Skip to main content Skip to navigation Skip to mobile navigation Skip to accessibility tools

Annual Governance Statement

1 April 2022 to 31 March 2023

Organisation name:  Lincolnshire Partnership NHS Foundation Trust

Scope of responsibility

As Accounting Officer, I have responsibility for maintaining a sound system of internal control that supports the achievement of the NHS foundation trust’s policies, aims and objectives, whilst safeguarding the public funds and departmental assets for which I am personally responsible, in accordance with the responsibilities assigned to me. I am also responsible for ensuring that the NHS foundation trust is administered prudently and economically and that resources are applied efficiently and effectively. I also acknowledge my responsibilities as set out in the NHS Foundation Trust Accounting Officer Memorandum.

The purpose of the system of internal control 

 

The system of internal control is designed to manage risk to a reasonable level rather than to eliminate all risk of failure to achieve policies, aims and objectives; it can therefore only provide reasonable and not absolute assurance of effectiveness. The system of internal control is based on an ongoing process designed to identify and prioritise the risks to the achievement of the policies, aims and objectives of Lincolnshire Partnership NHS Foundation Trust, to evaluate the likelihood of those risks being realised and the impact should they be realised, and to manage them efficiently, effectively and economically. The system of internal control has been in place in Lincolnshire Partnership NHS Foundation Trust for the year ended 31 March 2023 and up to the date of approval of the annual report and accounts.

The Audit Committee and the Board annually reviews the effectiveness of the Trust’s governance arrangements (system of internal control).  This review covers all material controls, including financial, clinical, operational, organisational development and compliance controls and risk management systems.  The review is confirmed in the Board papers and minutes which are published on the Trust’s website and can be found by using this link.

Capacity to handle risk

 

The Board of Directors provides leadership on the overall governance agenda. On the Board’s behalf, the Audit Committee has maintained, and kept under review, a policy for the management of risk. Our Board of Directors is supported by a range of Committees that scrutinise and review assurances on internal control. 

Our Executive Team focuses on all high or significant risk exposures and oversees risk treatment to ensure: the correct strategy is adopted for managing risk; controls are present and effective; and  action plans are robust for those risks that remain intolerant.

The Chief Executive has overall responsibility for the management of risk by the Trust. All Executive Directors have responsibility to identify and manage risk within their specific areas of control, in line with the management and accountability arrangements in the Trust.

The role of each Executive Director is to ensure that appropriate arrangements are in place for the:

  • Identification and assessment of risks and hazards.
  • Elimination or reduction of risk to an acceptable level.
  • Compliance with internal policies and procedures, and statutory and external requirements.
  • Integration of functional risk management systems and development of the assurance framework.

These responsibilities are managed operationally through divisional and service managers supporting the Executive Directors and working with designated lead managers within operational divisions.

The Trust has a Board Escalation and Assurance Framework that sits alongside the Trust’s Reporting and Management of Risk Policy, both of which are reviewed annually and approved by the Board of Directors. The framework and policy define risk and identifies individual and collective responsibility for risk management within the organisation. It also sets out the Trust’s approach to the identification, assessment, scoring, treatment, and monitoring of risk.

Staff are equipped to manage risk in a variety of ways and at different levels of strategic and operational functioning. These include:

  • Formal in-house training for all staff in dealing with specific everyday risk, e.g. clinical risk, fire safety, health and safety, moving and handling, infection control, information governance and security.
  • Training and induction in incident investigation, including documentation, root cause analysis, steps to prevent or minimise recurrence and reporting requirements.
  • Developing shared understanding of broader business, financial, environmental and clinical risks through collegiate clinical, professional and managerial groups (such as professional advisory groups, the Board Quality Committee and the sub-committee structure that sits in place to support the delivery of quality).

The risk and control framework

The system of internal control is based on an ongoing risk management process designed to identify the principal risks to the achievement of the Trust’s objectives; to evaluate the nature and extent of those risks, and to manage them efficiently, effectively and economically.

The key elements of the risk management strategy are that:

  • Risk identification and management is a key trust wide responsibility.
  • All staff accept the management of risks as one of their fundamental duties.
  • All staff are committed to identifying and reducing risks.


This promotes a duty of candour in which there is transparency and openness where mistakes are made.  Untoward incidents are identified quickly and dealt with in a positive and responsive way and lessons learnt are communicated throughout the organisation and best practice adopted.

The Trust uses the ‘5 x 5’ matrix for risk quantification. Risks may be identified on an ongoing basis via incident reporting procedures, complaints, claims, freedom to speak up, control audits, and risk assessments. These processes are monitored to ensure that any risks are identified and acted upon in a timely manner. 

Risks that are assessed as low are managed through routine procedures.  Moderate risks require specific management responsibility and action.  High risks require senior management attention. Extreme risks require immediate action and necessitate informing the Board of Directors.

Assurance on how effectively the risk management system is working is monitored through inspections, such as, environmental, infection control, security, and workplace safety, and through health and safety and clinical governance activities, which include: 

  • Display screen equipment awareness.
  • Control of Substances Hazardous to Health (CoSHH) regulations.
  • Awareness raising of the management of violence and aggression.
  • Clinical risk assessment.
  • Moving and handling training.
  • Lone working.
  • Record keeping audits.
  • Incident reporting and reviews.
  • Infection control including for Covid-19 infection prevention and control, board assurance framework.
  • Safeguarding children and adults.
  • Key equality legal requirements.
  • Information governance.
  • Health and safety, and fire inspections.

These all-form part of the Trust’s induction programme for all new members of staff, training updates and individual training as a result of needs assessments. The Trust’s performance management framework includes the effective management of risk as a key element. The organisation undertakes equality impact assessments on all functions it carries out to ensure that service delivery and employment practices comply with legal requirements.

The Trust involves key stakeholders in the management of risks; these include:

  • Service users and their carers.
  • Members of the Trust and the general public through consultations.
  • Council of Governors and foundation trust members.
  • Health and social care commissioners through performance management of contracts.
  • Staff and management joint consultative negotiation committee.
  • Local Negotiating Committee for consultants.
  • Health and Safety Committee.
  • Lincolnshire Health Scrutiny Committee.
  • The Lincolnshire Resilience Forum.
  • Other system providers in primary care, secondary care and the third sector (voluntary, community and social enterprise).
  • NHS England.
  • The Care Quality Commission (CQC).

The Board of Directors determines the strategic objectives of the Trust.  These are monitored by performance management through the Board’s committee structure. Strategic risks, which potentially threaten the achievement of strategic objectives, are identified and key controls put in place to manage these risks. The Board of Directors, either directly or via its committees, is provided with reports to enable it to monitor the effectiveness of each element of the assurance framework.

The Board of Directors considers the key controls in place to identify risks and assesses whether these are adequate.  Where gaps in controls have been identified, action plans are put in place to address any weaknesses.

The Board committee structures, and terms of reference, are reviewed annually to maintain the provision of adequate assurance mechanisms. The committee structure was revised to reflect the Trust’s strategic priorities and this structure has been maintained throughout 2022/23.  Following the establishment of integrated care systems during the year, and a resultant changing landscape, the directors have commenced a process to develop a new Trust strategy and will be engaging with a range of stakeholders, including, but not limited to, Trust staff, the council of governors, service users and carers, and system partners.  Once this piece of work has been completed, there is a potential for changes to be required to the Board committee structure.

The Trust uses external bodies to provide assurance, where necessary, and targets the internal audit programme at specific areas where there are known areas of weakness, and no other source of assurance is available.  The Board of Directors recognises that this will and does result in a number of “limited assurance” reports which then enable robust action plans to be identified and implemented to produce improvements in control and assurance.

Sections of the Assurance Framework have been assigned to the committees of the Board to ensure that there is clear oversight of all areas. Where lack of assurance, or gaps in control are identified, these are escalated to the Board of Directors. The Audit Committee considers the framework at each of its quarterly meetings, as part of its responsibility to oversee the overall governance framework, risk management and internal control, and makes recommendations to the Board.

Throughout 2022/23 the Board of Directors has reviewed and approved its assurance framework at each of its meetings to provide assurance that the risks to the strategic objectives are being managed.

An internal audit review of the assurance framework was carried out in 2022/23, which received a partial assurance rating.  A management plan to respond to areas of weakness in our plan has been developed, which include:

  • Revising the current Board assurance report to ensure the report reflects gaps in assurance and control.
  • Review of the Board Assurance Framework to ensure it aligns with the Trust Strategy and the organisational risk register.
  • Review the Trust’s approach to training to ensure all staff are adequately trained on the Trust’s risk management policy and risk approach.

The directors are required to satisfy themselves that the Trust’s annual quality report is fairly stated. In doing so the Trust has established a system of internal control to ensure that proper arrangements are in place. The Director of Nursing and Quality leads and advises on all matters relating to the preparation of the Trust’s annual quality report. To ensure that the quality report presents a properly balanced view of clinical performance over the year, the Trust has an established Quality Committee that is accountable to the Board of Directors to provide scrutiny and challenge over Trust clinical performance. The Trust has a strong working relationship with the Lincolnshire Integrated Care Board, and a representative attends the Trust’s Quality Committee meetings, and also takes part in regular quality assurance visits. 

The Board of Directors receive safe staffing reports that describe the safe staffing levels required and achieved in accordance with the Developing Workforce Safeguards.  The reports enable the Board to receive assurance that safe and effective specialist mental health services staffing levels have been created, reviewed, and sustained.

The Director of Nursing and Quality leads a process to make the link between the decisions on staffing that the Board makes and the knowledge and expertise of the clinical teams within the divisions. The Trust applies the systematic approach set out in the Developing Workforce Safeguards for identifying the organisational, managerial, and environmental factors that support safe staffing in order to ensure improved service user outcomes.

The top risks faced by the Trust in 2022/23 and going forward into 2023/24 are set out in the table below. 

Risk What are we doing about it? How do we know?
Mental health activity demand Detailed planning is underway to identify and understand the predicted demand and to map capacity accordingly. The Board and its committees are considering the information available through activity and forecasting reports.
Workforce risks

The Trust’s 2020-2025 People Plan is reviewed annually against national, regional and local drivers for its continued relevance, and in conjunction with organisational risks, and the annual priorities are set. Workforce priorities which relate to mitigating workforce risks include:

  • Recruitment plans
  • Attraction Strategy
  • Recruitment Systems and Automation
  • Retention Programme
  • International Recruitment and Registered Degree Nurse Apprenticeship
  • Health Care Support Workers Recruitment
  • Community Transformation
  • New Roles

The Trust has workforce key performance indicators in place which are presented to the Board in the Integrated Performance Report and additional pipeline reports to enable progress to be monitored.

 

The workplan has key measurements against each priority to ensure the Trust is able to monitor if progress is on track and to escalate concerns and issues where necessary.

Privacy and dignity, and dormitory accommodation

The Board is aware of the limitations imposed by much of the estate.  The delivery of the estates strategy will minimise the impact of medium and long-term estates issues.

Each inpatient unit has been reviewed using the NHS England same-sex accommodation toolkit and improvements made as far as is possible in the existing estate.

During the year the Trust has invested over £25m on replacing 2 dormitory acute impatient wards in Lincoln. The 2 replacement wards open to patients in June 23.

Service design options linked to community care provision wider ICS requirements are also being pursued for services.

Construction is being completed on two wards in Lincoln.

The final business case for funding the Boston acute dormitory ward scheme is being completed in preparation building to start on site during 2023/24

Practices on the single remaining dormitory ward are kept under review to maximise the privacy and dignity afforded to patients and their carers

Information and data

The Trust has invested in and installed Office 365.

The Trust continues to roll out a new Electronic Prescribing system across inpatient and community services.

The Trust has put in place Information Governance and Cyber security audits and testing and is investing in training and software to reduce the risk.

Working alongside system partners the Trust has agreed information sharing agreements to continue to link patient data through the development of the Lincolnshire care portal

The Board receives, scrutinises and approves business cases for IT developments. 

The Trust is continuing to develop data quality benchmarking on future performance reports.

More informed understanding of patient care needs.

Integrated Care System (ICS)

Operating in a challenging community

The Trust is actively contributing resources into the development of the system.

The Board is ensuring that the Trust’s Strategies and Forward Plans are aligned to the single system plan.

 The Board receives regular reports on the progress of the ICS, considers all of the plans and contributes to their development and approval.

Care Quality Commission

In November and December 2018, the Care Quality Commission inspected four of the Trust’s core services and conducted a well-led review.  The overall rating of the Trust remained Good, with a significant number of key lines of enquiry in each of the core services improving from Requires Improvement to Good.  The provision of safe services in every core service was rated as Good.  The Trust achieved an overall Outstanding rating for “well-led”. The Board of Directors approved and oversaw the completion of an action plan to address areas that were identified for further improvement.  

The Care Quality Commission was very positive about the continuing strengthening of a positive culture and leadership within the Trust.  The evidence of significant, consecutive improvement from the last six years’ staff surveys supported this observation.

The Care Quality Commission returned in March 2020 to carry out the inspection of one core service to be followed by a well-led review.  The core inspection of inpatient rehabilitation services occurred but, due to the Covid-19 pandemic, the well-led review was cancelled.  The Trust received the report on the core service visit in June 2020.  An action plan was produced, and its implementation was overseen by the Quality Committee of the Board.

The foundation trust is fully compliant with the registration requirements of the Care Quality Commission.

The foundation trust has published on its website an up-to-date register of interests, including gifts and hospitality, for decision-making staff (as defined by the trust with reference to the guidance) within the past twelve months as required by the ‘Managing Conflicts of Interest in the NHS’ guidance.

As an employer with staff entitled to membership of the NHS Pension Scheme, control measures are in place to ensure all employer obligations contained within the Scheme regulations are complied with. This includes ensuring that deductions from salary, employer’s contributions and payments into the Scheme are in accordance with the Scheme rules, and that member Pension Scheme records are accurately updated in accordance with the timescales detailed in the Regulations.

Control measures are in place to ensure that all the organisation’s obligations under equality, diversity and human rights legislation are complied with.

The foundation trust has undertaken risk assessments and has plans in place which take account of the ‘Delivering a Net Zero Health Service’ report under the Greener NHS programme.  The Trust ensures that its obligations under the Climate Change Act and the Adaptation Reporting requirements are complied with.

Review of economy, efficiency and effectiveness of the use of resources 

The Trust uses a range of key performance indicators (KPIs), which include non-financial measures, to manage its day-to-day business.  This approach helps to provide a comprehensive and balanced view of performance.  (More information about KPIs can be found in our Quality Report which will be separately published on the Trust’s website).

The Trust has in place a forward planning process that ensures the appropriate planning of services with commissioners and other key stakeholders prior to submission of effective and agreed forward plans to NHS England.

A robust Cost Improvement Programme and Quality Impact Assessment process involving commissioners and service user representation is in place.

During the year the Board of Directors has received regular integrated performance reports providing information on the economy, efficiency and effectiveness of the use of resources. 

Internal Audit has reviewed the systems and processes in place during the year and published reports detailing the required actions within specific areas to ensure economy, efficiency, and effectiveness of the use of resources is maintained.  The internal audit reports provide an assessment of assurance in these areas.  The Head of Internal Audit Opinion is included below.

Information Governance

The Trust commissions its Internal Audit Service Provider, Grant Thornton, to undertake annual audits of the evidence collated for its yearly online submission of evidence for the Data Security and Protection Toolkit (DSPT).

The DSPT is an online tool that enables organisations to measure their performance against data security and information governance requirements which reflect legal rules and Department of Health policy.

The toolkit provides a framework for assuring that organisations that have access to NHS patient information are implementing the 10 Data Security Standards clustered under three leadership obligations to meet their statutory obligations on data protection and data security.

  • Leadership Obligation 1: People: Ensure staff are equipped to handle information respectfully and safely, according to the Caldicott Principles.
  • Leadership Obligation 2: Process: Ensure the organisation proactively prevents data security breaches and responds appropriately to incidents or near misses, and
  • Leadership Obligation 3: Technology: Ensure technology is secure and up-to-date.

These 10 Data Security Standards also incorporate evidence of compliance with General Data Protection Regulation (GDPR) and Data Protection Act 2018 requirements.

The Trust has achieved ‘Significant Assurance with some improvement required’ and a rating of low risk in the audit report from its internal auditors Grant Thornton for this year’s audit of the 2022/23 Data Security and Protection Toolkit (DSPT) evidence.  There are three toolkit standards which require additional evidence to be provided and these will be completed before final submission date of 30 June 2023 and assured through to Trust Board. 

In 2020, in recognition of the effect the Covid-19 pandemic was having on services, NHS Digital delayed the final submission of evidence for the annual Data Security and Protection Toolkit, and this has remained the situation with submission now set and likely to remain at 30 June annually.

All NHS Foundation Trusts must report any serious incidents of data security and data protection breaches on the DSPT and also in their respective annual reports. These incidents are classified in guidance provided by NHS Digital on Data Security and Protection Incidents.  Incidents of the Security of Network & Information Systems Regulations 2018 (NIS Regulations) breaches must also be reported on the DSPT.  There have been no serious information governance breaches which have required reporting through the online data security protection toolkit during the last 12 months. 

Data quality and governance

 

The Director of Finance and Information has overall responsibility for Information Governance (IG), Data Security, and Data Protection compliance in his capacity as Senior Information Risk Owner (SIRO). The Medical Director is the Caldicott Guardian, the senior member of Trust staff responsible for protecting the confidentiality of patient information and enabling appropriate and lawful patient information sharing.

The Board has been assured by the SIRO, in the bi-annual SIRO Reports, that effective arrangements are in place to manage and control risks to information and data security.

The Trust continuously reviews its systems and procedures for the confidentiality, integrity and security of personal and confidential data. As a result of investigations into incidents, and reviews of Information Governance, Cyber Security, Data Security and Records Incidents by Information Governance and Records Management Group (IG & RM Group), measures are taken to ensure the procedures and policies on Information Governance and Data Security are updated to enable compliance.

The Trust has systems and processes in place to govern access to confidential data and to ensure guidance and standards are followed when staff are using or accessing confidential data. Any new system or process is required to meet these standards as does any hardware (eg, computers and technology devices or software). All system developments whether new or existing need to follow a process and have a data protection impact assessment undertaken and be signed off by the Data Protection Officer and SIRO to ensure they meet the required criteria, and that hardware and software are compatible.

The Trust monitors its IG and data security risks through the IG & RM Group. Incidents and risks are managed in accordance with Trust policy and serious IG, records and data security risks are escalated through either the Information Management and Technology (IM&T) Committee or more urgent ones through the Executive Team, Board of Directors, and on to NHS England, The Department of Health and Social Care, the National Cyber Security Centre and the CQC, plus the Information Commissioner’s Office (ICO) as required.

Well-led framework

 

The Well-led framework distils the favourable characteristics required to ensure the provision of quality services. These encompass the governance arrangements covering:

  • leadership capacity and capability;
  • clear vision and credible strategy;
  • culture of high quality care;
  • clear responsibilities, roles and systems of accountability;
  • clear and effective processes for managing risks, issues and performance;
  • robust and appropriate information effectively processed and challenged;
  • people using services, the public, staff and partners are engaged and involved;
  • robust systems and processes for learning, continuous improvement and innovation.

The last formal Well-led was undertaken by the CQC in 2017, following which the Trust received a rating of ‘outstanding’. 

The Trust commenced an internal evaluation of its Board and organisational governance using the Well-led framework in January 2023, and an external review will commence during the 2023/24 financial year.

Review of effectiveness

As Accounting Officer, I have responsibility for reviewing the effectiveness of the system of internal control. My review of the effectiveness of the system of internal control is informed by the work of the internal auditors, clinical audit and the executive managers and clinical leads within the NHS foundation trust who have responsibility for the development and maintenance of the internal control framework. I have drawn on performance information available to me. My review is also informed by comments made by the external auditors in their management letter and other reports. I have been advised on the implications of the result of my review of the effectiveness of the system of internal control by the Board, the Audit Committee and the Quality Committee, and a plan to address weaknesses and ensure continuous improvement of the system is in place.

The Head of Internal Audit provides me with an opinion on the overall arrangements for gaining assurance.  The head of internal audit opinion for 1 April 2022 to 31 March 2023 is as follows:

“ My overall opinion for the period 1 April 2022 to 31 March 2023 is that based on the scope of reviews undertaken and the sample tests completed during the period, Partial assurance with improvement required can be given on the overall adequacy and effectiveness of the organisation’s framework of governance, risk management and control.

In issuing this opinion, I have taken into consideration a number of factors, including:

The range of individual opinions arising from risk-based audit assignments reported throughout the year.

Ten internal audit reviews have been completed in 2022/23, of which:

  • Two reports were issued with Significant assurance with some improvement required,
  • Six reports were issued Partial assurance with improvement required, and
  • Two follow up reports were issued with outstanding medium risk actions that had not been fully implemented.

My opinAudit triangle, including Risk Management, Internal Control, Governance - with Implementation of agreed audit actions in centreion for the period 1 April 2022 to 31 March 2023 is as follows:

 

In March 2023, in line with the internal audit charter, the Trust raised a potential compliance breach with our internal audit provider, which related to a salary overpayment impacting one member of staff. A review was undertaken by internal audit which concluded that this was not a system failure, but a lapse in human controls. The internal audit report concluded that the Trust took immediate action; fully identifying how the error arose and implementing further controls to strengthen the control environment and mitigate the risk of further occurrence.

Of the three risks explored by internal audit, two received a rating of significant assurance with no recommendations, and the third identified inadequate or ineffective controls over the progressing of payroll data for new starters, leavers and amendments, and received a partial assurance rating with one high level improvement recommendation. The report has been reviewed by the Trust Audit Committee.

The Head of Internal Audit opinion reflects the improvements which are required to be made by the organisation in both embedding risk management and implementing and sustaining a robust Board Assurance Framework assurance process through the Executive Team meeting, which, in my capacity as Chief Executive, I chair.

All the reports have been presented to the Audit Committee, and those reports which have received partial assurance have been highlighted to the Board. The Board is committed to improving the Trust’s internal audit process, which includes monitoring of actions and greater oversight of implementation of actions by the relevant Committees.

Management action plans from 2021/22 audits were completed during 2022/23, and management action plans for 2022/23 are progressing within the agreed timeframes, however there are a number of internal audit actions which have not been fully implemented and these are being reviewed by the Executive Team.

A quarterly compliance report presented by the Audit Committee to the Board of Directors provided assurance that the Trust met the requirements of its licence conditions in 2022/23.

The Board of Directors has identified the strategic risks facing the organisation during the period and has monitored the controls in place and the assurances available to ensure that these risks are being appropriately managed.

The Audit Committee provides the Board of Directors with an independent and objective view of arrangements for internal control within the Trust and to ensure the internal audit service complies with mandatory auditing standards, including the review of all fundamental financial systems.

Information provided to the Audit Committee in reports from internal and external sources, and further work carried out by the Committee to gain assurance about the control environment, leads to the conclusion that there have been no major control issues during the year.

Conclusion

The Trust will continue to use the assurance framework to assure the Board of Directors and others that the Trust’s key controls to manage strategic risks are being assessed and improved continuously.  Where areas of concern are identified, action plans have been put in place to close the gaps in control or assurance.

The Trust has continued to take a robust approach to targeting Internal Audit into areas identified as being of potential concern and has identified weaknesses and established new controls to manage areas of concern.  Targeted approaches enable stronger controls to be implemented and assurance provided through additional internal control reports to the Audit Committee. 

The Trust’s continued approach to identifying risks, implementing mitigation plans, actively seeking gaps in control through audit and in delivering audit action plans provides the Board with assurance that there is an effective system of control in place. 

No significant internal control issues have been identified throughout the year.

Directors' statement of disclosures to the auditors

For each individual director, at the time that this report was approved:

  • So far as the director is aware, there is no relevant audit information of which Lincolnshire Partnership NHS Foundation Trust’s auditor is unaware, and
  • The director has taken all the steps that they ought to have taken as a director in order to make themselves aware of any relevant audit information and to establish that Lincolnshire Partnership NHS Foundation Trust’s auditor is aware of that information.

Use this link to return to Annual Report navigation page