Seeking clarity on system-level risk

23 February 2021

The government’s white paper on the future of integrated care was clear about its intention to foster greater collaboration between the NHS and social care services, local government and other bodies. What it was less clear about was something that many organisations are now struggling with: how to approach system risk.

Dynamism in the management of risks

11 February 2021 will be seen as a landmark day for professionals who work for and with the NHS. The government’s message was clear about ‘targeting burdensome bureaucracy and enabling integration’.

As they untangle the many governance challenges they face, NHS organisations must adopt an agile and dynamic approach to the management of the risks they face.

The approach needs to establish the threats caused by the creation, non-creation, co-creation or whatever the format of integration might be. However, it is mission-critical also to acknowledge the opportunities this presents to NHS organisations and their boards.

Consciously seeing their ability to take risks (risk appetite) and allowing risk-taking through devolved governance within given thresholds (risk tolerance), might help organisations to unlock some of the potential of integration.

GGI has already worked with several organisations on what the right approach to risk might be at a system level – especially on board assurance frameworks (BAFs). Effective, efficient and intelligent BAFs that are based on a clear strategy are the most successful.

Effective system working requires looking at system-wide strategy alignment, acknowledging warranted variances and respecting sovereignty, yet also allowing open-book accounting.

System-level strategic risk management

A system-level BAF should not be about cherry-picking the principal risks of each constituent partner and bringing them together. It should start, like any BAF, on what the system objectives are.

Where system-level BAFs differ slightly from their organisation-specific counterparts is on ensuring focus is maintained on what the system can control and ask of its constituent partners. This often means assigning actions for risks to a number of the partners to take forward, rather than trying to control them purely within the ICS. This approach enables a live conversation at system board-level on what partners are doing to achieve the ICS strategic objectives and how they are mitigating risks.

Once through this process, partner organisations then may want to consider whether their BAF reflects what is happening at a system level. We often see BAFs with risks regarding partnership working. However, as system objectives and goals become clearer, many of these risks are likely to require refining, moving from a general focus on having good working relationships towards achieving focused goals on service delivery at a system level.

We have worked with ICSs and other partner formed boards with the above approach who have all found not only the approach valuable as an ICS but also reflective for each of constituent partners.

The health system as a solution

Our work in 2020 with a system in the Midlands helped the partners to apply a common approach assessing the impact of key decisions on risks on multiple vectors – such as financial/money, quality, reputation, regulation or people – against a dynamic multi-dimensional model. We helped them to gauge the proportion of risk relevant to each organisation in the system, resulting in a common understanding of system risks.

The process enabled a system-wide approach to finding solutions to risks and opened doors for a healthy dialogue between stakeholders. This initiative also helped to clarify accountabilities and responsibilities, enabling effective decision making, and removed any burdensome bureaucracy in the decision-making capabilities of the board.

A good system-level BAF enables a system board to focus on what is important and useful as it re-examines its governance systems in light of the NHSI/E paper, helping to keep things relatively simple.


  • ICS system boards should approach creating a board assurance framework from their own strategic objectives, not by building on its constituent partner BAFs.
  • ICS partners should be prepared to take actions from the ICS about their own BAFs, which may involve working with other partners.
  • Partners should re-examine their own BAFs after the creation of the ICS BAF to consider whether their partnership-related risks might need to be changed, or be made more specific.

If you have any questions or comments about this briefing, please call us on 07732 681120 or email

Prepared by GGI Development and Research LLP for the Good Governance Institute.

Enquire about this article

Here to help