A tiered framework for the communication of risk information is being established within NHS Grampian:

The information flow is bi-directional with the CRM, PL and CS reporting risks to the Chief Executive Team (CET), and the CET in turn reporting risks to the Board. The CET decides if the proposed mitigation plans for a risk reported to it are acceptable; if the risk is of sufficient concern, the CET may decide to oversee its management directly. The CET also carries out its own risk identification & management and reports to the Board. In turn, the Board may decide that a risk reported to it by the CET requires the Board’s direct involvement, but it also carries out its own risk identification and management activity. The NHS Grampian system is one of Enterprise Risk Management (ERM) with risk identified at various levels within the organisation but managed using similar tools & techniques.