The release of secret documents highlighting risks with the Seven Day NHS programme have done quite a lot to demonstrate the lack of understanding about how and why risk is measured. Equally the call for for an inquiry based on the existence of identified risks seems to misunderstand the purpose of having a risk management process.
The purpose of risk management is to anticipate all of the things that could happen in the future and try to assess how likely they are and the impact on your ability to deliver the project or programme. All risk identification is inherently based on things that have not happened yet. The range of risks identified is not necessarily indicative of the danger of implementing the project, it is indicative of the quality of project management.
It’s worth mentioning that this is in no way a comment on the actual programme to create a Seven Day NHS. Generally, I’d say to all intents and purposes we already have a seven-day service; whilst we could create a uniformity across the week this does seem a strange priority given funding pressures across current NHS services.
One of the things that has been highlighted, in much of the reporting, is the number of risks in the NHS risk register that have been categorised as red. There is an instinct that red means something bad has happened. In risk management this isn’t the case. Red highlights that if the risk did happen then it is likely to have a great impact on the delivery of the project. Risk calculations are based on multiplying the probability of something happening by its potential impact.
This means that risks highlighted as red are priorities for any programme manager. The real test of a risk register is not whether risks are red, it is whether actions have been identified to prevent these risk turning into reality. Also once actions have been identified, are they being regularly monitored to ensure they are reducing risk?
Why does this matter? My concern is that in an ideal world the risk register for a programme such as the Seven Day NHS shouldn’t be classed as a “secret document”. Ideally it should be in the public domain so people across the country can help to identify other risks but also to help mitigate those that exist. The current reporting on this risk register make that unlikely. This can have the result that scrutiny is reduced or in a worst case scenario people are reluctant to add risks because of the political implication.
One of the greatest reasons for project failure is poor risk management. If risks are not anticipated, or not managed, then nothing will prevent them occurring.
On a wider level you might ask “why does this matter to you?”
Whilst we’re not involved in the implementation of the Seven Day NHS programme we believe that good project management methodology is an essential part of working to improve individual health and wellbeing. This is an essential part of how we work with organisations to help them to identify the full range of personal risks that clients present.
Similarly, as with large scale projects, it is only once you have anticipated all of the potential issues that affect health and wellbeing for an individual, that you can plan how to mitigate risk. This is how you achieve project outcomes; this is how you achieve personal outcomes.
Having a process in place is essential to achieve project aims and if that process identifies risk then it is doing its job.