Managing Notifications When Risk Assessments Are Not Updated After Incidents
Risk assessments fail when they stay the same after incidents show that risk has changed. Providers need clear incident-linked reporting controls so CQC notification duties are reviewed where outdated assessments contribute to harm, delay or serious risk.
Evidence must show that incidents led to review, revised controls and staff understanding. Strong providers use inspection-ready assurance records linking risk assessments, care notes, incident reviews, audits and governance action.
This article supports the wider CQC compliance knowledge hub for adult social care, where risk assessment must be dynamic, evidenced and accountable.
Why this matters
An incident should trigger a practical question: did the existing risk assessment still protect the person? If the answer is no, controls must change quickly.
Inspectors will expect providers to show how learning moved from incident review into care planning, staff practice and governance oversight.
A clear framework for post-incident risk review
Providers should review the incident, previous assessment, changed risk, immediate controls, revised plan, staff communication and outcome for the person.
The notification decision should link to incident records, risk assessments, duty of candour evidence, audits and Registered Manager review.
Operational example 1: Falls risk assessment not updated after repeated falls
Baseline issue: Falls were recorded, but risk assessments did not always change after repeat incidents. Improvement focused on fewer repeat falls, clearer controls, stronger audit evidence, feedback and staff practice checks.
Step 1: The senior staff member records the fall in the incident form, including location, injury, contributing factors and immediate action taken.
Step 2: The falls lead compares the incident with the current falls risk assessment and records gaps in the post-incident review note.
Step 3: The Registered Manager reviews repeat risk and reporting duties, recording notification and duty of candour rationale in the notification tracker.
Step 4: The care plan lead updates falls controls and records revised equipment, observation or support instructions in the care planning system.
Step 5: The deputy manager checks staff understanding and records practice observations in supervision notes and the falls governance file.
What can go wrong is that falls are reviewed individually without updating prevention controls. Early warning signs include repeated falls in similar circumstances, vague actions or unchanged care plans. Escalation moves to the Registered Manager and falls lead, with immediate control changes. Consistency is maintained through post-fall risk review prompts.
Governance audits repeat falls monthly against incident forms, risk assessments, care plans and notification decisions. The Registered Manager reviews trends, with provider oversight quarterly. Action is triggered by repeat falls, injury, unchanged controls or poor staff practice evidence.
Operational example 2: Behaviour risk assessment unchanged after escalation
Baseline issue: Behaviour incidents were debriefed, but risk assessments did not always reflect new triggers or prevention measures. Improvement focused on reduced escalation, stronger records, audit findings, feedback and staff confidence.
Step 1: The support worker records the behaviour incident in the incident form, including trigger, response, outcome and any injury or distress.
Step 2: The behaviour lead reviews the incident against the current risk assessment and records new triggers or gaps in the behaviour review log.
Step 3: The Registered Manager reviews harm, safeguarding and reporting duties, recording notification and candour rationale in the notification tracker.
Step 4: The care coordinator updates the behaviour risk assessment and records revised prevention strategies in the care plan and handover notes.
Step 5: The team leader observes staff using the revised approach and records findings in supervision and competency records.
What can go wrong is that staff learn informally but the formal assessment remains outdated. Early warning signs include repeated triggers, inconsistent responses or staff uncertainty. Escalation goes to the Registered Manager and behaviour lead, with revised prevention controls introduced. Consistency is maintained through debrief-to-risk-assessment checks.
Governance audits behaviour risk updates monthly against incident forms, debrief records, care plans and notification rationale. The Registered Manager reviews higher-risk cases. Action is triggered by repeated escalation, injury, restrictive response, missing debrief or unchanged assessment.
Operational example 3: Moving and handling assessment not revised after near miss
Baseline issue: Near misses were recorded, but moving and handling assessments were not always updated before harm occurred. Improvement focused on safer transfers, clearer equipment decisions, audit evidence, feedback and practice observation.
Step 1: The care worker records the near miss in the incident form, including transfer activity, equipment used, staff present and immediate safety action.
Step 2: The moving and handling lead reviews the current assessment and records whether equipment, staffing or technique remains suitable.
Step 3: The Registered Manager reviews serious risk and reporting duties, recording notification and duty of candour rationale in the notification tracker.
Step 4: The moving and handling lead updates the assessment and records revised transfer instructions in the care plan and equipment record.
Step 5: The deputy manager completes a transfer observation and records staff practice findings in competency and governance records.
What can go wrong is that near misses are treated as warnings but not converted into safer controls. Early warning signs include staff hesitation, equipment workarounds or repeated manual handling concerns. Escalation moves to the Registered Manager and moving and handling lead, with temporary restrictions if needed. Consistency is maintained through near-miss review.
Governance audits moving and handling near misses monthly against incident forms, assessments, equipment records and notification decisions. The moving and handling lead reports findings to the Registered Manager. Action is triggered by repeated near misses, unsafe technique, equipment mismatch or incomplete competency evidence.
Commissioner expectation
Commissioners expect risk assessments to change when incidents show that controls are no longer effective. They will want assurance that providers do not keep outdated plans in place after harm or near misses.
They also expect measurable improvement. Evidence may include fewer repeated incidents, faster assessment updates, clearer staff instructions, stronger audit scores and improved feedback from people and representatives.
Regulator and inspector expectation
Inspectors will compare incident forms, risk assessments, care plans, handover notes, supervision records and notification trackers. They will expect a clear line from incident learning to revised care controls.
They will also consider whether duty of candour was required where failure to update an assessment contributed to avoidable harm, distress or serious risk.
Conclusion
Risk assessments must be live documents that change when incidents reveal new information. Providers need to show what happened, what the existing assessment said, why controls were changed and whether CQC notification or duty of candour duties applied.
Good governance links incident forms, near-miss records, risk assessments, care plans, handover notes, audits, supervision records and notification trackers. This creates a clear evidence trail from event to learning and safer practice.
Outcomes are evidenced through fewer repeat incidents, faster updates, improved staff understanding, stronger audit findings and better feedback. Consistency is maintained through post-incident review prompts, debrief-to-assessment checks, near-miss review, Registered Manager oversight and provider-level sampling.
For commissioners and inspectors, strong risk assessment governance shows that the provider responds to evidence and updates care before the same risk causes further harm.