Corporate Risk Register Dashboard Reporting
This illustrative example of a corporate risk register dashboard developed by NHS Providers showcases key risks related to the provider's Risk Management Framework. It includes details on risk appetite, response strategies, risk scores, trends, and more, meant for confidential and internal use only.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Corporate Risk register Dashboard Reporting Period (Month / Year) Key risks arising from the provider s Risk Management Framework supplemented by a set of appendices Author Role Date (Month Year) Confidential and Internal use only This corporate risk register dashboard is an illustrative example developed by NHS Providers using industry good practice templates from across the sector. This example dashboard should be refined to meet individual Trust Board requirements. 1 Confidential
Corporate Risk Register Dashboard Risk Appetite: Key: Risk Response: Averse Avoidance of risk and uncertainty is key objective. Treat The risk is being managed and the mitigation plan is being implemented. Improving Trend Minimal Preference for safe options that have a low degree of inherent risk. Unchanged Trend Tolerate Accept that all possible mitigations have been implemented from the Trust and the risk has to be tolerated until further mitigations that are dependent on external stakeholders are implemented. Cautious Preference for safe options that have a low degree of residual risk. Deteriorating Trend Open Willing to consider all options and choose one that is most likely to result in successful delivery. IRS Inherent Risk Score RRS Residual Risk Score (Current) Transfer The risk can be transferred to a third party (e.g. insurance). Eager Eager to be innovative and to choose options that suspend previous held assumptions and accept greater uncertainty. TRS Target Risk Score Terminate The risk is too severe and the Executive has decided to terminate the activity that is causing it (most of the time, this is not an option). Risk ID CQC Domain / Other Source Risk Type & Category Risk Description Lead Director Risk Score Trend Inherent Residual Target Risk Score Consequence impact on Risk Risk Last Appetite Response reviewed Q1 Q2 Q3 Q4 e.g. There is a risk that <risk event> as a result of <cause> which may lead to <impact>. IRS RRS TRS TRS Date last agreed: Month-Year e.g. There is a risk that <risk event> as a result of <cause> which may lead to <impact>. IRS RRS TRS TRS Date last agreed: Month-Year e.g. There is a risk that <risk event> as a result of <cause> which may lead to <impact>. IRS RRS TRS TRS Date last agreed: Month-Year 2 Confidential
Corporate Risk Register Dashboard Risk ID CQC Domain / Other Source Risk Type & Category Risk Description Lead Director Risk Score Trend Inherent Residual Target Risk Score Consequence impact on Risk Risk Last Appetite Response reviewed Q1 Q2 Q3 Q4 e.g. There is a risk that <risk event> as a result of <cause> which may lead to <impact>. IRS RRS TRS TRS Date last agreed: Month-Year e.g. There is a risk that <risk event> as a result of <cause> which may lead to <impact>. IRS RRS TRS TRS Date last agreed: Month-Year e.g. There is a risk that <risk event> as a result of <cause> which may lead to <impact>. IRS RRS TRS TRS Date last agreed: Month-Year e.g. There is a risk that <risk event> as a result of <cause> which may lead to <impact>. IRS RRS TRS TRS Date last agreed: Month-Year e.g. There is a risk that <risk event> as a result of <cause> which may lead to <impact>. IRS RRS TRS TRS Date last agreed: Month-Year 3 Confidential
APPENDICES - Corporate Risk Register Dashboard - Guidance Column Heading Guidance Example Risk ID A unique identifier for each risk should be assigned. e.g. Risk001 CQC Domain One or more of the five questions that the CQC ask of all services they inspect, as follows: Safe: you are protected from abuse and avoidable harm. Effective: your care, treatment and support achieves good outcomes, helps you to maintain quality of life and is based on the best available evidence. Caring: staff involve and treat you with compassion, kindness, dignity and respect. Responsive: services are organised so that they meet your needs. Well-led: the leadership, management and governance of the organisation make sure it's providing high-quality care that's based around your individual needs, that it encourages learning and innovation, and that it promotes an open and fair culture. Other source has also been added to allow these to be recorded, e.g. Quality, Finance etc. e.g. Caring, well-led Risk Description (Risk Category) The risk description should be clearly recorded. Each risk description should outline the risk event, the cause(s) and the impact that could result from reasonable worst-case scenario of the risk. A shorter risk title should be provided in addition to the longer more complete risk description. The risk category, e.g. information & cyber security risk, should also be referenced. e.g. There is a risk that the Group may fail to respond effectively following the total loss / failure of a key supplier or the supplier is unable to deliver the contracted service, leading to unavoidable / avoidable business disruption, customer service impacts and potential financial loss. Lead Director Role that is accountable for the identification, management and response to the risk exposure. e.g. Chief Operating Officer Risk Score Trend The direction that the risk score has moved since it was last reviewed. The trend should be shown as improving, deteriorating or remaining unchanged. Ideally trend should show over previous 12 months, where appropriate. e.g. Inherent - Residual - Target Risk Score A score and RAG-based assessment of each risk exposure, as follows: IRS: Inherent Risk Score / RRS: Residual Risk Score (Current) / TRS: Target Risk Score The score for each risk should be reviewed at least annually in line with the Trust Board s review of risk appetite. e.g. IRS RRS TRS TRS Date last agreed: Month-Year: Nov-22 16 12 6 Consequence impact on The impact or consequence that could be felt should a risk exposure occur. See impact types set out in Risk Scoring Matrix (see appendices). e.g. Patient, reputational Risk Appetite The risk appetite for the applicable risk category should be set out. These should align to the provider s approach to risk appetite, e.g. averse; minimal; cautious; open; and eager. e.g. Cautious Last reviewed The date when the risk exposure was last assessed. e.g. Nov-22 4 Confidential
APPENDICES - Risk Scoring Matrix Patient Reputational Financial Workforce Legal / Regulatory Breach of regulation Prolonged failure or severe disruption of multiple services Widespread permanent loss of patient trust and public confidence threatening the Trust s independence / sustainability > 5m directly attributable loss / unplanned cost / reduction in change related benefits Workforce experience / engagement is fundamentally underminedand the Trust s reputation as an employer damaged 5 4 3 2 1 Trust put into Special Administration / Suspension of CQC registration Multiple deaths caused by an event; major impact on patient experience Catastrophic Hospital closure Civil/Criminal Liability > 10m Prolonged failure or severe disruption of a single patient service Prolonged adverse social / local / national media coverage with serious impact on patient trust and public confidence 1m - 5m directly attributable loss / unplanned cost / reduction in change related benefits Widespread material impact on workforce experience / engagement Breach of regulation likely to result in enforcement action Severe permanent harm or death caused by an event Civil/Criminal Liability < 10m Severe Significant impact on patient experience Consequence Operation of a number of patient facing services is disrupted Sustained adverse social / local / national media coverage with temporary impacton patient trust and public confidence 100k - 1m directly attributable loss / unplanned cost / reduction in change related benefits Site material impact on workforce experience / engagement Breach of regulation or other circumstances likely to affect our standing with our regulators. Moderate harm where medical treatment is required up to 1 year Moderate Civil/Criminal Liability < 5m Temporary disruption to one or more CSUs Resulting in a poor patient experience Operation of a single patient facing service is disrupted Short lived adverse social / local / national media coverage which may impact on patient trust and public confidence in the short term 50k - 100k directly attributable loss / unplanned cost / reduction in change related benefits Department / CSU material impact on workforce experience / engagement Breach of regulation or other circumstances that may affect our standing with our regulators, with minor impact on patient outcomes Minor harm where first aid required up to 1 month. Minor Civil/Criminal Liability < 2.5m. Temporary service restriction Minor impact on patient experience Service continues with limited/no patient impact Short lived adverse social / local / traditional national media coverage with no impact on patient trust and public confidence Nil - 50k directly attributable loss / unplanned cost / reduction in change related benefits Material impact on workforce experience / engagement for a small number of colleagues Breach of regulation or other circumstances with limited impact on patient outcomes. Civil/Criminal Liability < 1m. Limited 3 4 1 2 5 Somewhat Likely Very Likely Extremely Unlikely Unlikely Possible Likelihood 5 Confidential
APPENDICES - Risk Exposure Matrix 5 4 3 2 1 5 15 25 20 10 L L L L L 1 M M L L L 2 H M M L L 3 H H M M L 4 H H H M L 5 Catastrophic 4 20 16 8 12 Severe Consequence 15 9 3 6 12 Moderate 4 10 6 2 8 Minor 3 1 4 2 5 Limited Possible Unlikely Extremely Unlikely Somewhat Likely Very Likely Likelihood 6 Confidential
APPENDICES - Corporate Risk Register Dashboard Risk Types & Categories Level 1 Workforce Risk Operational Risk Clinical Risk Financial Risk External Risk Legal & Governance Risk Capacity Planning Risk Counter-Fraud Risk Workforce Supply Risk Business Continuity Risk Infection Prevention & Control Risk Financial Management & Waste Reduction Risk Partnership Working Risk Workforce Deployment Risk Change Risk Workforce Performance Risk Health & Safety Risk Regulatory Risk Patient Experience Risk Financial Reporting Risk Level 2 Information Governance Risk Patient Safety & Outcomes Risk Revenue Funding & Cash Management Risk Workforce Retention Risk Strategic Planning Risk Research, Innovation & Development Risk Information Security Risk Supply Chain Risk Information Technology Risk Physical Assets Risk 7 Confidential
