How Providers Identify Assurance Gaps in CQC Risk Profiles

Assurance gaps occur when a provider does not have enough evidence to support a risk judgement. The risk may be rated, discussed and reported, but the evidence may still be incomplete, old or untested.

Using provider risk profile intelligence to identify assurance gaps helps leaders see where confidence is weak before making decisions.

This depends on CQC evidence and assurance gap review, using care records, audits, feedback and staff practice to test whether the provider has enough proof.

The CQC compliance and governance knowledge hub supports providers to connect missing evidence with practical governance action.

Why this matters

CQC and commissioners may ask how the provider knows a risk is controlled. If the evidence is incomplete, the provider should not present the position as fully assured.

Assurance gaps do not always mean poor care. They mean the provider cannot yet prove the position reliably.

Identifying gaps early helps managers target checks before risk is understated or improvement is overstated.

A clear framework for assurance gap review

Providers should check whether each risk rating has current evidence, source records, validation, outcome measures and named review responsibility.

Where evidence is missing, the risk profile should show what is needed and by when.

Good governance records the gap, the action to fill it and the decision that cannot yet be made safely.

Operational example 1: Missing practice evidence in moving and handling assurance

Baseline issue: Moving and handling training records were complete, but there was little evidence that staff practice had been observed. The measurable improvement target was validated moving and handling assurance within six weeks, evidenced through care records, audits, feedback and staff practice.

Step 1: The learning lead reviews training compliance, identifies missing practice validation, and records the assurance gap in the workforce risk profile.

Step 2: The Registered Manager selects staff and people for observation, checks current moving and handling plans, and records the sample in the practice review log.

Step 3: The moving and handling trainer observes support being delivered, checks technique and equipment use, and records findings in the competency assessment form.

Step 4: The senior carer updates any care record where handling guidance is unclear, confirms the revised instruction, and records the update in the care planning system.

Step 5: The provider quality lead reviews observation and record evidence after six weeks, closes or extends the assurance gap, and records the decision in governance minutes.

What can go wrong is that training completion is mistaken for safe practice. Early warning signs include staff uncertainty, unclear plans or equipment not used as described. Escalation may involve trainer reassessment, restricted practice or immediate care plan review. Consistency is maintained through competency observation.

Governance audits check training records, competency forms, care plan clarity and follow-up actions. The provider quality lead reviews monthly during gap closure. Action is triggered by missing observation evidence, unsafe technique, unclear handling guidance or failed competency checks.

Operational example 2: Weak outcome evidence after safeguarding learning

Baseline issue: Safeguarding learning was shared after a concern, but the provider lacked evidence that practice had changed. The measurable improvement target was demonstrable safeguarding learning embedded within eight weeks, evidenced through safeguarding records, audits, feedback and staff practice.

Step 1: The safeguarding lead reviews the completed learning action, identifies missing outcome evidence, and records the assurance gap in the safeguarding oversight log.

Step 2: The team manager discusses the safeguarding learning in supervision, checks staff understanding, and records outcomes in supervision records.

Step 3: The Registered Manager reviews related care records, confirms whether new controls are reflected in plans, and records findings in the safeguarding assurance note.

Step 4: The provider safeguarding lead samples staff practice through scenario discussion, checks escalation understanding, and records findings in the safeguarding validation form.

Step 5: The safeguarding board reviews eight-week evidence, confirms whether learning is embedded, and records the outcome in safeguarding governance minutes.

What can go wrong is that safeguarding learning is recorded as complete after a briefing. Early warning signs include staff uncertainty, unchanged care plans or repeated low-level concerns. Escalation may involve further supervision, local authority advice or enhanced monitoring. Consistency is maintained through outcome-based learning checks.

Governance audits check safeguarding learning records, supervision evidence, care plan updates and validation findings. The safeguarding board reviews quarterly, or sooner for active concerns. Action is triggered by weak learning evidence, repeated concern, unclear escalation or unchanged practice.

Operational example 3: Incomplete feedback evidence after service improvement

Baseline issue: A service reported improved responsiveness, but the provider had not gathered enough feedback from people affected by earlier delays. The measurable improvement target was representative feedback evidence within one quarter, supported by care records, audits, feedback and staff practice.

Step 1: The engagement lead reviews the improvement claim, identifies low feedback coverage, and records the assurance gap in the experience intelligence tracker.

Step 2: The service manager identifies people affected by earlier response delays, confirms the contact sample, and records the plan in the engagement schedule.

Step 3: The key worker gathers feedback from selected people and representatives, checks whether responsiveness has improved, and records responses in the feedback system.

Step 4: The provider quality lead compares feedback with response records, checks whether evidence is consistent, and records findings in the assurance review note.

Step 5: The provider governance group reviews quarterly feedback coverage, confirms whether the gap is closed, and records the decision in governance minutes.

What can go wrong is that improvement is claimed without asking the people most affected. Early warning signs include low response rates, selective feedback or continued informal concern. Escalation may involve advocacy support, commissioner discussion or targeted engagement. Consistency is maintained through agreed feedback sampling.

Governance audits check feedback coverage, response records, engagement plans and outcome evidence. The provider governance group reviews quarterly. Action is triggered by insufficient feedback, conflicting evidence, repeated concern or unsupported improvement claims.

Commissioner expectation

Commissioners expect providers to be honest about what is known and what is not yet evidenced. They may ask whether a risk rating is fully assured or still subject to further checks.

They will look for evidence that assurance gaps are identified, tracked and closed.

Strong assurance gap review reassures commissioners that the provider does not overstate confidence when evidence is incomplete.

Regulator and inspector expectation

CQC inspectors may test whether governance decisions are supported by evidence. They may ask what evidence was missing and what the provider did to obtain it.

If gaps are hidden or ignored, inspectors may question the reliability of oversight.

The provider should evidence missing information, planned checks, validation, review dates, decisions and outcomes.

Conclusion

Assurance gaps should be visible in provider risk profiles. They help leaders understand where evidence is not yet strong enough to support a risk rating, closure decision or improvement claim.

Outcomes are evidenced through care records, audits, competency checks, safeguarding records, feedback, staff practice and governance minutes. Improvement is shown when moving and handling practice is validated, safeguarding learning is embedded and responsiveness claims are supported by feedback from people affected.

Consistency is maintained through gap logs, evidence requirements, named owners and governance review. Providers should treat assurance gaps as prompts for better evidence, not as failures to hide.

For CQC and commissioners, this demonstrates honest and disciplined governance. It shows that provider leaders know the difference between activity, assurance and proof.

Latest from the knowledge hub

⬅️ Return to Knowledge Hub Index