How Providers Identify Silent Risk in CQC Monitoring and Assurance

Silent risk is one of the hardest issues for providers to monitor. A service may show low incidents, few complaints and limited safeguarding concerns, but this does not always prove safety. It may also mean people and staff are not raising concerns.

Strong provider risk profile intelligence for silent risk helps leaders test whether low reporting reflects good care or weak visibility.

This must be supported by CQC evidence and assurance checks that compare records, feedback, audits and staff practice.

The wider CQC compliance and governance knowledge hub supports providers to identify hidden risk before external concern develops.

Why this matters

CQC and commissioners may question very low reporting if it does not match service complexity, people’s needs or workforce pressure. Low activity can be positive, but only when assurance proves concerns are being recognised.

Silent risk can hide missed care, poor culture, weak safeguarding awareness, low confidence or poor record quality.

Providers need to test silence, not simply celebrate it.

A clear framework for identifying silent risk

Providers should compare low reporting with care complexity, feedback, staff confidence, audit findings and observed practice.

Silent risk should be reviewed when a service has very few concerns despite high levels of need, staffing pressure or recent change.

Good governance asks whether the absence of evidence is genuine assurance or a sign that concerns are not being captured.

Operational example 1: Low incident reporting in a high-complexity service

Baseline issue: A high-complexity supported living service reported very few incidents, but people had changing behavioural and health needs. The measurable improvement target was evidence-based confirmation that low reporting was accurate, using care records, audits, feedback and staff practice.

Step 1: The provider quality lead compares incident numbers with service complexity, recent changes and support hours, then records the concern in the silent risk review log.

Step 2: The Registered Manager samples daily care records for unreported events, changes or near misses, and records findings in the care record assurance audit.

Step 3: The team leader asks staff about reporting confidence during supervision, identifies barriers or uncertainty, and records themes in the workforce feedback record.

Step 4: The deputy manager completes practice observations during busy support periods, checks whether staff recognise reportable events, and records findings on the observation form.

Step 5: The provider governance lead reviews the silent risk findings, decides whether reporting controls must change, and records assurance in governance minutes.

What can go wrong is that low incident reporting is accepted as proof of safety. Early warning signs include detailed daily notes describing concerns that are absent from incident logs. Escalation may involve reporting refresher training, manager review or provider audit. Consistency is maintained through silent risk sampling.

Governance audits check incident logs, daily notes, staff supervision themes and observation evidence. The provider governance lead reviews quarterly or sooner where complexity changes. Action is triggered by unreported events, staff uncertainty, low reporting in complex services or mismatch between records and incident data.

Operational example 2: Few complaints despite negative informal feedback

Baseline issue: A branch had almost no formal complaints, but informal feedback suggested communication and response concerns. The measurable improvement target was combined review of formal and informal experience intelligence, evidenced through feedback, audits, care records and staff practice.

Step 1: The engagement lead gathers informal feedback from calls, reviews and family comments, groups repeated concerns, and records them in the experience intelligence log.

Step 2: The complaints lead compares informal feedback with formal complaint records, checks whether concerns are being converted appropriately, and records findings in the complaints assurance note.

Step 3: The Registered Manager reviews the difference between informal and formal reporting, identifies access barriers, and records actions in the service improvement plan.

Step 4: The administrator updates complaint information for people and families, confirms routes are clear, and records the change in the communication procedure file.

Step 5: The provider quality lead reviews later feedback and complaint activity, checks whether reporting confidence improved, and records outcomes in governance minutes.

What can go wrong is that providers assume low complaints mean people are satisfied. Early warning signs include repeated informal concerns, families chasing updates or people not knowing how to complain. Escalation may involve direct engagement, advocacy input or commissioner discussion. Consistency is maintained through combined experience review.

Governance audits check informal feedback, complaint access, communication records and follow-up outcomes. The provider quality lead reviews monthly during improvement. Action is triggered by repeated informal concern, low formal reporting, poor complaint access evidence or unresolved experience themes.

Operational example 3: Low safeguarding alerts in a service with known vulnerabilities

Baseline issue: A service supporting people with communication difficulties had very few safeguarding alerts, raising concern that staff may not be recognising subtle indicators. The measurable improvement target was improved safeguarding recognition evidence, supported by care records, audits, feedback and staff practice.

Step 1: The safeguarding lead reviews safeguarding activity against service vulnerability indicators, identifies unusually low reporting, and records the finding in the provider safeguarding intelligence tracker.

Step 2: The Registered Manager reviews selected care records for possible missed safeguarding indicators, checks language used, and records findings in the safeguarding assurance audit.

Step 3: The safeguarding lead runs a focused staff discussion on subtle harm indicators, checks understanding, and records attendance in the learning log.

Step 4: The senior support worker observes staff interactions and recording practice, checks whether concerns are recognised, and records findings in the practice observation record.

Step 5: The provider safeguarding board reviews reporting activity after the intervention, checks whether recognition improved, and records assurance in safeguarding governance minutes.

What can go wrong is that safeguarding risk remains hidden because people cannot easily verbalise concerns. Early warning signs include vague wellbeing notes, changes in presentation or staff uncertainty. Escalation may involve safeguarding advice, advocacy support or provider-led review. Consistency is maintained through focused safeguarding intelligence review.

Governance audits check safeguarding activity, care record language, staff learning and observed practice. The provider safeguarding board reviews quarterly, with immediate review after concerns. Action is triggered by low alerts in high-vulnerability settings, missed indicators, staff uncertainty or poor recording quality.

Commissioner expectation

Commissioners expect providers to understand whether low reporting is genuine assurance or hidden risk. They may ask how the provider tests services with unusually few incidents, complaints or safeguarding concerns.

They will look for evidence that people and staff know how to raise concerns, and that intelligence is not dependent on formal reports only.

Strong assurance shows that the provider actively tests silence and acts where visibility is weak.

Regulator and inspector expectation

CQC inspectors may compare low reporting with care complexity, staff knowledge, people’s feedback and care records. They may ask whether staff understand what to report and whether people feel able to speak up.

If low reporting appears inconsistent with risk, inspectors may question whether systems are open and well-led.

The provider should evidence silent risk review, record sampling, staff confidence checks, feedback analysis and governance action.

Conclusion

Silent risk needs deliberate provider attention. Low numbers can be reassuring, but only when evidence shows that staff and people are confident, concerns are recognised and records support the position.

Outcomes are evidenced through care records, audits, feedback, incident logs, safeguarding records, staff supervision and observed practice. Improvement is shown when unreported concerns are identified, reporting routes become clearer and staff confidence improves.

Consistency is maintained through silent risk sampling, combined feedback review, safeguarding intelligence checks and provider governance challenge. Providers should test low reporting in services where complexity, vulnerability or change increases the need for visibility.

For CQC and commissioners, this demonstrates mature monitoring. It shows that the provider does not assume silence equals safety, but uses evidence to confirm whether risk is genuinely controlled.

Latest from the knowledge hub

⬅️ Return to Knowledge Hub Index