Menu Picture of three small lines that users click on to reveal a list of links

More about the annual report and annual review Three lines menu access

Annual Report 2007-2008

Clinical Governance

Statement of Internal Control 2007/08

  1. Scope of responsibility
  2. The purpose of the system of internal control
  3. Capacity to handle risk
  4. The risk and control framework
  5. Review of effectiveness

1. Scope of responsibility

The Board is accountable for internal control. As Accountable Officer, and Chief Executive of this Board, I have responsibility for maintaining a sound system of internal control that supports the achievement of the organisation's policies, aims and objectives. I also have responsibility for safeguarding the public funds and the organisation's assets for which I am personally responsible as set out in the Accountable Officer Memorandum.

As Accountable Officer I have put in place arrangements to review the individual objectives of the Executive Directors through both one-to-one sessions and appropriate meetings with the Executive Director team, such as the Delivery Support Group that meets bi-weekly. This enables me to review progress against the key strategic objectives and to hold Directors to account. These processes also enable the team to develop and strengthen its dual operational focus of delivery and implementation across the organisation.

The 2007/08 financial year has been challenging for the Trust, but has seen us build on the foundations laid in 2006/07 and achieve the following:

I believe we have identified the key areas of common purpose that will enable us to work as a health economy to deliver the improvements in service that are required locally. We are developing robust processes around PCT commissioning contracts and we will continue to maintain good relationships with the emerging Practice Based Commissioning Groups. The Trust continues to work with the Hertfordshire County Council Health Scrutiny Committee (HSC) and has built upon the previous good relationships during 2007/08. The Trust attends the (HSC) meetings on a regular basis as well as participating in the health topic group.

The Trust has many established and effective arrangements for working with the wider stakeholder communities, including patients and carers. We have a number of interested local people, which we intend to use as part of the development work on establishing the membership and subsequent Board of Governors to support our application for Foundation Trust status. The Trust considers itself compliant with the Core Standard for Equality and Diversity and has in place an Equality and Diversity Framework which broadly sets out how West Hertfordshire Hospitals NHS Trust is progressing with its Equality and Diversity Agenda and focuses on the specifics of our agenda in relation to race and disability through the inclusion of the two schemes and action plans that have been produced in collaboration with key stakeholders. The Trust has also implemented a series of impact assessments for new policies and patient information that uphold the integrity of the framework.

2. The purpose of the system of internal control

The system of internal control is designed to manage risk to a reasonable level rather than to eliminate all risk of failure to achieve policies, aims and objectives; it can therefore only provide reasonable and not absolute assurance of effectiveness. The system of internal control is based on an ongoing process designed to:

The system of internal control has been in place in West Hertfordshire Hospitals NHS Trust for the year ended 31 March 2008 and up to the date of approval of the annual report and accounts.

3. Capacity to handle risk

The Trust considers the management and handling of risk as one of its top priorities. The identification and management of risk is seen within the Trust as every employee's responsibility. To provide leadership and structure in the management of risk, the Director of Patient Safety/Medical Director has specific responsibility for leading the risk management process. This responsibility is discharged throughout the organisation through the Trust's Head of Clinical Governance, Quality and Risk via Divisional Risk Leads. Divisional Risk Leads act as a resource and focus for the identification and review of risks within the Divisional setting. They also assist the Divisions in the development and implementation of effective ways to manage these risks as detailed in their Divisional Risk Management Strategies. Through the Divisional risk leads, organisational systems and processes for risk identification, scoring, recording and mitigation are undertaken and overseen by the Head of Clinical Governance, Quality and Risk.

In addition to this, specific Risk Management guidance on the responsibilities of staff at various levels and on the systems in place to manage Risk is detailed within the Trust's Risk Management Strategy and the Incident Reporting Policy. More in depth Risk Management guidance at Divisional level is detailed within the respective individual Divisional Risk Management Strategies.

All employees are introduced to Risk Management and Health and Safety at induction and this is revisited at mandatory staff updates yearly.

The Trust has a fully implemented and integrated risk management database and risk register. This can be viewed both within the Divisions and at Executive level. Risks are clearly recorded and identified in a standardised way.

Divisional performance is reviewed regularly across a range of key indicators, including the identification and management of risk. At a strategic level the Board has reviewed the reporting arrangements for strategic risks and the requirement that this process links directly to the Assurance Framework. The Board at its meetings in public reviews strategic risks and the Assurance Framework regularly as appropriate and at least quarterly. There is representation by the Trust at the Bedfordshire and Hertfordshire Clinical Governance Liaison Group and a Regional Patient Safety Forum to ensure that a strategic approach to risk is aligned across the regional health economy. Minutes from this Group are sent automatically to the Trust's Head of Clinical Governance, Quality and Risk for noting and action.

Additionally, the National Patient Safety Agency Regional Manager communicates directly with the Head of Clinical Governance, Quality and Risk to also ensure consistency in approach.

As Accountable Officer I seek to learn from good practice via exchange of information with other Chief Executives regarding good practice in their organisations, reading of relevant articles and documentation and advice from managers and staff within the Trust as to what has worked well in handling risk and should be rolled out across the organisation.

The Trust produces yearly an Innovation and Excellence Directory which highlights good practice initiatives which enable dissemination of learning. This Directory is led by the Director of Nursing and distributed Trust wide.

In addition, the Trust works with the other partners in managing elements of risk. The Trust works with the Strategic Health Authority via various structures. Chief Executives across the health economy meet regularly and I have regular meetings with colleagues from the SHA. Chairs across the Health Economy also meet on a regular basis and there are a number of other functional groups eg Directors of Finance who have a formal programme of meetings across the year.

4. The risk and control framework

The Trust presented its reviewed Risk Management strategy to the Trust Board in March 2008. Key elements included within it are as follows:

The Trust has implemented a process for identifying, evaluating and managing the significant risks faced by the Trust throughout the financial year and up to the approval date of the annual accounts. The process is subject to regular review by the Board directly and the Audit Committee. The Trust has again reviewed its governance arrangements during the year. It has reduced the number of Trust Board sub committees to three - Audit, Remuneration and Charities. These now take on the scrutiny and strategic overview function and report to the Board.

Executive Groups have been established focussing on the operational aspects of the Trust's business. Significantly as far as the risk and control framework is concerned the Clinical Quality and Governance Committee provides the appropriate focus and control and has had the support of the following groups:

The Trust has a five year Integrated Business Plan and a yearly Operational Plan, which feed into the Trust's Risk Register and Assurance Framework. All risks, or changes in risk, are identified and described in the Trust's Risk Register. They are then evaluated and prioritised so that an action plan can be devised for the most significant ones. The Trust's Risk Management Team reviews and monitors this process. Performance reports on the management of risk are provided on a six monthly basis to the Clinical Quality and Governance Committee.

Building on the improvements made on the incident reporting procedure, the Trust now provides the Risk Management Group with quarterly aggregated analysis of key themes extrapolated from their risk management database. Where there are issues of concern arising from this report they are escalated to the Complaints, Incidents and Near Misses Review Group. This process ensures that the Clinical Quality and Governance Committee can advise the Board of significant issues that create a risk to the Trust. Executive and operational responsibility for each of the Standards for Better Health domains has been assigned and monitoring of compliance is ongoing. The Trust has maintained progress in meeting the core standards. The Trust's strategic objectives are aligned with 'Standards for Better Health' and consequently all gaps in compliance recorded on the Assurance Framework.

The Assurance Framework is based upon the DH model and contains all appropriate elements (objectives; key risk; key controls; assurance on controls; gaps in controls; assurance and gap in assurance) and contents are reviewed and presented to the Audit Committee and Trust Board on a quarterly basis.

Current gaps in either control or assurance are outlined in the table below:

As an employer with staff entitled to membership of the NHS Pension scheme, control measures are in place to ensure all employer obligations contained within the Scheme regulations are complied with. This includes ensuring that deductions from salary, employer's contributions and payments in to the Scheme are in accordance with the Scheme rules, and that member Pension Scheme records are accurately updated in accordance with the timescales detailed in the Regulations.

The Trust's Patients' Panel has been established for four years. It continues to play an active part in the Trust and has also registered to become a Dignity Champion. The Panel continue to work collaboratively with the PPI Forums and are linked into a wide range of committees, meetings and projects within the Trust to develop services and pro-actively help to drive forward the issues raised from the results of the National Patient surveys. They are also members of Internal Patient Environment Action Team (iPEAT) inspections on a monthly basis and take part in the Trust's Observation of Care, Pride in Our Workplace and 'Think Clean' days. The PPI Forum members also maintain their statutory announced and unannounced monitoring visits within the Trust. Panel members continue to review all policies, patient information and questionnaires to ensure they are 'user friendly' before being officially ratified by the appropriate committees and published.

The Patients' Panel together with the PPI Forum members and other external patient representatives and voluntary organisations have been instrumental in the production of the Patient Involvement and Experience Strategy and subsequently with helping to drive forward it's objectives, together with the Trust's 'Code of Conduct'. The strategy was launched at the Trust's Celebrating our Success Conference. They are also regular attendees of the Patient Involvement and Experience Group chaired by the Director of Nursing.

Forum members are also a member of the Delivering a Healthy Future (DaHF) project team and both the PPI Forum and Panel members have been involved in the internal Hospital User Groups (IHUGS) in respect of the St. Albans City Elective Care Centre, Watford Health Campus and the new Acute Admissions Unit (AAU) at Watford General Hospital. Their views were sought during the consultation process and subsequent attendance at the IHUGS and Project Team has assured their consistent involvement in the planning of future services and design of the Watford Health Campus.

The Patients' Panel and PPI Forum members meet on a regular basis. This is an ideal opportunity for the members to be updated on Trust matters and to hear what health and Trust issues are concerning patients and the public. I, together with the Medical Director, Consultant Microbiologist, Director of Nursing and the Delivering a Healthy Future (DaHF) Project Team, have also attended the PPI Forum public meetings to address the needs of the Communities.

With the disbanding of the PPI Forums in March 2008 the Trust continues to support the work of the "Early Adopter" and the Host organisation for the establishment of the new Local Involvement Networks (LINks) that are due to come into force in September 2008 and the Transitional LINks in the interim period between April and September 2008. The Trust will also continue to support the PPI Forum members who currently participate in Trust projects and committees to ensure that they are welcome to continue their participation as patient representatives / LINks members, if they wish to.

5. Review of effectiveness

As Accountable Officer, I have responsibility on behalf of the Trust for reviewing the effectiveness of the system of internal control. The Assurance Framework and operational progress being made against elements of the Healthcare Commission's Annual Healthcheck inform my review. These processes provide me with evidence that the effectiveness of controls that manage the risks to the organisation achieving its principal objectives have been reviewed.

My review is also informed by the following:

I have been advised on the implications of the result of my review of the effectiveness of the system of internal control by the Trust Board; Audit Committee; Clinical Standards Executive; Assurance Committee (now disbanded in favour of Audit Committee) Risk Committee (now disbanded in favour of Audit Committee). A plan to address weaknesses and ensure continuous improvement of the system is in place.

The Audit Committee has advised me on the implications of the result of my review of the effectiveness of the system of internal control and the Head of Internal Audit has provided the Trust with an opinion statement on the overall arrangements on internal control and on the controls reviewed as part of their internal audit work. Executive Directors are providing me with assurance on the development and maintenance of the system of internal control.

Below describes the process that has been applied in maintaining and reviewing the effectiveness of the system of internal control, including some comment on the respective roles.

The Board

The Trust Board has endorsed a mechanism to gain assurances about the effectiveness of the controls in place to manage principal and strategic risks. This mechanism ensures that risks are fed up to the Board through the organisational structure in place within the Trust.

The Board reviews and maps these to its own assurance needs, enabling the Trust Board to address and put in place any improvements necessary.

The Audit Committee

The Audit Committee has reported directly to the Board providing assurance on the maintenance of the system of internal control. The Committee comprises at least three Non-Executive Directors with the Director of Finance, Director of Patient Safety, Head of Clinical Governance, Quality and Risk, Trust Secretary and other representatives including Internal and External Audit in attendance. I attend meetings on a regular basis. The Audit Committee's primary role is to independently oversee the governance and assurance process on behalf of the organisation and to report to the Board on whether the systems in place for risk management and internal control are robust and effective. The Audit Committee receive regular reports from the Head of Clinical Governance, Quality and Risk ensuring that appropriate issues are escalated to the Audit Committee from the Risk Management Group. This Committee ensures that audit plans are drawn up with full consideration of all risks as detailed within the Trust Risk Register.

Executive Directors

Executive Directors have overall responsibility for the implementation of the risk management strategy. They are responsible for the overseeing of the processes for identifying and assessing risk, and for advising me as necessary. They ensure that so far as it is reasonably practical, resources are available in order to manage risk.

Internal Audit

Internal Audit reviews the system of internal control throughout the year and reports accordingly to the Audit Committee. The Trust has identified the following significant control issues: The Annual Healthcheck The Healthcare Commission's Annual Healthcheck for 2006/07 concluded that the Trust was 'weak' in both its use of resources and in the quality of its services.

For quality of services the main areas of concern were:

I have established a process for monitoring the Trust's performance against all of the National Targets used by the Healthcare Commission in its Annual Healthcheck, under the supervision of an Executive Director. There is a responsible senior manager identified for each target. A summary of current performance and anticipated performance for the year for each target is reported to the Trust Board at every meeting. I have identified Executive Directors to lead work on improving performance on control of infection and 18 week targets, and have established task groups in both areas which I chair personally. I meet with executive directors weekly and review performance against key performance indicators.

Standards for Better Health

For its 2007/8 Standards for Better Health submission, the Trust has declared compliance with 35 out of 43 Core Standards.

It has declared 'not met' for following 4 standards:

Standard Subject Compliance Issue
C4c Decontamination 

The Trust is not compliant with the all statutory regulations within its Sterile Services Departments, although the HC are aware and this does not have an impact on patient safety.

The Trust was audited in 2006 and an opinion of 'limited assurance' was given only. Work is still in progress on the recommendations contained within it.

Governance arrangements and assurance to the Trust Board have been strengthened through audit against requirements of Duty 4 of the Hygiene Code.
C20a Health and Safety The Trust does not have assurance that all statutory clinical departmental and ward risk assessment have been carried out,
C20b Privacy and Dignity Assurance to the Trust Board strengthened through regular reporting and audit of privacy and dignity and mixed sex accommodation.
C23 Public Health Production and implementation of Public Health Strategy which includes measuring and monitoring of public health through performance targets, implementation of Public Health NICE Guidance, and trust initiated public health interventions. Although areas for measuring and monitoring have been identified the Trust is not yet in a position to fully analyse and share data with the wider health economy.
A further 4 standards have also been declared 'not met' but have achieved end of year compliance through the submission of 'achieved' action plans as detailed below:
Standard Subject Compliance Issue
C3 and C5a Conform to NICE Guidance and NICE technology appraisals The Trust reviewed its policy for the management of NICE Guidance and Technology Appraisals in February 2008. Implementation to provide assurance on compliance has been ongoing. The Trust now has a spreadsheet, which records both compliance and action in place to meet NICE standards.
C7e Equality and Diversity The need to meet equality and diversity requirements made explicit within procedural recruitment guidance and assurance to the Trust Board strengthened through audit of practice.
C10a Recruitment and CRB Assurance to the Trust Board strengthened through audit of practice.
C22a and C22c Working with partners in Public Health Appropriate Trust representation at both Strategic Partnership Forums and Crime and Disorder Partnerships and engagement on Public Health with PCT. Feedback to the Public Health Forum providing assurance to the Board.

All risks are reviewed on a continual basis to ensure that there are no gaps in control and/or assurance. Where these occur they are added to the risk register and there are action plans in place to address them.

ALE

In 2006/07 the Trust received an ALE score of 1 'weak' for use of resources. During 2007/08 the Trust implemented a revised process to ensure that a score of 2 'fair' was achieved across all 5 areas of ALE - financial standing, financial management, financial reporting, internal audit and value for money. A central repository of evidence was established along with clearly identified director and managerial leads for each Key Line of Enquiry. The Finance Department acted as 'project managers' to ensure that level 2 evidence was available for audit. The Finance team worked closely with the Trust's external auditors to ensure that the evidence provided was appropriate, this was achieved via a position statement audit in December 2007 and as part of the interim audit during January to March 2008. The Trust received a score of 2 for 2007/08.

Information Governance and Data Mapping

Following concerns about public sector data protection and in particular the security of information being transferred between locations and organisations, the Trust has recently undertaken a data mapping exercise in order that it may satisfy itself that all potential data streams are known and are being managed appropriately.

Jan Filochowski signature

» next: Financial Review