Skip to content Skip to footer

Loading Results

Managing risk in health

Since our last risk profile publication, the NHS has continued to battle the challenges presented by the Covid-19 pandemic. The pandemic is continuing to put significant pressure on the NHS and our analysis is showing that this is resulting in a number of significant risks for the sector. The last 12 months has also seen regulatory and structural changes within the NHS, most notably the establishment of Integrated Care Systems (ICS’s). ICSs are requiring NHS organisations to work more closely amongst themselves, local authorities and third sector bodies.

We reviewed the BAF’s of 50 NHS trusts to develop this analysis. For each trust, we reviewed all the risks in each BAF and categorised them in a number of ways.

Top 10 sector risks

We analysed all the risks in the BAFs and identified the top 10.

Patient Care
Financial performance
IT infrastructure
Estates infrastructure
Regulatory action
Sustainable services
Strategic Objectives

Understanding the risk

Patient care

Unsurprisingly patient care continues to be the top risk we are seeing on NHS trusts BAF’s. The impact of Covid-19, both on patient demand and the NHS workforce, is putting huge pressure on NHS services, which in turn is impacting patient care.

NHS England/ Improvement is expecting waiting lists to continue to grow until 2025 as the NHS works through the backlog caused by the pandemic. The pressure and disruption to NHS services outside of hospitals is also resulting in increased demand within hospitals. Data from NHS England has shown that at the end of 2021 up to 10,500 patients a day were waiting to be discharged from hospitals but couldn’t be due to pressures on
other services.

Effective partnerships and collaborative working between NHS bodies and wider public services is vital in the long run to reduce demand on front line NHS services. However, as we detail below, there are a number of risks around partnership working, which ranks sixth in our report this year.
Trusts also need to consider covid pathways and how long they are applicable. In the recent omicron wave the number of patients admitted for something else and then subsequently tested positive for Covid-19 were between 30-40% of patients. The requirement for Covid-19 pathways is therefore delaying treatment for other health issues and increasing waiting lists.

Financial performance

Financial performance has moved from the third highest risk in our 2020/21 publication to second this year. Despite increased funding for the NHS since the pandemic started, long term financial sustainability is still seen as a key risk for the sector. Looking at some of the other top ten risks we have identified this year it can be seen why this is the case.

A number of risks, such as increased patient demand, workforce, estates, and IT all require significant funding in order to address the risk. Workforce costs account for around 70% of the NHS’s budget, but with significant staff vacancies across the NHS additional costs are going to be incurred by NHS trusts if they are going to manage to successfully fill these vacancies. NHS Trusts still operate a number of ageing IT systems, along with being reliant on paper records in a number of areas. To address these risks, and benefit from the long-term efficiencies, significant investment in IT and digitalisation is required. Estates and utilities costs are also increasing, with NHS Digital reporting as part of the 2020/21 Estates Return Information Collection (ERIC) that estate costs had increased 4.8% to £10.2bn annually.

Our analysis is showing that to continue delivering patient services to the required standard, along with investing in the long-term in order to achieve the NHS long term plan, NHS trust’s view hitting their control totals as a significant risk.


As we noted in our 2020/21 risk paper the NHS had been battling high staff vacancy levels for a number of years prior to the Covid-19 pandemic commencing. Two years into the pandemic and a third wave of Covid-19 infections, the Royal College of Nursing has cited the risk to staff burnout. NHS Trusts have had to declare critical incidents, with the army called in to support in some areas, due to staffing shortages coupled with increased demand.

From our analysis of BAF’s this year we are seeing a number of Trusts flag the risks around leadership, staff retention and training. The Chairman of the Health and Social Care Committee Jeremy Hunt MP has flagged the risk from the increased number of NHS staff retiring early due to the current stress and pressure they are under. Staff retiring early are often in the most senior positions within an NHS trust and this, therefore, has a knock-on impact in terms of leadership. NHS trusts are flagging their concerns around whether they have the leadership resources to achieve their strategic objectives. As new leaders emerge within the NHS, it is also important that they receive the right training and development to be successful in their roles. Due to the current pressures on the NHS, it is unsurprising that trusts are flagging their concerns around delivering training to staff.

Underpinning all of this is the culture of NHS trusts. Trusts are wanting to establish and maintain cultures which promote flexibility, wellbeing, and career development amongst a diverse and inclusive workforce. The current challenges facing the NHS, however, is putting this at risk.

IT Infrastructure

IT infrastructure has increased from sixth in our 2020/21 report to fourth this year. From our analysis there are two key factors driving this increased risk; firstly, the increased cyber security threat which has materialised in a number of sectors since the pandemic started and secondly the transformation of IT services that needs to take place in order for NHS trusts to meet their future strategic ambitions.

The cyber security risk has increased dramatically since the start of the covid-19 pandemic, with the National Cyber Security Centre (NCSC) reporting it has dealt with a record number of incidents in 2021, 20% of which related to organisations in the healthcare sector. The NCSC has highlighted ransomware, which is where criminal gangs take control of an organisations systems in order to extort it, as a growing challenge.

Trusts are also needing to invest in their IT infrastructure in order to achieve their long-term strategies, including as part of partnership working (see risk five). The future of health services is going to be reliant on technology and IT systems, with the NHS Long Term plan citing the need for digitally enabled primary and outpatient care to improve both quality and reduce demand on front line services.


In the last twelve months we have seen the establishment of ICS’s, which are designed to integrate care between hospital and community-based services, health and social care and mental health. Therefore, ICS’s are going to depend on collaboration between organisations, moving away from decades of autonomy and competition. This will poses challenges at a governance level, with Management Information (MI) being key to driving the decision-making process. However, getting accurate data at an ICS level will be difficult, especially because many organisations are using different and ageing systems.

There are great benefits to NHS organisations by working more closely together. For example, in Surrey the ICS worked with provider organisations in Guildford and Waverly to identify almost 3,000 patients who were aged over 65 and on four or more elective waiting or follow-up lists. This enabled organisations in the ICS to reduce waiting lists and streamline patient care. This demonstrates how successful co-ordinated care has the ability to alleviate one of the NHS’s current biggest challenges, waiting lists.

Nevertheless, if potential challenges in collaboration and partnership working are not overcome this could exacerbate the problems many NHS trusts are experiencing in terms of waiting lists. For example, the Centre for Policy Studies (CPS) announced the results of its review into 13 pilot integration areas and found that delayed transfers of care has increased by an average of 24% between 2016 and 2020.

Estates Infrastructure

The challenges around estates continue to be a by-product of both financial challenges and the impact of Covid-19. NHS Digital reporting as part of the 2020/21 ERIC return has shown that backlog maintenance costs, which are a measure of how much money would be needed to restore a building to a certain state, based on a standard risk criterion, has increased by 2.2% on the prior year to £9.2bn.

Our analysis is showing that trusts continue to be concerned about their ageing estates, the costs involved in updating them and the ability to perform work in the current Covid environment.

The current status of NHS trusts estates is interlinked with the patient care risk discussed at the start of this section. Around half of the backlog in estates maintenance is for issues which present a high or significant risk to patients and staff. While the impact of Covid continues to be felt by NHS trusts this figure is likely to grow. Ageing estates and an inability to carry out work on a timely basis is increasing the risk to health and safety within trusts.

Adding to the complexity of estates backlogs is PFI schemes, with trusts reliant on their PFI providers. NHS trusts should continue to engage with their PFI providers to ensure they are meeting their requirements in terms of estates investment.

How we can help

We are working with NHS organisations across the whole sector to help them identify and deal with their risk. The sector is becoming more complex and more connected. Our team is at the forefront of this change and is ready to transform how you perceive and manage risk.

Get in touch if you’d like to discuss this further.

Contact us

Karen Finlayson

Karen Finlayson

Risk Assurance Partner and Regional Lead for Government, PwC United Kingdom

Tel: +44 (0)7881 805552

Follow us