Clinical Risk Management - Dr Imad Mahmoud

Workshop

Clinical Risk Management      

The key points from the workshop could be summarised with the following points:

·         Risk management is rapidly developing discipline and there is a need for an agreed Standards for: Terminology, Process, Organisational Structure and Objectives.

·         The Standard represents best practice against which organisations can measure themselves. The terminology for risk was set out by the International Organisation for Standardisation (ISO)

·         Risk can be defined as the combination of the probability of an event and its consequences. Risk Management is the process whereby organisations methodically address the risks attaching to their activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities.

·         Specific risks can have both external and internal drivers and these significantly overlap. They can be categorised further into types of risk such as strategic, financial, operational and hazard etc.

·         The Risk management process is based on the Organisation’s Strategic Objectives which involve Risk Assessment (identification, description, estimation), Risk Evaluation, Risk Reporting, Decision making, Risk Treatment, Residual Risk Reporting and finally Monitoring.  These are guided by Formal Audit.

·         Risk identification sets out to identify an organisation’s exposure to uncertainty. It should be approached in a methodical way  to ensure that all significant activities have been identified  and all the risks flowing from such activities are defined. These could be Strategic, Operational, Financial, Knowledge related or Compliance based.

·         Risk identification Techniques includes Brainstorming, Questionnaires, Benchmarking, Scenario analysis, Workshops, Incident investigation, Auditing and HAZOP (Hazard & Operability Studies.

·         Risk Analysis methods and Techniques may involve Upside Risk (e.g. Survey, Research &Development), Downside Risk (Threat analysis, Fault Tree Analysis) or Both (SWOT analysis, Event Tree analysis, Statistical Inference).

·         Risk Reporting and Communication could be Internal or External . Internal Reporting is targeting the Board of Directors, Business Units or the Individuals concerned. External Reporting is generally towards the Stakeholders

·         Risk Treatment is the process of selecting and implementing measures to modify the risk. It includes Risk Control/mitigation, Risk avoidance, Risk Transfer, Risk Financing, etc.

·         Effective risk management requires a reporting and review structure to ensure that risks are effectively identified and assessed and that appropriate controls and responses are in place.

·         Regular Audits of Policy and Standards compliance should be carried out and standards performance reviewed to identify opportunities for improvement.

·         The Organisation’s  Risk management policy should set out its approach to risk management, clearly stating responsibilities and any legal requirements e.g. Health & Safety.  There should be an integrated set of tools and techniques for use in the various stages of the business process.