

Ju

l 20

17

1 O

ct 2

01

7

8 8 8 Quality and safety

committee

2

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

46

Car

e

Ian

To

mb

leso

n

Qu

alit

y &

Saf

ety

Co

mm

itte

e

IF there are staff shortages,

commissioner or regulator

concerns, serious incidents

or never events

THEN the CQC registration

may be revoked or

significant conditions

attached

CQC licence • Improved outcomes data,

• Low numbers of SIs,

• Good FFT responses

• Quality Partner model provides

local support to drive quality and

safety.

• CQC rating of 'good' achieved

4 2 8 • Report from Deloitte review

of corporate governance (DP,

Aug 17)

4 1 4

13

Ju

l 20

17

1 O

ct 2

01

7

8 8 4 Quality and safety

committee

CQC engagement meeting

3

74

Po

licy

Joh

ann

a M

oss

IF the trust does

appropriately consider or

co-ordinate its involvement

in policy development

THEN the trust may get

unconsciously involved in

contentious areas of policy

or expend effort in low

priority areas

LEADING TO damage to

reputation

Strategy refresh Apr

2017

4 2 8 • Lack of oversight and

co-ordination in policy

development.

• Delivery of 'current state'

report (JM, Oct 17)

• Board to agree policy

priorities and approach to

policy activity (JM, Dec 17)

4 1 4

13

Ju

l 20

17

1 O

ct 2

01

7

New

ris

k

8 8

75

Res

earc

h

Pen

g K

haw

Qu

alit

y &

Saf

ety

Co

mm

itte

e

IF research governance is

not robust

THEN there may be clinical

or operational risks that

are not managed or

escalated appropriately

LEADING TO harm to

patients, withdrawal of

funding or damage to

reputation

Quality and safety

committee

• Research quality management

system

4 2 8 • Non-research doctor

to chair research

governance committee

• Medical director to chair (DF,

Oct 17)

4 1 4

13

Ju

l 20

17

1 O

ct 2

01

7

New

ris

k

8 8 Quality & safety committee 2 • Regular reporting

from research

fovernance

committee to

quality & safety

committee

• Regular reporting to

commence (MH, Oct 17)

77

Infr

astr

uct

ure

Elis

a St

eele

Stra

tegy

& In

vest

men

t C

om

mit

tee IF the EMR project is not

implemented effectively

THEN a new medical

records system will not be

delivered in a timely

manner

LEADING TO increased

costs and clinical risk or

damage to reputation

EMR Programme

board

• EMR programme governance

arrangements in place

• Provider due diligence carried

out prior to contract award

• Clinical engagement being

marshalled by CCIO

• Additional resource

requirements identified

4 2 8 • Completion of

procurement of

additional resource

• Recruitment of additional

resource to support

implementation (ES, Sep 17)

4 2 8

14

Ju

l 20

17

1 O

ct 2

01

7

New

ris

k

8 8 Strategy & Investment

Committee

2

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

47

Car

e

Trac

y Lu

cke

tt

IF the organisation does

not consistently follow the

principles of the Mental

Capacity Act 2005

THEN care may be given

inappropriately

LEADING TO poor patient

care, reputational risk and

legal challenge

MCA 2005 • Policy and procedure around

the Mental Capacity Act 2005 in

place including the use of a

specific recording tool for staff.

• Basic awareness training

including “lunch time” sessions;

formal training at clinical

governance committee days are

taking place

• Reported as part of

safeguarding training compliance

through IPR

• 'Mental Capacity Assessment

Pocket Prompts' for all clinical

staff.

2 3 6 None • Establish Safeguarding

champions; (TL, Sep 17)

2 3 6

23

Ju

n 2

01

7

1 O

ct 2

01

7

6 6 6 Director nursing and allied

health professions

Board (through IPR)

2 • Test compliance • Evaluate the results of

the audit carried out (TL,

Aug 17)

10

Car

e

Dec

lan

Fla

nag

an

Qu

alit

y &

Saf

ety

Co

mm

itte

e

IF the trust fails to identify

or address poor clinical

practice

THEN there could be

multiple serious incidents

LEADING TO patient harm,

regulatory intervention or

damage to reputation

CQC registration • Deanery review in Jun 2015

confirmed excellent SPR medical

training in City Rd and North

London sites.

• Deanery review in Apr 16

confirmed SPR medical training

standards at St George's

• Robust incident and complaints

systems are in place .

• Mandatory annual appraisal in

place meets GMC standards.

• Sub-speciality structure with

each monitoring against outcome

measures

• All national standards (e.g. RTT,

A&E etc.) met

3 2 6 No further mitigations at this

stage

3 2 6

2 M

ar 2

01

7

1 J

ul 2

01

7

9 6 6 Quality and safety

committee

2

14

Fin

ance

Stev

en D

avie

s

Fin

ance

co

mm

itte

e

IF there is a significant

lapse in financial

stewardship or governance

THEN this could lead to

regulatory intervention

LEADING TO reduction in

the trust's flexibility to

operate

Foundation trust

licence

• Good controls are in place.

• SOs and SFI revised regularly.

• Comprehensive internal audit

plan.

• Integrated budgeting &

business planning for 2016/17

and 2017/18.

• Capital planning controls in

place

• Internal audit review of

financial systems

• SFIs reviewed

3 2 6 • Improved compliance

with SFIs

• Further controls being

implemented for reporting

(SD, Sep 17) and procurement.

(SD, Mar 18)

• Re-design of SFIs to make

them more user friendly (SD,

Oct 17)

3 1 3

22

Ju

n 2

01

7

1 O

ct 2

01

7

9 6 6 Internal audit 3 Internal audit

review

• Internal audit of

governance & controls

compliance, effective

financial reporting (SD,

Mar 18)

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

15

Peo

ple

Sally

Sto

rey

Peo

ple

, Div

ersi

ty a

nd

Ed

uca

tio

n C

om

mit

tee

IF there external factors

(e.g. pay restrictions,

imposed contracts etc.), or

internal factors (e.g.

redundancies) affecting

industrial relations

THEN this could lead to

industrial action

LEADING TO poor patient

care, a reduction in income

or damage to the trust's

reputation

Intelligence from

trust's joint staff

committees

• Local and National employee

relations policies in place to limit

extent of any serious action. 

• Employee engagement

practices, including internal

communications in place.

• On-going formal and informal

engagement with staff and

unions through JSCC or as

required.

• Industrial action contingency

plan included in business

continuity plans.

• Tighter legal controls imposed

for strike ballots

• Ongoing horizon scanning

3 2 6 None 3 2 6

23

Ju

n 2

01

7

1 O

ct 2

01

7

6 6 6 People education and

diversity committee

2 None

23

Peo

ple

Dec

lan

Fla

nag

an

Peo

ple

, Div

ersi

ty a

nd

Ed

uca

tio

n C

om

mit

tee IF the educational

standards of trainees are

not maintained

THEN sufficient MPET

funding may not be

attracted

LEADING TO loss of income

and damage to reputation

Medical director • Re-visit by Deanery in April

2016 noted improvements on

previous cause for concern

report in June 2015.

• 2016 national trainee survey of

trainees outcome 'satisfactory'

3 2 6 3 2 6

2 M

ar 2

01

7

1 J

ul 2

01

7

6 6

De-

esca

late

d

Medical director

Management executive

1 • 2017 national

trainee survey

results

• 2017 national trainee

survey due to be

reported (MD, Jul 17)

29

Elis

a St

eele

IF there are high vacancy

rates in IT with reliance on

key members of staff

THEN service and project

delivery may be affected

LEADING TO loss if income,

clinical risk and loss of

reputation

CIO • Contractors fill key roles.

• Temporary bank contracts to

cover key projects, e.g. EMR

3 2 6 • Appoint to key vacant posts,

use head hunters. (ES, Oct 17)

• Recruit contract staff to

bank.(ES, Sep 17)

• Outsource certain aspects of

deployment where appropriate

(ES, Jun 17)

3 2 6

14

Ju

l 20

17

1 O

ct 2

01

7

12 6

De-

esca

late

d

DISB 1

45

Joh

n Q

uin

n

IF there is poor

management or increasing

demand against capacity

THEN national treatment

targets may not be met

LEADING TO poor patient

experience, damage to

reputation or potential

regulatory intervention

NHSI licence condition • A new RTT weekly rhythm has

been put in place with prescribed

activities during the week to

oversee access for patients with

the regulatory times. This is

directly overseen by the COO.

• Divisional performance

management meeting

3 2 6 None No further mitigations at this

stage

3 2 6

27

Ju

n 2

01

7

1 O

ct 2

01

7

6 6

De-

esca

late

d

Internal audit 3

BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER

QUARTER 1 UPDATER

isk

Re

f

Co

rpo

rate

Ob

ject

ive

Exe

cuti

ve

Ow

ne

r

Co

mm

itte

eRisk Description Source of risk Existing Controls

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore Gaps in Controls

Further Controls

(who, by when)

Co

nse

qu

en

ce

Like

liho

od

Ris

k sc

ore

Last

re

vie

w

Ne

xt R

evi

ew

Pre

vio

us

sco

re

Cu

rre

nt

sco

re

Ne

xt s

core Source of Assurance

Ass

ura

nce

leve

l

Gaps in Assurance(ref no. of further

assurance)

Further assurances

(who, by when)

Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual

58

Res

earc

h

Pen

g K

haw

IF there is insufficient

capacity of doctors and

other professions for

research

THEN not enough patients

will be able to take part in

reseaacrh studies

LEADING TO withdrawl of

funding or damage to

reputation

Strategy refresh Apr

2017

• Feasibility conducted and risk

analysis for every new study

• Performance monitored every 2

weeks and remediation plans are

put in place to mitigate / address

shortfalls and additional needs

identified.

3 2 6 • Dedicated research

time allocated

• Dr Richard Lee and Mr

Praveen Patel to work with

peers to champion research

involvement. (PK, Dec 18)

3 1 3

New

ris

k

1 O

ct 2

01

7

New

ris

k

6 6 Director of research and

development

1

34

Ente

rpri

se

Mar

ian

o G

on

zale

z

Stra

tegy

& In

vest

men

t C

om

mit

tee

IF the licence to operate is

revoked for Moorfields

Dubai

THEN the trust will not be

able to treat patients

LEADING TO loss of income

and damage to reputation

• CPQ registration confirmed

• More mature and structured

processes are in place, including

visits from MEH staff.

• A full time quality manager and

a medical director facilitate

reporting to CPQ

• Formal internal audit with a

dedicated person responsible for

the process.

• Recently appointed Head nurse

from MEH .

4 1 4 4 1 4

12

Ju

n 2

01

7

1 J

ul 2

01

7

8 4

De-

esca

late

d

Centre for Planning and

Quality, Dubai (CPQ)

3

35

Ente

rpri

se

Mar

ian

o G

on

zale

z

Qu

alit

y &

Saf

ety

Co

mm

itte

e

IF the licence to operate is

revoked for Moorfields Abu

Dhabi

THEN the trust will not be

able to treat patients

LEADING TO loss of income

and damage to reputation

Health Authority of

Abu Dhabi

•MEHCAD has obtained all the

mandatory and required

operating and commercial

licenses to operate an eye care

facility in Abu Dhabi (April 2016).

• The regulatory body for

healthcare in AD is the Health

Authority of Abu Dhabi. HAAD

sets the standards for healthcare

facilities, clinical services and

professional licenses.

• The Joint Venture has a

dedicated team in place to

oversee and coordinate the

licenses of the facility, both,

clinical and commercial.

4 1 4 4 1 4

11

Jan

20

17

1 J

ul 2

01

7

8 4

De-

esca

late

d

Quality and safety

committee

2