The risk management Guidance Risks register entries in MRT
The following are screen snips from the risks and issues tool in
MRT. They show how existing risks are displayed on the summary page, the functionality on the tabs, how to enter or update a risk and when emails are automatically generated.
Log in to MRT from the link on Go2: https://mrt.cfa.nhs.uk/
You will then be presented with the following screen and options.
My Actions Displays a list of objectives that you are the owner of
Business Units list Displays a list of objectives for each Business Unit
Corporate plans Presents links to Priority Action Areas and Core Business Plan
Risks and Issues Select this tab to display a summary of open risks / issues
Quick links Select relevant tab to create or view issues / view all risks
Go to risks
The summary of risks or issues will be displayed by selecting the ‘Go to risks/ issues’ tab.
Inherent Risk Score as calculated from probability x impact
Residual Risk Score is the score expected after action taken
Go to issues: Select to view all issues
Quick links: Select relevant tab to create or view risks
Summary of Risks
Create a Risk
Select tab to create a new risk
Select risk type from the drop down menu – see risk types and descriptions below
Risk Types and Descriptions
Service disruption: Risks that may jeopardies the organisation's continuing existance, operation of its functions or could lead to a loss of stakeholder confidence.
Legal/Regulatory/Compliance & Finance: Risks that may cause any breach of statute, regulation, professional standards, or affect the organisation's overall financial strength and long term viability.
Personal Information/Bulk Data: Risks that could adversely affect the organisation's reputation, credibility compliance or stakeholder confidence in the processing of personal data.
Safety Health & Environment:Risks that would adversely affect the health and wellbeing of staff and visitors in the workplace resulting in a breach of regulatory and legislative standards.
Reputation Credibility:Risks that coudl exposethe organisation to additional scrutiny e.g. in respect of decisions on policy, information security, employee conduct or organisational culture.
Technology/Cyber threats: Risks/threats that could expose the organisation to harm or loss resulting from breaches of or attacks on its information systems or technical infrastructure.
Continue through the options to complete the fields, naming the risk and adding details.
Selecting yes on the yes/no buttons as indicated will open up further options.
It may be helpful to add that you must complete one section and either hit return or place the cursor outside of the field before the next section will open.
Select the type of Risk: See risk type descriptions above
Is the risk linked to an Issue: If yes: select the issue from the options.
What is the name of the Risk: Provide a name for the risk
Give details of the risk:Describe the nature of the risk
Select risk ownership from the drop down menu as required: The owner is the most senior manager who may delegate risk management and action to others.
Select an SMT risk ownership: Who is the owner of the risk?
List includes all members of SMT
Selet LT Risk Management: Who manages the risk?
List includes all members of LT
Select an Actionee: Who will take action towards the risk?
List includes all members of CFA staff
Is the Risk Active: What is the current status of the risk?
You must always complete the Cause: Event: Effect of the Risk
Continue to inherent risk scores section. An inherent risk is one that is unmitigated or changed by any risk management action we might decide to take. The score will populate automatically by calculating the probability x the impact.
Probability of risk occurance: Almost Certain : Score 5 – see descriptions below
Impact of this risk occurring: Score 3 – See descriptions below
Inherent risk score: Score populated automatically by calculating the probability x the impact. A score of over 9 triggers to LT for automatic review
scores of over 12 triggers to ARC for automatic review
5 Almost Certain
Score Calculation Information
probability X Impact = calculated score
Score 6-10: Scores over 9 triggers to LT for automatic review
Score 11-15: Scores over 12 triggers to SMT for automatic review
Risk Proximity:What time scale is it likely that the risk will occur? Options are:
Within 1 week
Within 1 month
Within 3 months
Within 6 months
Within 1 year
Existing controls: What are the current existing controls that are in place?
Risk Action: What action will be taken
Progress review date:What date will action progress be reviewed?
Deadline date:By what date will action be complete
Progress review and deadline dates to be selected from calendar.
First Line: (SMT/LT) internal day-to-day controls procedures identified and assessed to mitigate the risk.
Provide details about the 1st line of defence, who is responsible for it and any links to supporting evidence.
Second Line: SMT/LT/RML monitor the effective management of their risks.
Provide details about the 2nd line of defence, who is responsible for it and any links to supporting evidence.
Third Line: Independent internal audit to provide comprehensive assurance.
Provide details about the 3rd line of defence, who is responsible for it and any links to supporting evidence.
Terminate: Terminate the activity giving rise to the risk.
Reduce: Reduce the level by implementing further action.
Accept: No option to reduce.
Pass: Transferring the risk elsewhere.
Share: Form a partnership to manage/reduce the risk.
Create Risk: select to confirm creation of risk.
An email is generated from MRT to notify that the risk has been created. And the risk will now display in the summary
To update the progress of a risk
In the Quick links Select View my risks
Select the risk ID
View Risk Details
We estimate that the NHS is vulnerable to £1.264 billion worth of fraud each year.
Report any suspicions or concerns about fraud against the NHS to the NHSCFA.