Skip to main content

This is the third in a series of blogs on governance and the benefits of mechanised assurance. The content is taken from a Good Governance Institute whitepaper, developed with Allocate with contributions from NHS colleagues.  

It appears that, whatever system is used, assurance is often a tricky concept to pinpoint with the UK NHS, and the impact it can bring undervalued. In a survey of those involved in the assurance process in NHS organisations, 45% of respondents said that it is either somewhat difficult, or very difficult, to describe the value of assurance within the NHS:

Q: How difficult do you find it to describe the value of assurance within the NHS?

One respondent commented that ‘[it is] dependent on people’s understanding of assurance, and also how much they want to invest into it’, while another commented that assurance is often seen as simply compliance and monitoring via the CQC and other external agencies, reflecting a wider view that assurance is often just about ‘keeping the regulators happy’. Assurance should not be for the regulators, but for the board on behalf of the public it serves.

While it is true that assurance needs to be able to ensure that a hospital is performing in line with national standards and regulatory requirements, to avoid failings such as those at Mid-Staffordshire NHS Foundation Trust being repeated, we would argue that assurance has a role beyond this. An assurance system should also play a role in enabling continuous improvement in quality and safety, and supporting a hospital in going further than simply meeting the regulators’ standards. In this case, too much of a focus on assurance as compliance could be dangerous. It could be argued that a focus mainly on passing inspections from the regulator is expensive, distracting and both disincentivises and demoralises staff, while acting as a barrier to instilling a genuine positive culture of quality improvement.

“Assurance is not primarily about defence but rather about having an adequate and effective control environment and strengthening the integrity of reports for better decision-making.”

Q: Do you feel more or less ‘regulator’ focus makes assurance simpler?


Q: Do you agree that there is more focus on preparing to be inspected than creating a culture of quality through assurance?

“Any regulation should be effective and light touch… NHS culture should be learning, supportive, and {focused on} accountability

The NHS needs to support locally as to how to transform and board members must be trained how to hold executive directors to account for quality and safety”

Moving forward, there may be a strong case to reduce the burden on boards of meeting particular performance targets, and the current culture of removing leaders who are not perceived to be performing adequately, and instead support organisations to improve performance and quality in a more meaningful manner. The assurance of quality should be a fundamental part of quality management, providing the ‘first generation’ of quality management process.

Read Denmark: a case study in the full version of the whitepaper

Questions and issues in assurance

In our interviews, a number of themes, questions, and issues, were consistently revisited. These are outlined below.


  • Should assurance systems be integrated within organisations? Is there value in having one assurance system?
  • Should assurance systems be integrated between organisations? How will assurance look in STPs?
  • How can we ensure that assurance is forward looking and that we have assurance that risks to future performance are covered?
  • How can we ensure that we are using data as effectively as possible?

As we progress with integration, there are a number of issues to confront. For example, already there is a lack of central guidance and some confusion by government agencies and regulators on whose role assurance really is. These issues need to be understood and resolved before we move on to a new, trickier issue: the need for assurance when decisions and services are organised on a multi-agency basis, especially with the currently loose structure of STPs and Integrated Care Systems (ICSs).


  • Ensuring that the assurance process is reliable in order to release management and board capacity to deal with other issues
  • Subsidiarity: ensuring that decisions are made at the appropriate level
  • Ensuring staff buy-in and engagement in the assurance process
  • Boundary issues within STPs (and beyond)
  • Population issues: providers are accountable for the residents in their patch even when they are treated elsewhere
  • Gaining assurance on the quality of locum and visiting doctors
  • Gaining assurance on the use and governance of research data
  • Gaining assurance on the quality and safety of clinical trials

Mechanising assurance: a definition
A mechanised assurance process could be described as one that is in real time, automated and online, providing a framework for managing, monitoring and reporting on regulatory and compliance regimes, quality standards, business objectives, plans and risks. It would also incorporate external information, including national frameworks and standards, policy updates and national alerts.

A mechanised assurance system could help to ensure the organisation has a ward to board link, ensuring a visible trail of data in one place and a ‘single version of the truth’, while providing a clearer line of communication and accountability through all levels of the organisation. A board that has an accurate and evidence-based insight into what is going on at all levels of the organisation is likely to be a board that is able to comprehend gaps in performance, where they exist, and ensure that steps are taken to mitigate the risk surrounding this. Demonstrating evidence externally could also become simpler through mechanising assurance. Find out about Allocate’s mechanised assurance system HealthAssure

How can we address these challenges?

In order for a board to succeed, it needs to have systems in place that are fit for purpose. Healthcare is a particularly complex sector, with boards being responsible for a range of compliances, and so individual systems are often in place that require investment of time and energy, but this is often compartmentalised.

As the NHS becomes more digitised, there is a case to make assurance more streamlined and efficient through mechanisation and automation. The use of a mechanised assurance system could assist with the development of ‘right touch governance’ by helping to clarify the roles of management, the governance team, the board and the regulators. Benefits of this approach could potentially include:

Each stakeholder has the relevant view allowing them to focus on what is important to them

The organisation thinks in terms of its objectives, obligations and commitments based on its governance framework, while compliance with regulatory standards is a byproduct 

Evidence and assurance for the compliance frameworks is a by-product of the management process

There is a significant reduction in duplication

It is easier to spot gaps in accountability i.e. which criteria are not covered

It is easier to spot gaps in assurance and compliance

Outputs that have no corresponding relevance to compliance can be identified

Managers are able to understand where their own responsibilities affect standards 

Board assurance can be enhanced by making it directly relevant to the organisational structure, governance framework and corporate objectives

Ward data is presented in a format that aids triangulation and allows the board to spot early warning signs rather than discrete messages that do not trigger concerns in themselves

The assurance system will become valued as an integral element of the organisation’s quality management system

Mechanised assurance can provide greater efficiency and correlation between different divisions and departments. With more traditional systems, there can often be inconsistency between divisions, with little or no centrally prescribed framework. It has been pointed out that ‘this means that frequently there is no standard reporting template, common currency or language, or approach, which makes the task of implementing a coherent set of metrics, appropriately stratified at each level which cogently builds up through the organisation through to the board, extremely challenging.’29 An assurance system that standardises the process between divisions and facilitates staff involvement should support the concept of subsidiarity, which pushes down control and responsibility as ‘near to the coalface as possible’,30 helping to create appropriate accountabilities at different levels. Establishing this principle will be essential when we move onto inter-organisational assurance.

In the Royal Wolverhampton case study, we consider how mechanised assurance has been implemented in order to standardise the approach to assurance throughout the organisation and improve the quality and efficiency of data going to board and committee level. Read case study: Royal Wolverhampton NHS Trust

Using data intelligently

As digital health becomes a more prominent feature in the agendas of healthcare organisations, the amount of data is increasing enormously and putting extra pressure on assurance systems. It was estimated in 2014 that the volume of global health care data in 2013 was 153 exabytes. To put this into perspective, an exabyte is one billion gigabytes, and all the words ever spoken by humans equals five exabytes. The report projected an annual growth rate of 48%. Clearly, this is something that NHS organisations and their boards will need to be increasingly alive to. However, the NHS has often been criticised for not using its large amount of data intelligently. For example, Professor Derek Bell, President of the Royal College of Physicians, Edinburgh, says:

“The NHS is data rich but information poor. This applies across the system, particularly in relation to the presentation of information to NHS boards. There is a need for ‘live data’ presented in the correct way to facilitate informed and prioritised decisions focused on both clinical quality and financial challenges. This is also to inform the day to day operational management and strategic planning.”

Q: In the NHS there is an abundance of data – do you feel that we are ‘data rich’ or overloaded with data and KPIs?

The collection and use of data is vital for assurance, providing a live picture of the organisation’s performance and where there may be issues. However, in addition to the challenge of using this abundance of data intelligently, the majority of interviewees we spoke to criticised the amount of data and information required by the national bodies and questioned how useful and relevant this data actually is. One interviewee told us:

“We need to ensure we’re collecting the right information, it should be about first class patient care and minimising harm.”

Another said that while they perceive there is a better confidence in the NHS in the quality of data, there is greater anxiety about how that data is presented and then used in decision making. They pointed out that if out of date, inaccurate or misleading data is presented to the board, this can adversely affect decision making, which could then have a negative impact on quality and performance.

Research by the King’s Fund has shown that non-executive directors ‘need to work hard to assure themselves on quality.’ While observing various organisations, researchers noticed the following:

“Where non-executives received good-quality data, they were more likely to be instrumental in making the links between different aspects of the business and clinical quality, and in specifying the type of data they needed in order to assure the quality of clinical care.”

As NHS organisations continue to grapple with the challenge of data quality over the coming years, they may need to consider how mechanising systems and processes can make their use of data more efficient and intelligent, and assurance may be a good place to start. As one interviewee put it:

“the more you have one version of the truth that everyone has confidence in, people are freed up to tackle performance problems rather than re-working the data”

Another interviewee stated that improving performance is not always about doing things differently, but sometimes about having a better understanding about what is currently going on. With this in mind, ensuring that data is in real time and accurate is an important detail to have in place.

To ensure that data is being used intelligently in this way, it will be beneficial to implement mechanised assurance systems in order to improve the use of data, and ensure that it is higher quality, up to date and accurate. This can help improve board awareness of the organisation’s performance and lead to better, evidence-based decision making. An NHS organisation that has been doing this well to support improvements is the University Hospitals of Morecambe Bay NHS Foundation Trust. Read the full case study.

Request the full whitepaper or subscribe to the blog to receive an email notification when the next excerpt is published.