Document Reference Number Revision Number Revision Date Review Date OQR012 4 20081210 200906 Document Drafted By Document Approved By Responsibility Office of Quality and Risk Ms. Edwina Dunne, Head of Quality and Risk Office of Quality and Risk
Introduction Risk assessment is an essential part of the risk management process and is the overall term covering the risk identification, analysis and risk evaluation part of the risk management process (AS/NZS Risk Management Standard 4360:2004). The management of risk is integral to the business process of all levels in the HSE. This is not only a HSE Board requirement as set out in the HSE’s Integrated Risk Management Policy but is also central to the HSE’s system of internal control.
Risk Management Process – Overview
Establish the Context
Com unicate and Consult m
Risk Assessm ent
M onitor and Review
For management to ensure that the time spent on managing risks is proportionate to the risk itself, services should have in place efficient assessment processes covering all areas of risk. The HSE has developed a Risk Assessment Tool to support this process. This tool should be applied uniformly to all processes where risk assessment is required e.g. health and safety risk assessment, risk assessment for the purpose of developing and populating risk registers, project management etc. It is not intended that this tool replace the risk assessment process used in specific clinical or care situations e.g. falls, tissue viability etc.
Guidance on Risk Assessment and the use of the HSE’s Risk Assessment Tool 1. Identify the Risks Risk is defined as “the chance of something happening that will have an impact on the achievement of organisational stated objectives” (HSE 2008). This step in the risk assessment process seeks to identify the risks to be managed. A risk assessment may concentrate on one or more area of impact relevant to the organisation or activity i.e. it may be specific to a particular project or hazard area e.g. biological hazards or it may be conducted on a more general basis e.g. for the purpose of developing a service or organisational risk register. It is essential that the employees identifying risks are knowledgeable about the policy, service area, process or activity being reviewed. When areas of risk have been identified it is important that these are described in a manner that accurately and comprehensively ensures that the exact nature and magnitude of the risk is captured. To assist with this the following approach should be used. The ‘ICC approach’ to risk description (Impact, Cause, Context) Risk is inherently negative, implying the possibility of adverse impacts. Describe the potential Impact if the risk were to materialise. Describe the Causal Factors that could result in the risk materialising. Ensure that the Context of the risk is clear, e.g. is the risk ‘target’ well defined (e.g. staff, patient, department, hospital, etc.) and is the ‘nature’ of the risk clear (e.g. financial, safety, physical loss, perception, etc.) Examples: Injury to staff and service users (Impact) due to poor maintenance of flooring (Causal Factor) in the reception area (Context).
Project overruns resulting in financial loss (Impact) due to the unavailability of key project staff (Causal factor) within Procurement (Context). 2. Analyse the Risk Risk analysis is about developing an understanding of the risks identified. In
subjecting a risk to analysis it is essential that account is taken of the existing control measures. 2.1 Describe of the existing control measures These include all measures put in place to eliminate or reduce the risk and include processes, policies, procedures, guidelines and engineering controls, training, emergency arrangements, preventative maintenance controls,...