1 of 5
Report to Board, 26 July 2017
Report title Board assurance framework and corporate risk register
Report from Geoff Stokes, company secretary
Prepared by Geoff Stokes, company secretary
Previously discussed at Individual executive owners
Attachments Board assurance framework and corporate risk register
Brief summary of report
Board will be aware of the developments that have been made over the past few months to the corporate risk register and the need to develop a board assurance framework.
The revised format incorporates the previous corporate risk register in the board assurance framework and includes new risks that have been identified, in part, as a result of the strategy refresh. The covering report includes an analyses of risks by strategic objective to give an overview which can be reviewed in conjunction with the strategic objectives progress report elsewhere on the agenda
Risk descriptions have been changed to make them clearer and additional columns have been added to show gaps in control and assurance.
Action Required/Recommendation.
Board is asked to receive assurance from the updated board assurance framework and corporate risk register including the removal of 7 risks due to de-escalation or replacement.
For Assurance For decision For discussion To note
Item 11
2 of 5
Board assurance framework and corporate risk register
1. Introduction Attached is the board assurance framework (BAF) which incorporates the corporate risk register (CRR). Risks have been reviewed by executive leads and include new and updated risks.
The BAF/CRR shows which strategic objective (if any) each risk affects and these have been summarised in section 3.
2. Overall Analyses Since the last review by the board, there have been an additional 8 risks added, mostly as a result of the strategy refresh. These are highlighted below;
Risk Ref
Co
rpo
rate
o
bje
ctiv
e
Exe
cuti
ve
Ow
ner
Source of risk Risk description
Cu
rren
t ri
sk s
core
57
Fin
ance
Ste
ven
Dav
ies
Strategy refresh April 2017
IF commissioners introduce restrictions or bureaucratic processes for clinical treatments THEN patients will not get the care they need and the trust may lose activity LEADING TO poor patient care, loss of income and damage to reputation
12
58
Res
earc
h
Pen
g K
haw
Strategy refresh, April 2017
IF sufficient patients are not recruited to research studies THEN externally set targets may not be met LEADING TO withdrawal of funding or damage to reputation
6
60
Kno
wle
dge
Sha
ring
Dav
id
Pro
bert
Director of human resources
IF an education director is not appointed THEN there is a risk that progress to deliver the strategy will be delayed LEADING TO lack of opportunity to develop and exploit education in trust and beyond
8
74
Pol
icy
Joha
nna
Mos
s Strategy refresh April 2017
IF the trust does appropriately consider or co-ordinate its involvement in policy development THEN the trust may get unconsciously involved in contentious areas of policy or expend effort in low priority areas LEADING TO damage to reputation
9
75
Res
earc
h
Pen
g K
haw
Quality and safety committee
IF research governance is not robust THEN there may be clinical or operational risks that are not managed or escalated appropriately LEADING TO harm to patients, withdrawal of funding or damage to reputation
8
76
Infr
astr
uctu
re
Joha
nna
Mos
s Strategy and investment committee
IF the future operational state of the hospital is not determined THEN the building may not be fit for purpose LEADING TO failure to deliver the project objectives
16
77
Infr
astr
uctu
re
Elis
a S
teel
e
EMR programme board
IF the EMR project is not implemented effectively THEN a new medical records system will not be delivered in a timely manner LEADING TO increased costs and clinical risk or damage to reputation
8
3 of 5
Risk Ref
Co
rpo
rate
o
bje
ctiv
e
Exe
cuti
ve
Ow
ner
Source of risk Risk description
Cu
rren
t ri
sk s
core
78
Car
e
John
Q
uinn
Company secretary
IF the preparation and systems are not effective THEN the outcome of the CQC inspection of Moorfields Private may not be as required LEADING TO regulatory intervention, loss of income or damage to reputation
9
Overall there are 59 risks on the BAF/CRR (compared with 51 on the previous CRR) and changes in the profile of risks from the last board review are shown below.
The following 7 risks are recommended for removal from the BAF/CRR. If agreed, these will be removed from the next report and, where de-escalated, will be managed at divisional level.
Risk Ref
Co
rpo
rate
o
bje
ctiv
e
Exe
cuti
ve
ow
ner
Risk description
Cu
rren
t ri
sk s
core
Reason
38
Ent
erpr
ise
John
Q
uinn
IF the growth in Moorfields Private is not to plan THEN there will not be sufficient revenue generated LEADING TO pressure on trust finances elsewhere
8 Replaced (merged with risk 4, commercial income)
23
Peo
ple
Dec
lan
Fla
naga
n
IF the educational standards of trainees are not maintained THEN sufficient MPET funding may not be attracted LEADING TO loss of income and damage to reputation
6 De-escalated
29
Ope
ratio
nal
Elis
a S
teel
e IF there are high vacancy rates in IT with
reliance on key members of staff THEN service and project delivery may be affected LEADING TO loss if income, clinical risk and loss of reputation
6 De-escalated
45
John
Qui
nn IF there is poor management or increasing
demand against capacity THEN national treatment targets (RTT) may not be met LEADING TO poor patient experience, damage to reputation or potential regulatory intervention
6 De-escalated
4 of 5
Risk Ref
Co
rpo
rate
o
bje
ctiv
e
Exe
cuti
ve
ow
ner
Risk description
Cu
rren
t ri
sk s
core
Reason
34
Ent
erpr
ise
Mar
iano
G
onza
lez
IF the licence to operate is revoked for Moorfields Dubai THEN the trust will not be able to treat patients LEADING TO loss of income and damage to reputation
4 De-escalated
35
Ent
erpr
ise
Mar
iano
G
onza
lez
IF the licence to operate is revoked for Moorfields Abu Dhabi THEN the trust will not be able to treat patients LEADING TO loss of income and damage to reputation
4 De-escalated
30
Infr
astr
uctu
re
Elis
a S
teel
e IF OpenEyes cannot be developed into a viable
system THEN the trust will not have an effective medical records system LEADING TO clinical risk, loss of income and damage to reputation
8 Replaced by risk 77 (implementation of EMR)
3. Analyses by objective One of the key features of the board assurance framework is that it enables the board to assess risks against the strategic objectives, and the following diagrams show the risks in BAF/CRR that have been analysed against strategic objectives. There are 18 risks that have do not related to individual strategic objectives.
4. Other risk management activities As the board will be aware, a review is being carried out of all risk registers across the trust which may identify further risks to be added to the BAF/CRR or enable risks to be de-escalated for management on divisional risk registers.
This review should be finished within the next few weeks and an update will be given to the audit and risk committee and the board at its next review.
5 of 5
An electronic system for managing risks is being introduced and this is being piloted using the BAF/CRR. It is intended that this will be used to produce the next review, at the end of quarter 2.
5. Conclusions The BAF/CRR summarises the key risks of concern to the board and, alongside the risk management arrangements across the trust, should provide the board with assurance that risks are being properly managed.
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
43
Elis
a St
eele
IF there is a successful
cyber-attack
THEN the trust may suffer
from a loss of service
and/or corruption of data
LEADING TO poor patient
care or experience, loss of
income and damage to
reputation
IT risk assessment • IT security policy
• Annual penetration tests
carried out
• Disaster recovery plan in place
including cyber-security action
cards
• NHS Cyber alerts actions
• Annual cyber-security
assessment
• Robust patching policy and
procedures
4 4 16 • 17/18 penetration test
and completion of
action plan
• 17/18 cyber-security
assessment and action
plan
• Additional toolsets to
support cyber-security
• Address issues arising from
recent penetration test (ES,
Sep 17)
• Further penetration test to
be carried out (ES, Oct 17)
4 2 8
14
Ju
l 20
17
1 O
ct 2
01
7
16 16 16 IG Committee 1 • Independent
review
• Internal audit review,
(KMPG, 17)
• IG Committee review of
cber-security (IG
committee, Aug 17)
76
Infr
astr
uct
ure
Joh
ann
a M
oss
Stra
tegy
& In
vest
men
t C
om
mit
tee IF the future operational
state of the hospital is not
determined
THEN the building may not
be fit for purpose
LEADING TO failure to
deliver the project
objectives
Strategy and
investment committee
4 4 16 • Service development
programme
• Appoint external advisors to
support service development
work (JM, Oct 17)
4 1 4
13
Ju
l 20
17
1 O
ct 2
01
7
New
ris
k
16 16 Strategy & Investment
Committee
11
Car
e
Joh
n Q
uin
n
IF there is poor
environment, practices or
behaviour
THEN outpatient clinics
may not be managed
effectively
LEADING to poor patient
experience, low staff
morale or damage to
reputation
• Buzzers provided to make
waiting more convenient
• Outpatients improvement
programme created
• Service improvement projects
to improve patient flow has
commenced in glaucoma,
medical retina and external
diseases at City Road.
3 5 15 • Systematic approach
to management of clinic
flows
• Glaucoma – implementation
of new flow (KWA, Oct 18)
• Medical retina
implementation of new flow
(KWA, Dec 18)
• External disease
implementation of new flow
(KWA, Mar, 2019)
3 3 9
27
Ju
n 2
01
7
1 O
ct 2
01
7
15 15 15 SIS Programme board 1
13
Fin
ance
Stev
en D
avie
s
Fin
ance
co
mm
itte
e
IF a financial surplus at the
required level is not
maintained
THEN there may be a
shortage of available funds
LEADING TO a reduction in
or cancellation of major
capital projects (e.g. Oriel),
regulatory intervention or
cash flow issues
NHSI and treasury
investment rules
• Financial plan/budget
development, including cost
improvement plans.
• Major capital expenditure &
funding sources identified
• Short term capital investment
commenced to maintain and
increase capacity of services and
improve environment.
• Active engagement by CFO with
the local health system
• SFIs reviewed Mar 2017
• Divisional performance
management meetings in place
• Costing project initiated
5 3 15 • Confirmation of
financial commitments
• Better understanding
and tighter control of
costs
• Report to Board on longer
term financial planning
including Project Oriel (SD, Jun
17)
• PMO in place to support
management of savings plans.
(JQ, Jun 17)
• Implement improvements in
managing costs (SD, Sep 17)
• Draw up plan for
engagement of wider trust
leadership team with the local
health system (SD, Aug 17)
• Patient level costing to be
put in place (SD, Dec 17)
5 2 10
22
Ju
n 2
01
7
1 O
ct 2
01
7
15 15 15 Finance committee 2
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
12
Joh
n Q
uin
n
IF data quality is poor
THEN this could reduce the
ability of the trust to
manage its activities
LEADING TO poor patient
care, a reduction in income
or damage to the trust's
reputation
External and internal
auditors
• A data quality group is leading
the development of systems to
ensure robust data entry,
monitoring and review.
• A data assurance framework
describes the approach to
improving data quality for all the
key areas across the organisation.
• Internal audit has been
undertaken
• A data quality action plan has
been written based on the
reports from internal and
external audit.
• An action plan has been
developed which is being
monitored through the Trust
Access group.
3 4 12 • Implementation of
data quality action plan
• Data quality action plan to be
implemented (RS, Sep 17)
3 3 9
27
Ju
n 2
01
7
1 O
ct 2
01
7
12 12 12 Data quality group 1 • External audit • External audit (Deloitte, May 18)
16
Peo
ple
Sally
Sto
rey
Peo
ple
, Div
ersi
ty a
nd
Ed
uca
tio
n
Co
mm
itte
e
IF the trust is unable to
shift its culture
THEN poor behaviour will
continue (e.g. bullying,
harassment and lack of
opportunity)
LEADING TO poor staff,
morale, high turnover and
damage to the trust's
reputation as an employer
Staff survey results • The Moorfields Way behaviours
published and woven into
existing policies and processes.
• Local action plans to bring TMW
to life and address specific staff
survey concerns in place.
• Leadership development
programme has commenced
following clinical restructure
3 4 12 • Lack of consistent
application of policy in
dealing with 'breaches'
of The Moorfields Way
behaviours
• Leadership development for
retention to commence. (SSt,
Sep 17)
• Internal audit planned to
review equalities and diversity
in 17/18 (SSt, Sep 17)
• Agree standards for dealing
with 'breaches' of The
Moorfields Way. (SSt, tbc)
3 2 6
23
Ju
n 2
01
7
1 O
ct 2
01
7
9 12 9 Management executive 1
17
Car
e
Joh
ann
a M
oss
IF policies and standards
are not consistent across
the network
THEN operating models
and service quality may
vary
LEADING TO poor patient
care, a reduction in income
or damage to the trust's
reputation
CQC report • Local quality partners in place
• Policies are in place across the
whole organisation including all
network sites.
• Vanguard programme is in
place
• Network toolkit launched
3 4 12 • Local monitoring of
quality standards
• Consistent application
of standards across the
network
• Sanctions or
enforcement for non-
compliance
• Local quality and safety
dashboards to be introduced
(IT, Aug 17)
• Identify approaches needed
across the network. (JM, Sep
17)
3 3 9
13
Ju
l 20
17
1 O
ct 2
01
7
12 12 12 Local management 1 • No independent
assurance
• Determine corporate
assurance process
• Report to quality &
safety committee in the
first instance (TL, tbc)
31
Infr
astr
uct
ure
Joh
n Q
uin
n
IF SIS programme is not
effective
THEN the organisation will
not transform quickly
enough
LEADING TO poor patient
experience, reduced
income or damage to
reputation
Board • Service Improvement &
Sustainability programme Board
has been established.
• A governance structure has
been put in place and is now
operational.
• Programmes of work have been
identified and teams with SROs
agreed.
3 4 12 • Comprehensive
delivery plans
• Specific plans to be
developed for all projects
within each programme. (JQ,
Sep 17)
3 3 9
27
Ju
n 2
01
7
1 O
ct 2
01
7
12 12 12 SIS Programme board 1 • Programme
management
arrangements
• Programming
monitoring arrangements
(JQ, Sep 2017)
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
50
Joh
n Q
uin
n
IF theatre plant breaks
down on Duke Elder ward
(SGH)
THEN there may be delays
in treatment
LEADING TO poor patient
experience, loss of income
and damage to reputation
Incident reports • SLA signed with SGH 3 4 12 • Confirmed plans for
refurbishing theatre
plant
• Refurbishment plan
(including decant) to be
confirmed. (CH, Jun 17)
• Completion of refurbishment
plan (CH, Dec 17)
3 1 3
16
Mar
20
17
1 J
ul 2
01
7
12 12 12 Chief operating officer 1
18
Car
e
Joh
ann
a M
oss
IF service level agreements
across the network are not
in place or properly
managed
THEN service standards
may be inconsistent
LEADING TO poor patient
care, a reduction in income
or damage to the trust's
reputation
CQC report • Ad hoc conversations and
meetings between MEH local
leads and host trusts
• Most SLAs in place with host
sites
• Project group established for
longer term work (JM, May 17)
4 3 12 • Enact SLAs for remaining
sites (JM, Aug 17 )
• Implement robust SLA
management arrangements
(JM, Mar 18)
4 2 8
13
Ju
l 20
17
1 O
ct 2
01
7
12 12 12 Director of strategy and
business development
1
19
Infr
astr
uct
ure
Joh
ann
a M
oss
Stra
tegy
& In
vest
men
t C
om
mit
tee IF the key assumptions
behind Project Oriel are
not achieved
THEN there may be
insufficient capital (human,
financial etc.) available
LEADING TO failure to
deliver the project
objectives
Strategy and
investment committee
• Some analysis of patients who
can be repatriated has taken
place across the network.
4 3 12 • PA consulting are designing
an activity model (JM, Aug
17)
• Revised set of assumptions to
be determined and agreed
(JM, Sep 17)
• Engagement of all relevant
colleagues in new assumptions
(JM, Sep 17)
4 2 8
13
Ju
l 20
17
1 O
ct 2
01
7
12 12 12 Strategy & Investment
Committee
2
20
Fin
ance
Joh
ann
a M
oss
Stra
tegy
& In
vest
men
t C
om
mit
tee
IF there are delays in
Project Oriel
THEN the programme may
become unaffordable
LEADING TO failure to
deliver the project
objectives
Strategy and
investment committee
• Active engagement with
current owner of preferred site as
part of NCL sustainability and
transformation plan
• 'Influencing strategy' for key
individuals across the system is in
operation.
• Optimism bias built into
business case
• Land purchase business case
agreed by board
4 3 12 • Land purchase to be pursued
following review by
membership council (TF, Jul
17)
4 2 8
13
Ju
l 20
17
1 O
ct 2
01
7
12 12 12 Strategy & Investment
Committee
2
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
25
Po
licy
Joh
ann
a M
oss
IF the trust fails to respond
to government policies or
plans
THEN opportunities may be
missed or threats ignored
LEADING TO regulatory
intervention, loss of
income and/or damage to
reputation
• Director of Strategy and
Business Development oversees,
with team.
• Business planning cycle ensures
policy review is taken into
account
• Board strategy half-days, twice
per year
• Strategy refresh carried out,
including explicit objective on
'influencing policy'
4 3 12 Lack of agreed approach
and prioritisation
• Delivery of 'current state'
report (JM, Oct 17)
• Board to agree policy
priorities and approach to
policy activity (JM, Dec 17)
4 2 8
13
Ju
l 20
17
1 O
ct 2
01
7
9 12 9
27
Joh
ann
a M
oss
Stra
tegy
& In
vest
men
t C
om
mit
tee
IF there is insufficient
planning, monitoring or
executive ownership of the
strategy
THEN the trust may fail to
implement its strategy
LEADING TO poor patient
care, loss of income or
damage to reputation
Strategy refresh • Quarterly review of progress to
Board
• Board strategy half-days, twice
per year
• Board assurance framework
aligned to corporate objectives
• Revised strategy agreed
• Revise templates for action
plans and reports
4 3 12 • Longer term planning
to ensure 5 year
objectives met
• Planning for years 2 to 5
(JM, Dec 17)
• Develop a plan to embed in
planning cycle (JM, Dec, 17)
4 2 8
13
Ju
l 20
17
1 O
ct 2
01
7
8 12 8 Board 2
51
Infr
astr
uct
ure
Elis
a St
eele
IF data warehouse fails
THEN activity may not be
recorded
LEADING TO a loss of
income
IT risk assessment • Monitoring tool implemented.
• Manual checks implemented
between flex and freeze to check
activity unchanged
• Permanent employee secured
• Documentation and standard
operating procedures reviewed
4 3 12 • Procure replacement
solution (ES, Jul 18)
4 2 8
14
Ju
l 20
17
1 O
ct 2
01
7
12 12 12 IT security group 1 • Management
executive overview
57
Fin
ance
Stev
en D
avie
s
IF commissioners introduce
restrictions or bureaucratic
processes for clinical
treatments
THEN patients will not get
the care they need and the
trust may lose activity
LEADING TO poor patient
care, loss of income and
damage to reputation
Strategy refresh Apr
2017
• Signed contract with
commissioners
4 3 12 • Negotiation with
commissioners (SD, Jul 17)
4 1 4
22
Ju
n 2
01
7
1 O
ct 2
01
7
New
ris
k
12 12 Chief financial officer 1
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
4
Fin
ance
Stev
en D
avie
s
Stra
tegy
& In
vest
me
nt
Co
mm
itte
e
IF the growth in
commercial activities is not
to plan
THEN there will not be
sufficient revenue
generated
LEADING TO pressure on
trust finances elsewhere
Strategy and
investment committee
• Regular granular reports to
Board on commercial activity
• Budget re-set approved by S&I
• Commercial governance
structure approved by S&I
• Revised plan for Abu Dhabi
factored in to financial plan,
following review by S&I
members
• Moorfields Private business
case approved
• Commercial opportunities
screening tool
5 2 10 • Review financial processes
and systems in Moorfields
Private (MD, Jul 17)
• Review effectiveness of
improvement plan in Abu
Dhabi (MG, Nov 17)
4 2 8
22
Ju
n 2
01
7
1 O
ct 2
01
7
9 10 10 Strategy & Investment
Committee
2
7
Infr
astr
uct
ure
Elis
a St
eele
IF there is a major IT failure
THEN access to the trusts IT
systems could be disrupted
LEADING TO poor patient
care, a reduction in income
or damage to the trust's
reputation
IT risk assessment • Disaster Recovery and Business
Continuity Plans are documente
and reviewed annually
• Further configuration changes
to secondary server room and
network completed
• Follow up DR exercise carried
out in March 2017
• Annual desktop disaster
recovery and business continuity
exercise
• Key systems (e.g. PAS,
OpenEyes) disaster recovery test
3 3 9 Disaster recovery and
business continuity
plans need to be
updated
• Limitations of
recovery for some
systems (e.g. imaging)
• Investigate options to move
out of Ebenezer Street and
outsource secondary data
centre (ES, Dec 17)
3 2 6
14
Ju
l 20
17
1 O
ct 2
01
7
12 9 9 IG Committee 1 • External validation
of disaster recover
plans
• Internal audit review
due, (KPMG,2021/22)
8
Peo
ple
Sally
Sto
rey
Peo
ple
, Div
ersi
ty a
nd
Ed
uca
tio
n C
om
mit
tee
IF mandatory training
standards are not met
THEN staff may not be
competent to carry out
their functions
LEADING TO poor patient
care, a reduction in income
or damage to the trust's
reputation
Performance report to
board
• Oversight by mandatory
training group
• Insight system is now
embedded across the
organisation.
• Reports continually produced
to hold departments/managers
to account.
• The ten core high-volume
mandatory training subjects have
been converted to online
programmes
• From Jan 2017 new starters are
required to complete ten core
programmes before starting in
role
3 3 9 • Strengthen
accountability of
divisional management
• Fines for DNAs will be
introduced (SSt, Sep 17 )
3 2 6
23
Ju
n 2
01
7
1 O
ct 2
01
7
12 9 9 Board 2
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
9
Car
e
Dec
lan
Fla
nag
an
Qu
alit
y &
Saf
ety
Co
mm
itte
e
IF proper clinical practice is
not followed
THEN there may be serious
clinical incidents
LEADING TO patient harm
and damage to reputation
Serious incident
reporting
• Robust clinical governance
arrangements exist.
• Generally good clinical
procedures and guidelines are in
place.
• The level of serious incidents
remains fairly consistent from
year to year and very low
compared to other trusts
• Revised WHO checklist process
in place
3 3 9 • Serious incidents and
never events have
occurred in areas
thought to be controlled
• To be determined 3 2 6
2 M
ar 2
01
7
1 J
ul 2
01
7
9 9 9 Quality and safety
committee
2 • WHO checklist not
consistently
followed
• Monthly audits taking
place (ADw, Aug 2017)
21
Stev
en D
avie
s
IF the City Rd estate is not
maintained effectively
THEN this could lead to
operational or service
failure
LEADING TO poor patient
care, loss of income or
damage to reputation
Capital programme
and oversight group
• Backlog and other maintenance
programme embedded in
working practices of estates team
• System in place to monitor
compliance and delivery
3 3 9 • Approval of land purchase
(JM, Dec 17)
3 3 9
22
Ju
n 2
01
7
1 O
ct 2
01
7
12 9 9 Quality and safety
committee
2
39
Peo
ple
Sally
Sto
rey
Peo
ple
, Div
ersi
ty a
nd
Ed
uca
tio
n C
om
mit
tee
IF Brexit affects
recruitment and retention
THEN there may be staff
shortages and skills gaps
LEADING TO poor patient
care or a reduction in
income
Feedback from
affected staff
• Currently recruitment is open
world-wide and is not restricted
to EU applicants
• CEO message of support to all
EU staff
• CEO and HRD engaged in
influencing ministers through
various national groups
• seminars arranged for EU staff
to provide legal advice about
residency
• Nursing strategy actions to
improve ability to recruit nurses
Extra resource added to support
retention
3 3 9 • Regular communications to
affected staff (SSt, tbc)
3 2 6
23
Ju
n 2
01
7
1 O
ct 2
01
7
9 9 9 Management executive 1
40
Stev
en D
avie
s
Qu
alit
y &
Saf
ety
Co
mm
itte
e
IF there is inconsistent
management of the estate
across the network
THEN there may be a
failure to meet statutory
obligations for the
management of estate
related issues
LEADING TO poor patient
experience, loss of income
or damage to reputation
• System in place for recording
statutory and mandatory
compliance and identifying where
areas of non-compliance exist.
• Some leases are in place (incl.
St George's)
• Compliance assurance sought
regularly from host trusts
• Interim compliance officer
appointed
3 3 9 • Effective (e.g.
enforceable) leases in
place across the
network
• Convert existing agreements
to leases (CH, Jan 18)
3 2 6
22
Ju
n 2
01
7
1 O
ct 2
01
7
12 9 9 Quality and safety
committee
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
42
Stev
en D
avie
s
IF the cost of new
technology or treatments is
not cobvered by tariff or
pass-through
THEN treatmeents may not
be available or need to be
funded from elsewhere
LEADING TO poor patient
experience or pressure on
trust finances
• Engage with commissioners to
give notice of forthcoming
funding pressures
3 3 9 • Arrange meeting with R&D to
improve notice for forthcoming
funding pressures (SD, Aug
17 )
3 2 6
22
Ju
n 2
01
7
1 O
ct 2
01
7
9 9 9
44
Peo
ple
Sally
Sto
rey
Peo
ple
, Div
ersi
ty a
nd
Ed
uca
tio
n C
om
mit
tee IF the introduction of IR35
affects the trust's ability to
retain key agency and
interim staff
THEN there may be staff
shortages and skills gaps
LEADING TO poor patient
care, a loss of income or a
delay in implementing
projects
HM Treasury and NHSI
guidance
• Management executive have
reviewed all temporary staff
falling under new arrangements
• Agency staff have been moved
to bank or payroll in many cases
3 3 9 None No further mitigations at this
stage
3 3 9
23
Ju
n 2
01
7
1 O
ct 2
01
7
12 9 9 • Management executive 3
52
Joh
n Q
uin
n
IF cancer pathway is not
clear or patients exercise
their choice
THEN national cancer
treatment targets may not
be met
LEADING TO poor patient
care, damage to reputation
and potential regulatory
intervention
NHSI licence condition • Regular performance meetings
within the service to monitor the
target and develop plans to
deliver the target. NHSE are
invited to these and minutes
shared with them.
• Staff now encourage patients to
attend by highlighting the
urgency of these referrals.
3 3 9 Plan to improve cancer
services
• Project to develop process
improvement (JQ, tbc)
3 3 9
16
Mar
20
17
1 J
ul 2
01
7
9 9 9 Board (through the IPR) 2
53
Joh
n Q
uin
n
IF medical records are
missing or not available
THEN there may be delays
in treatment
LEADING TO poor patient
experience, low staff
morale and damage to
reputation
• Better PAS guidance on case
note tracking.
• Correct preparation of medical
records.
• Strict authorisation policy for
the use of temporary records.
• Biggest improvement is arising
from the A&C review and the
formation of a closed library.
• Healthcare operational group is
monitoring records at SGH and
City Rd
3 3 9 • Changes to medical
records management
• Business plan for outsourcing
of patient records (tbc, Aug
17)
3 2 6
16
Mar
20
17
1 J
ul 2
01
7
9 9 9
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
54
Trac
y Lu
cke
tt
IF there are no written
safeguarding arrangements
between Moorfields and
the local safeguarding
teams.
THEN there may be
inconsistency across the
network
LEADING TO poor patient
care, reputational damage
and potential regulatory
intervention
Director of nursing and
allied health
professions
• Flow charts within SGA and SGC
policy for all satellite units have
been produced and
implemented.
• Up to date policies that explain
the processes of who to contact if
a child or an adult is deemed as
vulnerable
3 3 9 • Incorporation of MEH
safeguarding processes
with network hosts
• Written agreement (SLAs)
with host satellites to ensure
processes are in place and
working (JM, Mar 18 )
3 2 6
23
Ju
n 2
01
7
1 O
ct 2
01
7
12 9 9 Director of nursing and
allied health professions
1
55
Elis
a St
eele
IF imaging equipment at
satellites fails
THEN data may not be
backed up
LEADING TO increased,
costs, clinical risk or
damage to reputation
IT Risk assessment • Monitoring programme
developed for Open Eyes to
check connectivity
• Procedures defined with EBME
3 3 9 • Completion of asset
revalidation
• Alternative
connection mechanisms
• Audit all equipment, ensure
asset register correct and
confirm network connectivity
(ES, Aug 17)
3 2 6
14
Ju
l 20
17
1 O
ct 2
01
7
12 9 9 Digital infirmation strategy
board
1
61
Peo
ple
Sally
Sto
rey
IF retention is not
improved
THEN there may be staff
shortages and skills gaps
LEADING TO high agency
spend, poor patient care,
or a reduction in income
Workforce KPIs on
turnover
• KPIs reported monthly to
directorates and departments;
local action plans; nursing
strategy actions
• Detailed understanding of the
drivers of high turnover
weekly staff bulletin shows
current vacancies
3 3 9 • Actions arising from
report
• Action plan to follow
analysis; improved on-
boarding processes; career
clinics for staff wanting to
progress within the trust;
(SSt, Sep 17)
3 2 6
23
Ju
n 2
01
7
1 O
ct 2
01
7
9 9 6 Board (through the IPR) 2
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
78
Car
e
Joh
n Q
uin
n
Qu
alit
y &
Saf
ety
Co
mm
itte
e
IF the preparation and
systems are not effective
THEN the outcome of the
CQC inspection of
Moorfields Private may not
be as required
LEADING TO regulatory
intervention, loss of
income or damage to
reputation
Company Secretary • Previous CQC inspection of
GOOD
• Action plan in place
• Approval of additional resource
to manage project
3 3 9 • Appointment of
project manager
• Interim project manager
being sourced (MD, Jul 17)
3 1 3
17
Ju
l 20
17
1 O
ct 2
01
7
New
ris
k
9 9 Quality and safety committee 2 • Confirmation of
CQC inspection date
47
Res
earc
h
Pen
g K
haw
IF high quality research
staff cannot be engaged
THEN research activities
will not be fulfilled
LEADING TO withdrawal of
funding or damage to
reputation
Director of research
and development
• Programme underway led by
Dep CD of Clinical Research
Facility, Dr Richard Lee and Mr
Praveen Patel to work with peers
to champion research
involvement.
2 4 8 • Review incentives, reward
and recognition for this
endeavour. (PK, Apr 17)
• Assess effectiveness of
revised incentives on
engagement (MH, Oct 17)
• Engage SIS programme to
align operational and research
activity (MH, Mar 17)
2 4 8
12
Jan
20
17
1 J
ul 2
01
7
8 8 8 Director of research and
development
1
48
Car
e
Trac
y Lu
cke
tt
IF there is insufficiently
skilled paediatric trained
staff
THEN then there may be
non-compliance with NSF
and CQC standards
LEADING TO poor patient
experience, potential
regulatory intervention or
damage to reputation
• Play specialist available for one
paediatric clinic per week.
• All staff trained to a minimum
of level 2 in child protection and
key staff trained to level 3
• Separate waiting areas for
children and adults
• Specialist staff appointed
2 4 8 • Appropriate specialist staff
start (TL, Sep 17)
• Ensure any new facility will
be designed and built with
dedicated separate children's
space. (JQ/CH tbc)
1 4 4
9 M
ar 2
01
7
1 J
ul 2
01
7
10 8 8
49
Trac
y Lu
cke
tt
Qu
alit
y &
Saf
ety
Co
mm
itte
e
IF inpatient wards are not
designed or managed
properly
THEN the trust will breach
mixed sex accommodation
standard
LEADING TO a poor patient
experience, reputational
risks and potential
regulatory intervention.
• Staff are as flexible as possible
to ensure minimal breaches by
full use of the side rooms
• Reported through the IPR
2 4 8 • Configuration of Duke
Elder ward limits
flexibility
• Duke Elder ward is being
refurbished as part of the St
George's development ( SD,
Dec 17 )
2 1 2
23
Ju
n 2
01
7
1 O
ct 2
01
7
8 8 8 Board (through the IPR) 2 • Ensure design is
suitable
• Ensure
development work
is on track
• Confirmation of decant
arrangements for
refurbishment (JQ, Jul 17)
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
60
Kn
ow
led
ge S
har
ing
Dav
id P
rob
ert
IF an education director is
not appointed
THEN there is a risk that
progress to deliver the
strategy will be delayed
LEADING TO lack of
opportunity to develop and
exploit education in trust
and beyond
Strategy refresh Apr
2017
• Key actions are being addressed
by Dir of HR, Dir of Nursing and
Med Dir
• Robust job description and
person specificatio in place
2 4 8 • Recruitment process
underway (SSt, Aug 17)
2 1 2
New
ris
k
1 O
ct 2
01
7
New
ris
k
8 8
1
Ian
To
mb
leso
n
IF the trust does not meet
its statutory obligations in
relation to health & safety,
fire, infection control etc.
THEN there could be
breaches in standards and
other failures
LEADING TO regulatory
intervention or patient
harm.
Statutory obligations • Controls exist through
management oversight groups,
for example fire safety and
infection control.
• The large majority of policies
are up to date and obligations are
met.
• Scrutiny and challenge by the
audit and risk committee, the
quality and safety committee and
the board.
• CQC rating of 'good' achieved
• Reduced fire risk re medical
records storage at City Road (see
risk O2)
• Permanent Head of Legal
Services in post
4 2 8 • Backlog maintenance
is covered under risk
C21.
4 2 8
13
Ju
l 20
17
1 O
ct 2
01
7
8 8 8 Quality and safety
committee
3
2
Joh
n Q
uin
n
IF medical records are not
stored appropriately
THEN there is a fire risk
LEADING TO damage to the
building, disruption In
service and risk to patients
and staff
Directors' walk round • Medical records have been
organised better to reduce the
possibility of combustion (min
30cm from heat source).
• Business case developed to re-
provide medical records storage
off site.
4 2 8 • Long term off-site
storage solution
• Reduce reliance on
paper (introduce
electronic document
management system)
• Identification of off site
solution for City Rd (JQ, Sep
17)
• Business case for EDM to be
approved (JQ, Oct 17)
4 1 4
27
Ju
n 2
01
7
1 O
ct 2
01
7
8 8 8 Management group 1 • External fire
inspection
• Fire inspection due
(CH, Oct 17)
5
Dav
id P
rob
ert
IF the trust fails to meet its
licence conditions
THEN there could be
regulatory intervention
LEADING TO financial
pressure and a restriction
on the trust's ability to
operate.
Foundation trust
licence
• The trust maintains a financial
surplus.
• There are no potentially serious
breaches to the trust's licence
• CQC rating of 'good' achieved
4 2 8 • Report from Deloitte review
of corporate governance (DP,
Aug 17)
4 1 4
18
Ju
l 20
17
1 J
ul 2
01
7
9 8 6 External audit
NHSI
3
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
6
Car
e
Joh
n Q
uin
n
IF there is a major internal
or external incident (e.g.
fire, flood, power failure
etc.)
THEN trust services could
be disrupted
LEADING TO poor patient
care, a reduction in income
or damage to the trust's
reputation
Business continuity
planning assessment
• The Trust has an emergency
response policy.
• Business continuity plans are in
place and subject to regular multi-
disciplinary exercise programme.
• Senior leaders receive briefings
from the emergency planning
lead as required
• Building maintenance
programme
• Regular inspections
• The Trust has been externally
audited and is rated 'good' for
EPRR preparedness.
4 2 8 None 4 2 8
27
Ju
n 2
01
7
1 O
ct 2
01
7
8 8 8 Emergency planning group 1 • Board awareness
of arrangements
• Board training session
to be held (JQ, Sep 17)
28
Joh
ann
a M
oss
IF there is no proactive
consideration given to
communications or
dedicated communicaions
resource
THEN communication may
be uncoordinated or not
considered
LEADING TO damage to
reputation
Director of strategy
and business
development
• Governance arrangements
utilise monitoring/feedback
controls and assurances etc. to
ensure that the organisation is
sensitive to changes and can
respond accordingly.
• The Trust maintains a financial
surplus.
• Communications team active,
e.g. built good relationships with
key journalists
4 2 8 • See risks C5, C6, C9, C10, C18,
C41, O1
• Co-ordinate and align
reputation management across
Moorfields NHS and
commercial divisions (JM, Sep
17)
4 2 8
13
Ju
l 20
17
1 O
ct 2
01
7
8 8 8
30
Infr
astr
uct
ure
Elis
a St
eele
Stra
tegy
& In
vest
men
t C
om
mit
tee IF OpenEyes cannot be
developed into a viable
system
THEN the trust will not
have an effective medical
records system
LEADING TO clinical risk,
loss of income and damage
to reputation
IT risk assessment • Support outsourced to third
party company.
• Current development
outsourced to third party
company.
•Outline Business Case for
strategic EMR approved
• EMR procurement confirmed
4 2 8 • Implement phase 1 (ES, Jul
18)
4 1 4
14
Ju
l 20
17
1 O
ct 2
01
7
12 8
Rep
lace
d b
y ri
sk 7
7
Programme steering group 1
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
36
Ente
rpri
se
Mar
ian
o G
on
zale
z
Stra
tegy
& In
vest
me
nt
Co
mm
itte
e
IF there is a major IT
problem affecting UAE
operations
THEN clinical activity may
be affected
LEADING TO loss of income
or damage to reputation
• Moorfields Abu Dhabi uses IT
infrastructure of UEMS (MEH
partner in AD)
• 3 levels of backup in place
(RAID, offsite tape, and UK-based
servers)
• Paper based clinical record
system is on standby.
• A capacity assessment process
for the current servers is
currently in place.
• Back up is in place and aligned
with Health Authority of Abu
Dhabi and UEMS policies and
procedures.
• Data connectivity in place
between all UAE sites
4 2 8 Offsite duplicate server
backup (not currently
being pursued)
4 1 4
1 J
ul 2
01
7
8 8 8 Commercial director 1 Independent
assessment of
arrangements
37
Ente
rpri
se
Mar
ian
o G
on
zale
z
Qu
alit
y &
Saf
ety
Co
mm
itte
e
IF clinical practices in the
UAE are not managed
effectively
THEN there may be serious
clinical incidents
LEADING to patient harm
loss of income and damage
to reputation
Medical director • Maintaining high clinical
standards,
• Reporting incidents early and
being open and transparent with
regulator.
• Good links with Moorfields in
London
• Ensuring that lessons are
learned where necessary.
• Implementation and
consolidation of Clinical
Governance practices in MEHD
and MEHCAD.
4 2 8 4 2 8
11
Jan
20
17
1 J
ul 2
01
7
8 8 8 Commercial director 1
38
Ente
rpri
se
Joh
n Q
uin
n
Stra
tegy
& In
vest
me
nt
Co
mm
itte
e
IF the growth in Moorfields
Private is not to plan
THEN there will not be
sufficient revenue
generated
LEADING TO pressure on
trust finances elsewhere
• The business is mature.
• An LLP has been developed
which is supported by the
majority of consultants and this
may develop further into new
operating arrangements.
• A substantial expansion has
taken place at the Moorfields
Private Outpatient Centre, Bath
Street
• Business case approved for
Moorfields Private development
4 2 8 4 1 4
27
Ju
n 2
01
7
1 O
ct 2
01
7
8 8
Me
rge
wit
h r
isk
4
Strategy & Investment
Committee
2
41
Car
e
Ian
To
mb
leso
n
Qu
alit
y &
Saf
ety
Co
mm
itte
e
IF the trust does not
adhere to current policies
or the CQC action plan is
not implemented at
sufficient pace
THEN clinical standards
may not be met
LEADING TO patient harm
and a failure to maintain a
CQC rating of 'good'
CQC licence • Action plan process in place
• Widespread communications
about need to address concerns
in CQC report
• Quality summit held
• Robust process for
implementing action plan
• CQRG monitoring of action plan
• Implemented more than 50% of
actions
4 2 8 • Implement action plan (IT,
Mar 18)
4 2 8
13
Ju
l 20
17
1 O
ct 2
01
7
8 8 8 Quality and safety
committee
2
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
46
Car
e
Ian
To
mb
leso
n
Qu
alit
y &
Saf
ety
Co
mm
itte
e
IF there are staff shortages,
commissioner or regulator
concerns, serious incidents
or never events
THEN the CQC registration
may be revoked or
significant conditions
attached
CQC licence • Improved outcomes data,
• Low numbers of SIs,
• Good FFT responses
• Quality Partner model provides
local support to drive quality and
safety.
• CQC rating of 'good' achieved
4 2 8 • Report from Deloitte review
of corporate governance (DP,
Aug 17)
4 1 4
13
Ju
l 20
17
1 O
ct 2
01
7
8 8 4 Quality and safety
committee
CQC engagement meeting
3
74
Po
licy
Joh
ann
a M
oss
IF the trust does
appropriately consider or
co-ordinate its involvement
in policy development
THEN the trust may get
unconsciously involved in
contentious areas of policy
or expend effort in low
priority areas
LEADING TO damage to
reputation
Strategy refresh Apr
2017
4 2 8 • Lack of oversight and
co-ordination in policy
development.
• Delivery of 'current state'
report (JM, Oct 17)
• Board to agree policy
priorities and approach to
policy activity (JM, Dec 17)
4 1 4
13
Ju
l 20
17
1 O
ct 2
01
7
New
ris
k
8 8
75
Res
earc
h
Pen
g K
haw
Qu
alit
y &
Saf
ety
Co
mm
itte
e
IF research governance is
not robust
THEN there may be clinical
or operational risks that
are not managed or
escalated appropriately
LEADING TO harm to
patients, withdrawal of
funding or damage to
reputation
Quality and safety
committee
• Research quality management
system
4 2 8 • Non-research doctor
to chair research
governance committee
• Medical director to chair (DF,
Oct 17)
4 1 4
13
Ju
l 20
17
1 O
ct 2
01
7
New
ris
k
8 8 Quality & safety committee 2 • Regular reporting
from research
fovernance
committee to
quality & safety
committee
• Regular reporting to
commence (MH, Oct 17)
77
Infr
astr
uct
ure
Elis
a St
eele
Stra
tegy
& In
vest
men
t C
om
mit
tee IF the EMR project is not
implemented effectively
THEN a new medical
records system will not be
delivered in a timely
manner
LEADING TO increased
costs and clinical risk or
damage to reputation
EMR Programme
board
• EMR programme governance
arrangements in place
• Provider due diligence carried
out prior to contract award
• Clinical engagement being
marshalled by CCIO
• Additional resource
requirements identified
4 2 8 • Completion of
procurement of
additional resource
• Recruitment of additional
resource to support
implementation (ES, Sep 17)
4 2 8
14
Ju
l 20
17
1 O
ct 2
01
7
New
ris
k
8 8 Strategy & Investment
Committee
2
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
47
Car
e
Trac
y Lu
cke
tt
IF the organisation does
not consistently follow the
principles of the Mental
Capacity Act 2005
THEN care may be given
inappropriately
LEADING TO poor patient
care, reputational risk and
legal challenge
MCA 2005 • Policy and procedure around
the Mental Capacity Act 2005 in
place including the use of a
specific recording tool for staff.
• Basic awareness training
including “lunch time” sessions;
formal training at clinical
governance committee days are
taking place
• Reported as part of
safeguarding training compliance
through IPR
• 'Mental Capacity Assessment
Pocket Prompts' for all clinical
staff.
2 3 6 None • Establish Safeguarding
champions; (TL, Sep 17)
2 3 6
23
Ju
n 2
01
7
1 O
ct 2
01
7
6 6 6 Director nursing and allied
health professions
Board (through IPR)
2 • Test compliance • Evaluate the results of
the audit carried out (TL,
Aug 17)
10
Car
e
Dec
lan
Fla
nag
an
Qu
alit
y &
Saf
ety
Co
mm
itte
e
IF the trust fails to identify
or address poor clinical
practice
THEN there could be
multiple serious incidents
LEADING TO patient harm,
regulatory intervention or
damage to reputation
CQC registration • Deanery review in Jun 2015
confirmed excellent SPR medical
training in City Rd and North
London sites.
• Deanery review in Apr 16
confirmed SPR medical training
standards at St George's
• Robust incident and complaints
systems are in place .
• Mandatory annual appraisal in
place meets GMC standards.
• Sub-speciality structure with
each monitoring against outcome
measures
• All national standards (e.g. RTT,
A&E etc.) met
3 2 6 No further mitigations at this
stage
3 2 6
2 M
ar 2
01
7
1 J
ul 2
01
7
9 6 6 Quality and safety
committee
2
14
Fin
ance
Stev
en D
avie
s
Fin
ance
co
mm
itte
e
IF there is a significant
lapse in financial
stewardship or governance
THEN this could lead to
regulatory intervention
LEADING TO reduction in
the trust's flexibility to
operate
Foundation trust
licence
• Good controls are in place.
• SOs and SFI revised regularly.
• Comprehensive internal audit
plan.
• Integrated budgeting &
business planning for 2016/17
and 2017/18.
• Capital planning controls in
place
• Internal audit review of
financial systems
• SFIs reviewed
3 2 6 • Improved compliance
with SFIs
• Further controls being
implemented for reporting
(SD, Sep 17) and procurement.
(SD, Mar 18)
• Re-design of SFIs to make
them more user friendly (SD,
Oct 17)
3 1 3
22
Ju
n 2
01
7
1 O
ct 2
01
7
9 6 6 Internal audit 3 Internal audit
review
• Internal audit of
governance & controls
compliance, effective
financial reporting (SD,
Mar 18)
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
15
Peo
ple
Sally
Sto
rey
Peo
ple
, Div
ersi
ty a
nd
Ed
uca
tio
n C
om
mit
tee
IF there external factors
(e.g. pay restrictions,
imposed contracts etc.), or
internal factors (e.g.
redundancies) affecting
industrial relations
THEN this could lead to
industrial action
LEADING TO poor patient
care, a reduction in income
or damage to the trust's
reputation
Intelligence from
trust's joint staff
committees
• Local and National employee
relations policies in place to limit
extent of any serious action.
• Employee engagement
practices, including internal
communications in place.
• On-going formal and informal
engagement with staff and
unions through JSCC or as
required.
• Industrial action contingency
plan included in business
continuity plans.
• Tighter legal controls imposed
for strike ballots
• Ongoing horizon scanning
3 2 6 None 3 2 6
23
Ju
n 2
01
7
1 O
ct 2
01
7
6 6 6 People education and
diversity committee
2 None
23
Peo
ple
Dec
lan
Fla
nag
an
Peo
ple
, Div
ersi
ty a
nd
Ed
uca
tio
n C
om
mit
tee IF the educational
standards of trainees are
not maintained
THEN sufficient MPET
funding may not be
attracted
LEADING TO loss of income
and damage to reputation
Medical director • Re-visit by Deanery in April
2016 noted improvements on
previous cause for concern
report in June 2015.
• 2016 national trainee survey of
trainees outcome 'satisfactory'
3 2 6 3 2 6
2 M
ar 2
01
7
1 J
ul 2
01
7
6 6
De-
esca
late
d
Medical director
Management executive
1 • 2017 national
trainee survey
results
• 2017 national trainee
survey due to be
reported (MD, Jul 17)
29
Elis
a St
eele
IF there are high vacancy
rates in IT with reliance on
key members of staff
THEN service and project
delivery may be affected
LEADING TO loss if income,
clinical risk and loss of
reputation
CIO • Contractors fill key roles.
• Temporary bank contracts to
cover key projects, e.g. EMR
3 2 6 • Appoint to key vacant posts,
use head hunters. (ES, Oct 17)
• Recruit contract staff to
bank.(ES, Sep 17)
• Outsource certain aspects of
deployment where appropriate
(ES, Jun 17)
3 2 6
14
Ju
l 20
17
1 O
ct 2
01
7
12 6
De-
esca
late
d
DISB 1
45
Joh
n Q
uin
n
IF there is poor
management or increasing
demand against capacity
THEN national treatment
targets may not be met
LEADING TO poor patient
experience, damage to
reputation or potential
regulatory intervention
NHSI licence condition • A new RTT weekly rhythm has
been put in place with prescribed
activities during the week to
oversee access for patients with
the regulatory times. This is
directly overseen by the COO.
• Divisional performance
management meeting
3 2 6 None No further mitigations at this
stage
3 2 6
27
Ju
n 2
01
7
1 O
ct 2
01
7
6 6
De-
esca
late
d
Internal audit 3
BOARD ASSURANCE FRAMEWORK AND CORPORATE RISK REGISTER
QUARTER 1 UPDATER
isk
Re
f
Co
rpo
rate
Ob
ject
ive
Exe
cuti
ve
Ow
ne
r
Co
mm
itte
eRisk Description Source of risk Existing Controls
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore Gaps in Controls
Further Controls
(who, by when)
Co
nse
qu
en
ce
Like
liho
od
Ris
k sc
ore
Last
re
vie
w
Ne
xt R
evi
ew
Pre
vio
us
sco
re
Cu
rre
nt
sco
re
Ne
xt s
core Source of Assurance
Ass
ura
nce
leve
l
Gaps in Assurance(ref no. of further
assurance)
Further assurances
(who, by when)
Gaps in AssuranceDate TrendReference Gaps in Controls Existing assuranceCurrent Residual
58
Res
earc
h
Pen
g K
haw
IF there is insufficient
capacity of doctors and
other professions for
research
THEN not enough patients
will be able to take part in
reseaacrh studies
LEADING TO withdrawl of
funding or damage to
reputation
Strategy refresh Apr
2017
• Feasibility conducted and risk
analysis for every new study
• Performance monitored every 2
weeks and remediation plans are
put in place to mitigate / address
shortfalls and additional needs
identified.
3 2 6 • Dedicated research
time allocated
• Dr Richard Lee and Mr
Praveen Patel to work with
peers to champion research
involvement. (PK, Dec 18)
3 1 3
New
ris
k
1 O
ct 2
01
7
New
ris
k
6 6 Director of research and
development
1
34
Ente
rpri
se
Mar
ian
o G
on
zale
z
Stra
tegy
& In
vest
men
t C
om
mit
tee
IF the licence to operate is
revoked for Moorfields
Dubai
THEN the trust will not be
able to treat patients
LEADING TO loss of income
and damage to reputation
• CPQ registration confirmed
• More mature and structured
processes are in place, including
visits from MEH staff.
• A full time quality manager and
a medical director facilitate
reporting to CPQ
• Formal internal audit with a
dedicated person responsible for
the process.
• Recently appointed Head nurse
from MEH .
4 1 4 4 1 4
12
Ju
n 2
01
7
1 J
ul 2
01
7
8 4
De-
esca
late
d
Centre for Planning and
Quality, Dubai (CPQ)
3
35
Ente
rpri
se
Mar
ian
o G
on
zale
z
Qu
alit
y &
Saf
ety
Co
mm
itte
e
IF the licence to operate is
revoked for Moorfields Abu
Dhabi
THEN the trust will not be
able to treat patients
LEADING TO loss of income
and damage to reputation
Health Authority of
Abu Dhabi
•MEHCAD has obtained all the
mandatory and required
operating and commercial
licenses to operate an eye care
facility in Abu Dhabi (April 2016).
• The regulatory body for
healthcare in AD is the Health
Authority of Abu Dhabi. HAAD
sets the standards for healthcare
facilities, clinical services and
professional licenses.
• The Joint Venture has a
dedicated team in place to
oversee and coordinate the
licenses of the facility, both,
clinical and commercial.
4 1 4 4 1 4
11
Jan
20
17
1 J
ul 2
01
7
8 4
De-
esca
late
d
Quality and safety
committee
2