Risk Register & Clinical Safety
The CQC Safe key question carries the highest enforcement weight — 68% of Inadequate ratings include a Safe judgement below standard. Effective risk register management, clinical incident reporting and medication safety systems are non-negotiable. This guide covers the risk management framework, clinical safety protocols and audit checkpoints required for compliance in 2026.
Risk Register Management Framework
A dynamic risk register is the foundation of clinical safety. CQC expects providers to identify, assess, mitigate and monitor risks using a structured 5x5 matrix. Static risk registers that haven't been updated in 6+ months are a red flag at inspection.
Critical Audit Checkpoints
- Dynamic risk register updated at minimum monthly and after every serious incident
- Risk scoring: 5x5 likelihood × impact matrix with clear escalation thresholds
- Individual risk assessments: falls, skin integrity, nutrition, choking, self-harm, mobility
- Environmental risk assessments: fire, legionella, infection control, COSHH, sharps
- Risk register review at governance meetings with documented mitigations and owners
- Lessons learned: incidents feed back into risk register updates within 72 hours
Medication Safety & Clinical Incident Reporting
Medication errors account for 38% of all CQC enforcement actions in adult social care. Robust medication management systems, including auditing MAR charts, controlled drug registers and PRN protocols, are essential for Safe compliance.
Critical Audit Checkpoints
- Monthly MAR chart audits: signature accuracy, carried-forward counts, omission codes
- Controlled drug register: weekly balance checks, two-signature administration, destruction records
- PRN protocols: maximum doses, time intervals, effectiveness review documented
- Covert medication: best interest decision, GP/pharmacist involvement, review dates
- Incident reporting: Datix or equivalent system, root cause analysis for all medication errors
- Serious incident notifications to CQC within statutory timeframes
Frequently Asked Questions
What should a care home risk register include?
A care home risk register should include clinical risks (falls, medication, infection), environmental risks (fire, legionella), operational risks (staffing, business continuity), and individual resident risks. Each risk needs a 5x5 score, mitigations, owner and review date.
How often should medication audits be conducted?
Monthly medication audits are the minimum standard. High-risk services (nursing homes, services with controlled drugs) should conduct weekly spot checks in addition to monthly comprehensive audits. All medication errors must trigger immediate audit.
What incidents must be reported to CQC?
Deaths, serious injuries, abuse or allegations of abuse, events that prevent the service from being carried on safely, and Deprivation of Liberty Safeguards authorisations must be notified to CQC using the correct notification form within statutory timeframes.
Further Reading
Related Resources
Clinical Safety Audit Templates
Medication, infection control and clinical risk audit templates.
Get Started