System-level risk

25 October 2021

Risk management can be viewed as a technical exercise, but in the most contemporary systems we see it being used as an organisational development activity and a key part of system development.

Since we published an Illumination bulletin earlier this year, Seeking clarity on system level risk, we have been working with ICS leaders all over the country to develop their system risk management arrangements. This work shows that the following steps are important:

  • Checking that the ICS governance structure includes a clear reporting structure for risk management based on an agreed set of assurance and escalation principles.

  • Developing a reasonable number (we suggest six to ten) of SMART system objectives to use in the transitional phase to April 2022. Adopting a large number of vague objectives will result in unwieldy and ineffective system board assurance frameworks (BAFs).

  • Having a cross-section of system partners engaged in developing system risk management arrangements. Run training workshops to develop collective agreement and understanding of key system risks – and a process for managing them.

  • Integrating the risk management process into the system assurance framework and develop integrated reporting, to prevent risk management being viewed in a silo.

  • Do ICS partners align their vision and strategic objectives, and their current BAFs, as well as considering actions to mitigate current system risks?

Resilient systems

System risk management is different to organisational risk management in that it is based on system objectives and system-wide strategy alignment, and it requires system partners to mitigate multifactorial and complex risks. There needs to be strong alignment with system partners’ BAFs and assurance will be drawn from a range of internal and external sources.

In short, risk management within an ICS is complex and evolving; to add value it requires precision and engagement. The crucial components that need to be in place in every system now are:

  • a governance structure that includes a clear reporting structure for risk management based on agreed set of assurance and escalation principles

  • six-to-ten SMART system objectives

  • collective agreement and understanding of key system risks built by engagement and discussion

  • development of a system assurance framework and integrated reporting.

All ICSs should have a plan to build these components and developing a risk management system that:

  • is agile and dynamic

  • is based on collective responsibility for system objectives and outcomes

  • recognises interdependencies of system issues

  • facilitates engagement and action from system partners.

It would be helpful now to avoid seeing system risk management as a collection of every risk in the system, or cherry-picking system partners’ red risks, or as a dumping ground for risks that are too hard to handle.

How can system risk management help my ICS?

A good system-level BAF enables a system board to focus on what is important and useful, helping to keep things relatively simple. This is a vital tool for ICBs, who will no doubt struggle with the weight of expectation and the volume of information that will come across their desks.

More importantly, we have seen the benefits that a focus on system risk can bring in illustrating the challenges of system working and the relationships and behaviours that are required in order for ICBs to deliver their core purpose.

Conversations regarding risks to wider determinants of health are particularly helpful in bringing scrutiny and focus to the roles of system partners in achieving ICS objectives.

Further questions to consider

What is the role of an acute trust in mitigating risks to rising unemployment or homelessness rates in their area? Is it reflected on their BAF and on their board agenda? If not, why not? When do lengthening waiting times get escalated and what happens when they do? How are risks managed at place in provider collaboratives?

Getting to an agreed system position on these and other issues will ensure that your ICS is ready to operate as a collective risk management system.

GGI has led the national conversation on integration, and we have already worked with a number of ICSs across England. No one is better placed to guide you on the important journey to integrated care. Please call us on 07732 681120 or email

Prepared by GGI Development and Research LLP for the Good Governance Institute.

Enquire about this article

Here to help