Action 1.10

Define the governing body’s responsibility

The governing body is responsible for ensuring the integrity of the organisational risk management system. The governing body should:

• Determine the organisation’s risk appetite and tolerance – that is, the amount and type of risk that an organisation is willing to take to meet its strategic objectives
• Ensure that the organisation’s risk management system is clearly documented in policies, procedures and protocols that define a vision, principles, objectives, practices, responsibilities, resources, outcomes and how outcomes will be measured
• Ensure that enough resources are allocated to the organisation’s risk management system
• Foster an organisational culture that focuses on clinical safety and continuous improvement in identifying and managing risk
• Ensure appropriate integration of clinical and non-clinical risk in all risk systems.

Embed a systems approach to risk management

Embed a systems approach to risk management by:

• Maintaining risk management policies, procedures and protocols that follow best practice, and ensuring that all clinical leaders, managers and other members of the workforce are familiar with them
• Establishing a reliable and systematic process of hazard identification across all areas
• Actively encouraging and supporting the workforce, patients and other stakeholders to report potential or actual risks
• Describing and establishing a mechanism for capturing non-clinical risks in the risk management system
• Maintaining a comprehensive, accurate and current risk register, which can be used as a practical tool for risk management
• Assigning all risks to a ‘risk owner’, who is responsible for managing and monitoring risks, and ensuring that appropriate accountability arrangements are in place
• Ensuring that the organisation has a reliable system to scan for, identify and respond to hazards and risks reported by other organisations (for example, from the scientific literature, government agencies, insurers, coroners, or safety and quality commissions)
• Conducting a planned, systematic program of in-house and external audits or reviews on the design and performance of safety and quality systems, in collaboration with clinicians and consumers, and incorporating this risk audit program into the organisation’s formal audit program
• Ensuring that the risk management system includes strategies, resources and clear accountability for remedying risks
• Making use of clinical registers, if possible
• Systematically providing appropriate information, orientation, education and training to employees and students on using the risk management system, at induction and at regular intervals
• Regularly auditing the risk management system
• Systematically monitoring and assessing performance regarding risk, within a defined performance monitoring framework, at all levels of the organisation, including the governing body and management.

Engage the clinical workforce

The clinical workforce has the best knowledge of, and ability to identify, clinical risks. Foster engagement and participation of the workforce by:

• Regularly providing information about the organisation’s risk management system at orientation, and through ongoing education and training
• Reinforcing information about roles, responsibilities and accountabilities for reporting and managing risk to managers, clinicians and other members of the workforce (for example, by using screensavers, the intranet, newsletters and standing items on meeting agendas)
• Establishing within the committee structure responsibility for systematic risk identification, assessment, review and management
• Using routine meetings as an opportunity to identify and discuss clinical and other safety concerns
• Including patient safety as a standing item on meeting agendas of the governing body and management
• Including questions about patient safety risks in employee culture surveys
• Providing feedback to the workforce and consumers on actions taken to mitigate risks
• Regularly assessing the organisational climate in areas of risk, safety and quality using validated survey tools.

Plan for, and manage, emergencies and disasters

Use the risk management system to prepare for potential emergencies and disaster management. Perform a series of audits to identify potential risks and management opportunities to enable the organisation to respond efficiently and effectively in an emergency. This may involve considering:

• Appropriate infrastructure, such as emergency signage, lighting systems and backup generators
• Workforce training in evacuation systems and emergency drills
• Planning for the coordination of workforce rosters and reporting lines during an emergency
• Planning to support patient transfer internally or externally (to other health service organisations) during an emergency
• Business continuity planning for recovery and returning services to normal following an emergency.

Examples of evidence

Select only examples currently in use:

• Policy documents that describe the processes for implementing and monitoring the risk management system
• Policy documents for emergencies and disasters that describe the reporting lines, and roles and responsibilities of the workforce
• Risk register that includes actions to manage identified risks
• Reports on safety and quality data that are analysed to identify and monitor safety and quality risks
• Data analysis and reports on safety and quality performance trends
• Feedback from the workforce on safety and quality risks, and the effectiveness of the risk management system
• Committee and meeting records regarding oversight of the risk management system, or the review of clinical and other data collections
• Committee and meeting records in which risk, and the appropriateness and accessibility of safety and quality performance information have been discussed
• Audit schedule and reports on compliance with policies, procedures or protocols regarding the health service organisation’s risk management system
• Communication with the workforce and consumers on risks and risk management
• Records of safety and quality performance information published in annual reports, newsletters, newspaper articles, radio items, websites or other local media
• Business continuity plan, or emergency and disaster management plan
• Training documents relating to risk management, and the management of emergencies and disasters, including evacuation and emergency drills.

Define the governing body’s responsibility

The governing body is responsible for ensuring the integrity of the organisational risk management system. The governing body should:

• Determine the organisation’s risk appetite and tolerance – that is, the amount and type of risk that an organisation is willing to take to meet its strategic objectives
• Ensure that the organisation’s risk management system is clearly documented in policies, procedures and protocols that define a vision, principles, objectives, practices, responsibilities, resources, outcomes and how outcomes will be measured
• Ensure that enough resources are allocated to the organisation’s risk management system
• Foster an organisational culture that focuses on clinical safety and continuous improvement in identifying and managing risk
• Ensure appropriate integration of clinical and non-clinical risk in all risk systems.

Take a systems approach to risk management

Embed a systems approach to risk management by:

• Maintaining risk management policies, procedures and protocols that follow best practice, and ensuring that all clinical leaders, managers and other members of the workforce are familiar with them
• Establishing a reliable and systematic process of hazard identification across all areas
• Actively encouraging and supporting the workforce, patients and other stakeholders to report potential or actual risks
• Describing and establishing a mechanism for capturing non-clinical risks in the risk management system
• Maintaining a comprehensive, accurate and current risk register, which can be used as a practical tool for risk management
• Assigning all risks to a ‘risk owner’, who is responsible for managing and monitoring risks, and ensuring that appropriate accountability arrangements are in place
• Ensuring that the organisation has a reliable system to scan for, identify and respond to hazards and risks reported by other sources (for example, from the scientific literature, government agencies, insurers, coroners, or safety and quality commissions)
• Conducting a planned, systematic program of in-house and external audits or reviews on the design and performance of clinical and organisational systems, in collaboration with clinicians and consumers, and incorporating this risk audit program into the organisation’s formal audit program
• Ensuring that the risk management system includes strategies, resources and clear accountability for remedying risks
• Making use of clinical registers, if possible
• Systematically providing appropriate information, orientation, education and training to employees on using the risk management system, at induction and at regular intervals
• Regularly auditing the risk management system
• Systematically monitoring and assessing performance regarding risk, within a defined performance monitoring framework, at all levels of the organisation, including the governing body and management.

Engage the clinical workforce

The clinical workforce has the best knowledge of, and ability to identify, clinical risks. Foster engagement and participation of the workforce by:

• Regularly providing information about the organisation’s risk management system at orientation, and through ongoing education and training
• Reinforcing information about roles, responsibilities and accountabilities for reporting and managing risk to managers, clinicians and other members of the workforce (for example, by using screensavers, the intranet, newsletters and standing items on meeting agendas)
• Establishing within the committee structure responsibility for systematic risk identification, assessment, review and management
• Using routine meetings as an opportunity to identify and discuss clinical and other safety concerns
• Including patient safety as a standing item on meeting agendas of the governing body and management
• Including questions about patient safety risks in employee culture surveys
• Providing feedback to the workforce and consumers on actions taken to mitigate risks
• Regularly assessing the organisational climate in areas of risk, safety and quality using validated survey tools.

Plan for, and manage, emergencies and disasters

Use the risk management system to prepare for potential emergencies and disaster management. Perform a series of audits to identify potential risks and management opportunities to enable the organisation to respond efficiently and effectively in an emergency. This may involve considering:

• Appropriate infrastructure, such as emergency signage, lighting systems and backup generators
• Workforce training in evacuation systems and emergency drills
• Planning for the coordination of workforce rosters and reporting lines during an emergency
• Planning to support patient transfer internally or externally (to other health service organisations) during an emergency
• Business continuity planning for recovery and returning services to normal following an emergency.

Examples of evidence

Select only examples currently in use:

• Policy documents that describe the processes for implementing and monitoring the risk management system
• Policy documents for emergencies and disasters that describe the reporting lines, and roles and responsibilities of the workforce
• Risk register that includes actions to manage identified risks
• Reports on safety and quality data that are analysed to identify and monitor safety and quality risks
• Data analysis and reports on safety and quality performance trends
• Feedback from the workforce on safety and quality risks, and the effectiveness of the risk management system
• Committee and meeting records regarding oversight of the risk management system, or the review of clinical and other data collections
• Committee and meeting records in which risk, and the appropriateness and accessibility of safety and quality performance information have been discussed
• Audit schedule and reports on compliance with policies, procedures or protocols regarding the health service organisation’s risk management system
• Communication with the workforce and consumers on risks and risk management
• Records of safety and quality performance information published in annual reports, newsletters, newspaper articles, radio items, websites or other local media
• Business continuity plan, or emergency and disaster management plan
• Training documents relating to risk management, and the management of emergencies and disasters, including evacuation and emergency drills.

MPSs or small hospitals that are part of a local health network or private hospital group should adopt or adapt the established risk management system.

Small hospitals that are not part of a local health network or private hospital group should develop or adapt an organisation-wide risk management system, and ensure that it is appropriately designed, resourced, maintained and monitored.

In developing and maintaining the risk management system:

• Consider existing sources of information about patient safety, and whether more information is needed to reliably assess risk
• Consider whether risk management orientation, education and training are adequately covered in the organisation’s education and training program
• Ensure clear allocation of roles, responsibility and accountabilities for maintaining the risk management systems and for performing the actions required
• Regularly review risks and report on risk to the governing body, the workforce and consumers
• Periodically review the effectiveness of the risk management system
• Use a risk management approach to planning for emergencies and disasters that may affect the organisation’s operation or patient safety
• Implement and monitor a risk register, and review it regularly to ensure that
  • risk management policies, procedures and protocols are maintained
  • a reliable and systematic process of hazard identification is included across all areas
  • the workforce, patients and other stakeholders are actively encouraged and supported to report potential or actual risks
  • non-clinical risks are captured
  • the risk register can be used as a practical tool for risk management
  • all risks are assigned to a ‘risk owner’, who is responsible for managing, monitoring and ensuring that appropriate accountability arrangements are in place.

Examples of evidence

Select only examples currently in use:

• Policy documents that describe the processes for implementing and monitoring the risk management system
• Policy documents for emergencies and disasters that describe the reporting lines, and roles and responsibilities of the workforce
• Risk register that includes actions to manage identified risks
• Reports on safety and quality data that are analysed to identify and monitor safety and quality risks
• Data analysis and reports on safety and quality performance trends
• Feedback from the workforce on safety and quality risks, and the effectiveness of the risk management system
• Committee and meeting records regarding oversight of the risk management system, or the review of clinical and other data collections
• Committee and meeting records in which risk, and the appropriateness and accessibility of safety and quality performance information have been discussed
• Audit schedule and reports on compliance with policies, procedures or protocols regarding the health service organisation’s risk management system
• Communication with the workforce and consumers on risks and risk management
• Records of safety and quality performance information published in annual reports, newsletters, newspaper articles, radio items, websites or other local media
• Business continuity plan, or emergency and disaster management plan
• Training documents relating to risk management, and the management of emergencies and disasters, including evacuation and emergency drills.