Risk Management Strategy 2022-2024

Publication date:
30 September 2022
Date range:
September 2022 - September 2024

Risk management strategy


1.1 Kent and Medway NHS and Social Care Partnership Trust (the Trust) is committed to the management of risk associated with caring for patients, staff and others affected by our activities and recognises that these risks are present on a day to day basis.

1.2 The process of risk management is an essential tool which provides the Board with assurance on the control mechanism for clinical, non-clinical and corporate governance.

1.3 This strategy establishes a positive direction for the process of advancing risk management maturity to maintain and improve the quality and safety of care for patients, staff and others affected by our activities and must be read in conjunction with the Risk Management Policy and other relevant guidance.


2.1 Everyone involved in risk management will:

  • Understand what risk is and how it impacts on our clients, ourselves and our services
  • Know what needs to be done to confidently give assurance of controls
  • Be confident to mitigate the consequences via actions, generated and assured, to reduce risk to a tolerated level.


3.1 Risk appetite is the level of risk the Board is willing to take to achieve strategic objectives. The aim of this strategy is to have effective risk management systems that are embedded throughout the organisation at every level and are integral to everyday working and planning of services in line with the risk appetite.

3.2 To achieve this aim the responsibilities of key individuals and managers will be set out in the Risk Management Policy and associated risk management process standard operating procedure.

3.3 The three objectives of the 2022 – 2024 strategy are:

  • 3.3.1 Improve each risk owner’s cognisance of the impact of social, political, environmental and regulatory drivers of change; so risk management is dynamic, iterative and responsive to change.
  • 3.3.2 Improve the organisation’s understanding of the process of risk management; by demonstrating an improved awareness of the effectiveness and ineffectiveness of controls
  • 3.3.3 Improve the confidence in assurance via the types, quality and timeliness of systematic and structured management information.


4.1 Successful implementation of this strategy requires leadership at all levels of the organisation:

  • 4.1.1The Board will own the Risk Management Strategy and retain overall responsibility for overseeing the management of risks, compliance with our risk management policy and the agreed risk appetite of the Trust. The risk appetite takes into account the level of risk and risk combinations that the board is prepared to take to achieve strategic objectives.
  • 4.1.2 Care Group Heads of Service and Corporate Support Services Directors and their management teams are responsible for ensuring that all the objectives within the strategy are met and that all reasonable actions have been taken to mitigate risk.
  • 4.1.3 The strategy is supported by the Compliance and Risk Team who will provide the Risk Management Policy along with information, training and guidance on the process of risk assessment.


5.1 A risk maturity scale is used to illustrate different levels of progression as risk management becomes more embedded in the organisation (Figure 1).

Figure 1: Risk Maturity Framework:

  1. Naive - Has not yet developed an approach for risk management
  2. Aware
  3. Defined - Risk management strategy and policies in place and communicated across the organisation
  4. Managed
  5. Enabled - Risks taken on an informed bases. Risk management is used to help manage the organisation

As the risk moves from Naive to Enabled the risk maturity increases. 

5.1.1 It is the intention of the Board to continue to develop the risk maturity of the organisation from ‘Defined’ to a ‘Risk Enabled’ status.

5.1.2 The annual internal audit of risk management includes an assessment of the risk maturity of the organisation. The Audit and Risk Committee (ARC) will monitor the implementation of recommendations arising from the audit.


6.1 The ARC is responsible for monitoring the strategy’s implementation on behalf of the Board and scrutinises the risk management process which forms the assurance for the Board.

6.2 Internal and external audit reports will give assurance that the Trust’s risk management systems are being implemented.


7.2 Staff and managers are expected to familiarise themselves with the Risk Management Strategy, Risk Management Policy and Standard Operating Procedure with training relevant to their role as required.


8.1 The Equality Act 2010 places a statutory duty on public bodies to have due regard in the exercise of their functions. The duty also requires public bodies to consider how the decisions they make, and the services they deliver, affect people who share equality protected characteristics and those who do not. In KMPT the culture of equality impact assessment will be pursued in order to provide assurance that the trust has carefully considered any potential negative outcomes that can occur before implementation. The trust will monitor the implementation of the various functions/policies and refresh them in a timely manner in order to incorporate any positive changes.


9.1 The Human Rights Act 1998 sets out fundamental provisions with respect to the protection of individual human rights. These include maintaining dignity, ensuring confidentiality and protecting individuals from abuse of various kinds. Employees and volunteers of the Trust must ensure that the trust does not breach the human rights of any individual the trust comes into contact with.