Risk Management and Positive Risk-Taking Under CQC Quality Statements

Risk management under the CQC Quality Statements is no longer judged solely on the presence of risk assessments. Inspectors increasingly focus on how providers balance safety with independence, ensuring that people are supported to take positive risks while remaining protected from harm. Overly restrictive practice can be as problematic as unmanaged risk.

This article explains how providers can evidence effective risk management within the CQC Quality Statements framework. It should be read alongside CQC registration and provider readiness, where safe care and treatment and risk processes are assessed.

Understanding positive risk-taking

Positive risk-taking involves enabling individuals to make choices and pursue goals, even where there is some level of risk. This requires careful assessment, planning and review.

Providers must demonstrate that risks are managed, not avoided.

This area sits within a wider set of CQC priorities covering inspection readiness, governance and compliance. These are brought together in our CQC inspection readiness and governance hub for adult social care.

Commissioner expectation: risk supports independence

Expectation 1: Risk management promotes outcomes. Commissioners expect providers to show that risk decisions enable independence and participation, rather than restrict activity unnecessarily.

Regulator expectation: risk is proportionate and reviewed

Expectation 2: Risk is balanced and dynamic. Inspectors look for evidence that risk assessments are updated, reflect current circumstances and are not overly restrictive.

Designing effective risk assessments

Risk assessments should be:

  • Person-centred and specific
  • Proportionate to the level of risk
  • Regularly reviewed and updated

They should clearly describe both risks and enabling strategies.

Operational example 1: Enabling community access safely

A supported living service supported an individual who wanted to travel independently despite a history of falls. Rather than restricting access, the provider developed a detailed risk plan including:

  • Use of mobility aids
  • Gradual exposure to routes
  • Check-in systems

Over time, the individual gained confidence and independence. This demonstrated positive risk-taking aligned with outcomes.

Embedding risk management in daily practice

Risk management must be understood and applied by staff. This includes:

  • Clear communication of risk plans
  • Staff training and supervision
  • Regular review of incidents

This ensures consistency and safety.

Operational example 2: Responding to incidents proportionately

Following a medication error, a provider reviewed risk processes. Instead of introducing restrictive controls across all services, they implemented targeted changes, including refresher training and improved checks.

This avoided unnecessary restriction while addressing the specific risk.

Reviewing and updating risk assessments

Risk assessments must be dynamic. Providers should review them following:

  • Incidents or near misses
  • Changes in health or circumstances
  • Feedback from individuals or staff

This ensures ongoing relevance.

Operational example 3: Dynamic risk review after deterioration

A domiciliary care service supported an individual whose mobility declined. The provider completed a review, updating risk assessments and adjusting support delivery.

Follow-up monitoring confirmed reduced incidents and improved safety, demonstrating responsive risk management.

Governance and oversight of risk

Providers should ensure risk is monitored through:

  • Incident reporting and analysis
  • Audit of risk assessments
  • Management oversight and escalation processes

This supports accountability and improvement.

Balancing safeguarding and autonomy

Risk management must align with safeguarding principles while respecting autonomy. Providers should demonstrate that safeguarding actions are proportionate and person centred.

This balance is critical for inspection outcomes.

Avoiding common risk management failures

Common issues include:

  • Overly restrictive practices
  • Outdated risk assessments
  • Inconsistent staff understanding

Addressing these gaps strengthens both safety and quality.

From risk avoidance to risk enablement

Under the CQC Quality Statements, effective risk management enables individuals to live meaningful lives while remaining safe. Providers that demonstrate balanced, dynamic and person-centred risk approaches are best placed to meet regulatory expectations and deliver high-quality care.

Latest from the knowledge hub

⬅️ Return to Knowledge Hub Index