The best approach to risk management is to establish a safety culture throughout your organisation, say Peter Mills and colleagues

Developing an accountability framework – an example model

Developing an accountability framework – an example model

Developing an accountability framework – an example model

Risks can never be completely eliminated. A hospital without risk is one with no doctors, no nurses and no patients.

The organisational culture that best drives safety is difficult to identify and even more difficult to nurture successfully

Instead, the process of managing risk should be one of continual learning and refinement around a concept of what constitutes a “safe” environment and how the people within it will operate, from directors to cleaners.

One of the most important factors in creating a safe environment is management culture. The organisational culture that best drives safety, however, is difficult to identify and even more difficult to nurture successfully.

It is widely accepted that the national Controls Assurance project launched in the NHS in the late 1990s, for example, did not deliver fully on its promise to reduce patient and organisational risk. The project’s highly structured, process driven approach brought a much needed set of disciplines to assist the management of risk, allowing the identification of major flaws within environments, but it could not address the critical role that organisational culture plays in establishing safer organisations.   

There is a vast range of impressive patient safety work under way now, but there is still a need to ensure the boards and senior management teams of organisations make the link between risk at the front line and risk to the corporate body. 

The NHS has developed risk programmes and corporate governance arrangements over the past 10 years in the form of corporate risk registers and assurance frameworks. Ironically, an undue focus on these processes can introduce risks of their own. Recently this has been seen most starkly not in the NHS but in the area of child protection, where reliance on criminal records checks, and a consequent lack of day to day awareness of risk, has in some cases resulted in serious failures. 

Critical examination

A report from the Audit Commission, Taking it on Trust: a review of how boards of NHS trusts and foundation trusts get their assurance, was released earlier this year. It examined how the boards of acute trusts and foundation trusts in England assure themselves that internal controls are in place and operating effectively.

It found that in the worst cases, the assurance process had become a paper chase rather than a critical examination of the effectiveness of the trust’s internal controls and risk management arrangements. However, it is important that the NHS continues to improve its risk management.

So what is the right focus? A clue comes from the experiences of US healthcare organisations. They implemented new customer focused approaches to healthcare about 10 years ago, chiefly to improve their revenue streams, but in the process found a benefit in the area of patient safety and reduced claims. Organisations with a strong and genuine “customer” focus are naturally lower risk.

The idea that the right cultural focus for an organisation reduces risk is backed up by management theorist Karl Weick’s theory on “high reliability organisations”, a term he used to describe outfits such as air traffic control systems, firefighting crews, nuclear power generating plants and hostage negotiation teams.

Weick found that the better of these organisations rarely fail, even though they have to deal with numerous unexpected events, and sought to identify the common characteristics of “safe” organisations. These include:

  • understanding how chains of events lead to major failures, and seeking to break these chains
  • expecting errors and being prepared to deal with them
  • identifying omission prone procedures for particular attention
  • not slavishly following procedures when it is clear an alternative may be better
  • making everyone’s views matter - views should not be ranked by professional hierarchy
  • ensuring everyone in your organisation understands why a rule or process step is important.

Weick allows for the spanner in the works of risk management: human error, misjudgement and unpredictability.

It is not until changes are made or system errors occur that many risks can be identified and measures taken.

But in a system that is set up to anticipate as much as possible and be flexible with procedure when the worst happens, coping mechanisms will be second nature and safe organisations will know when it is appropriate to break the rules in order to reduce risk.

Learn from errors

If and when people do make mistakes, the organisation should look to learn from these mistakes and act to prevent the same thing happening in future. Organisations should establish a culture in which failure does not mean disaster.

On paper, the NHS has now a strong commitment to this concept; in reality, it is still an enormous challenge.

Case study

A health and social care trust formed from the merger of three trusts needed to adopt a common approach to quality and safety improvement, while also merging cultures from both acute and community based services that were spread over a wide geographical area.

Capita Consulting worked with the trust at board level on the key issues of assurance and risk management. Using best practice from other care providers, Capita helped identify policies and procedures appropriate to the trust’s needs.

The trust has benefited from staff training and development on a range of risk, safety and governance related topics. Practical advice and specific learning sets created for staff have also benefited the governance team at the trust, contributing to their ability to solve problems with the benefit of peer support.

Risk tips

  • Look at the changes there have been in the profile of your organisation’s top risks over the past six months
  • Test out the top risks the board sees with an operational manager - are they recognisable?
  • Have your board members seen the investigation reports from any recent incidents?
  • Have you used any measurement tool to assess your management/safety culture? 
  • Pull together your management team to develop a response plan that is effective throughout the organisation when errors occur
  • Ensure managers share information on risk management with staff and that everyone in your organisation gets the message at the same time