Page 101 - Pharmacy Appeals 1/4/04 to 31/3/05
P. 101
NHS Resolution Annual report and accounts 2021/22 77
Table 14: The top five risks linked to strategic aims and the controls in place to mitigate them
Strategic aim Identify Risk management
Risk identified as potential Key controls in place to mitigate
threat (or opportunity) to the risk
the achievement of NHS
Resolution objectives
All strategic aims Claims data could be Processes in place for FOI requests.
incorrectly interpreted Processes in place for DHSC policy requests.
either due to the urgent
Annual Internal Audit reviews of claims data quality.
nature of requests and/
or the integrity and
quality of our data.
All strategic aims Data security and integrity IT policies and procedures in place.
is compromised, for System controls including firewalls.
example, through cyber
IG Group reviews metrics for virus incident log.
attack or unauthorised/
IG Group reviews incidents and takes forward
inappropriate
learning.
disclosure of data.
IG reports to SMT, ARC and the Board.
External company carry out regular penetration tests
and report findings and improvements.
Internal Audit reviews and deep dives.
ISO 27001 certification.
Cyber Essentials Plus audit and certification.
All strategic aims Fail to recognise and The Policy, Strategy and Transformation team ensure
respond to changes in horizon scanning to support policy development.
the environment in which SMT strategy session discussions of emerging topics.
NHS Resolution operates.
Membership of Cross Government Strategy steering
committee and working group.
Monitoring and evaluation of developments in
models of care.
Monitoring and evaluation of the Maternity
Incentive Scheme.
All strategic aims Fail to deliver our core SMT and Board overview of transformation
functions due to possible proposals.
impact of planned growth ODG review of delivery against business plan.
and transformational
CMG oversight of programme and portfolio delivery.
change initiatives, as
well as unplanned events
(e.g. a pandemic).
Help the system, Fail to identify information Early Notification Scheme launched for maternity
organisation and within the data we hold care, with incentivisation of members to identify
individuals identify which either in isolation concerns early.
and address issues. or when connected with Significant Concerns Group and frameworks in place.
information held by
Work in partnership
others elsewhere in the
with other ALBs,
NHS indicates a current or
NHS trusts, patients
emerging patient safety
and healthcare staff
risk from a particular
to improve the way
organisation or individual.
in which the NHS
responds to incidents.
