Public Board of Directors papers 27.01.22

7.0 SUPPORTING POLICY 7.1 Board Assurance Framework

The board assurance framework (BAF) records those risks associated with the delivery of strategic objectives and documents the controls in place to manage those risks, any gaps in those controls, the assurance of the controls in place and any gaps in assurance. The BAF links with the corporate risk register and allows the Board to determine where to make efficient use of resources to improve quality and safety of care. It provides a structure for the evidence to support the production of the annual governance statement. The BAF is monitored by the audit and quality assurance committees and the Board of Directors at each meeting. The Company Secretary is the Custodian of the BAF. 8.0 LEVELS OF RISK MANAGEMENT ACROSS THE TRUST Risk information is collated within the Datixweb system and is monitored and addressed at three levels across the Trust. The updating of risk information within Datixweb and the underpinning risk assessments is an on-going process managed in real time. 8.1 Board & corporate level The Board of Directors is informed of the ‘significant risks’ that are key to the delivery of the strategic objectives. These are held on the Board Assurance Framework which is reviewed at each of the Board meetings and at Audit and Quality Assurance Committee meetings. The Board and the risk and quality governance committee receive a ‘Key Risks Report’, on a monthly basis as part of the integrated performance report. All risks graded 15 and above must be reported to the Board within the monthly key risks report. A risk score, although not a precise measure, aids identification of the most serious risks. The corporate risk register contains those risks identified through corporate and departmental/ward risk assessments processes and which are thought to have a potential impact across the whole of the Trust or are a threat to the delivery of strategic objectives. Risks within the corporate risk register are managed by the Trust individual with that risk within their sphere of responsibility. However, the corporate risk register is the responsibility of the Board of Directors and is maintained by the Quality and Standards team. The Key Risk Report is submitted to the R&QGC on a monthly basis for discussion and noting. Any risks that cannot be controlled and involve substantial risk to achieving the corporate objectives are escalated to the Board and added to the Board Assurance Framework via the lead officer for R&QGC. 8.2 Divisional level Risks that score 10+, or form a trend as identified by the divisional risk registers, will be addressed by the divisional board meetings on a monthly basis. Any risks which cannot be controlled locally are escalated to R&QGC and Management Board via the ‘Key Risks Report’ and exception report. 8.3 Clinical and non-clinical departmental level The clinical and non-clinical departmental management teams will risk assess any issues pertinent to their areas and maintain and monitor risk registers, managing risks scored 1-9. Risk assessment will be completed in line with the Trust guidance using the Trust’s risk assessment template. Matrons and senior managers will escalate risks graded 10 and above for discussion at Divisional Boards

Risk management strategy and Policy 2021-2024 Document ref: RM01 Version 04

Page 15 of 38

76