Click to listen highlighted text! Powered By GSpeech

Home » Law » Why Risk Registers matter – the example of the NHS

Why Risk Registers matter – the example of the NHS

Tags: ,

By in Law, Meetings & News on .

The Health and Social Bill is about to be enacted, despite requests for the Risk Register to be published having been refused. Emergencies in the NHS could be less well managed according to a draft version of a risk register on the bill (PDF) which has been leaked. The warnings about the threat posed by the bill were issued in a draft version of the risk register, dated 28 September 2010, and a recent account of it has been provided by the Guardian here. The register sets out the risks posed by the health and social care bill which will devolve 60% of the NHS’s £100bn budget to new GP-led consortia.  The Register makes a number of reasoned points, and in a sense is of limited use, as it is a very old version of it. Project managers keep a meticulous record of the various ‘configurations’ or versions of all key documents.

The history of this is well documented. In March 2012, it emerged that the government lost an appeal against the information commissioner’s ruling that the NHS Risk Register be made public.  However it appears that, despite this ruling, the battle for the publication of this register is far from over with government officials confirming to the The Guardian that the ruling will be ignored, and that the register will remain unpublished. In all the hullabaloo about the Government’s unjustifiable inability to publish this Risk Register, somewhat at odds with the rhetoric from David

Cameron’s drive for ‘transparency and disclosure’, it’s easy to forget the purpose of the “Risk Register” in management. A “Risk Register” is a risk management tool commonly used in project management and organisational risk assessments. It acts as a central repository for all risks identified by the project or organisation and, for each risk, includes information such as risk probability, impact, counter-measures, risk owner and so on. It can sometimes be referred to as a Risk Log.

A wide range of suggested contents for a Risk Register exist and recommendations are made by the Project Management Institute Body of Knowledge (PMBOK) and PRINCE2 among others.

Typically a Risk Register contains:

  • A description of the risk
  • The impact should this event actually occur
  • The probability of its occurrence
  • Risk Score (the multiplication of Probability and Impact)
  • A summary of the planned response should the event occur
  • A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event)

The risks are often ranked by Risk Score so as to highlight the highest priority risks to all involved. It would be sensible for Government departments to keep a risk register of its significant corporate risks. The Risk Register serves two main purposes: –
1. The risk register helps communicate what the entity considers are the significant risks affecting both entity and the district in general.
2. It helps the entity monitor its performance in managing those significant risks. It is also an opportunity for new emerging risks to be identified and considered.
Risks are identified from a number of sources, but the Government, contrary to its own coalition agreement, abolished the PCTs which could have acted as a filter for such information.

Why might this be important in law? The answer comes from a notion called “compensation events if the Risk Register were a legally-binding contract. Take for example what might happen in this situation “NEC adjudicators” here.

If a situation has arisen that could and should have been raised within a Risk Reduction Meeting which ultimately results in a claim by the Contractor as a Compensation Event, the claim may be reduced in both value and/or time due to the Contractor’s failure to give warning of the situation that has or may arise and which gives rise to the claim. In other words, the Contractor may be deemed to have failed in his duty to mitigate the claim by not bringing the matter to the attention of the Project Manager at an early stage when actions could have been taken to remove or reduce its effect. The Early Warning Notice and Risk Reduction Meetings also have another effect.  Where an issue has been raised as being a risk to the project and no decision is taken as to the way forward or indeed the Project Manager does not consider the matter as needing any decision at that time this is recorded in the register.  If consequently the matter does escalate into a Compensation Event the register can be used to show that warning was given but no decision to deal with that situation was made.  This will help the Contractor to substantiate his claim and avoid possible reductions to its value and/or time to a failure to mitigate.

On a positive note, it is not clear to me what the legal status of any of the Risk Registers used in the NHS is. Whatever, it’s really clear to see that as a management tool Risk Registers are there to stop events escalating into a crisis, and need a clear flow of information for them to function. As regards proportionality, many would argue that this is a much stronger goal for the NHS than any risk of undermining the functioning of Government; scandals such as A4e and Tory party funding have seen to that, quite frankly.

 

The author @legalaware is a qualified PRINCE2 practitioner in complex project management, and recently completed his MBA at BPP Business School.

  • A A A
    • Click to listen highlighted text! Powered By GSpeech