Skip to main content


Risk assessment, risk management, and safeguarding are challenging topics in our field of neurorehabilitation. As professionals we have a duty of care to safeguard our clients from abuse, neglect, or harm that may be caused by others or their own behaviour. However, our client group may often lack insight into the risks of their own behaviour and that of others, leading to potential tension in the therapeutic relationship. We have therefore pulled together our experience and evidence from the literature to produce this process document to assist therapists to work through risk assessment and safeguarding in a manner that offers the greatest opportunity for complying with our ethical and legal duty to safeguard, whilst minimising potential deficit to the therapeutic relationship, and providing the best opportunity for the client to learn and gain insight from the process. This model is not new, it is available in different formats across the literature, but we have condensed that information into a user-friendly format for our client group, and combined it with ready-made forms that can be used as required to effectively document the risk assessment process.

The Enablement Based Risk Assessment process is an attempt to promote a consistent approach to risk assessment. We encourage you to share it widely within the teams you are working in, including staff outside of Totus. We hope that Case Managers and fee payers can come to expect a consistent level of professionalism and a predictable approach to risk assessment through this model, promoted by all Associates regardless of profession.

What do we mean by risk?

The Department of Health’s ‘Best Practice in Managing Risk’ 2009 document describes risk as ‘relating to the likelihood, imminence, and severity of a negative event occurring’. It is these three elements (likelihood, imminence, and severity) that form the basis of a risk assessment and determine the next actions of the therapy team and/or statutory services.

A classic risk matrix (see below) will consider the level of likelihood against severity to determine a risk score for a presumed negative outcome. The action that follows has traditionally been restrictive, in order to ‘prevent’ harm. Whilst this approach may work well in a work place where adherence to restrictions has minimal personal impact on the quality of life of the employees, this approach has significant consequences when the activity in question may have high value for the individual in terms of quality of life or emotional wellbeing. Whilst the classic risk matrix is a useful tool and will feature in our documentation, we aim to move risk management beyond this evaluation with the steps in this model.

Life is full of risks, individuals deemed capacitous take calculated risks daily, when stepping outside the front door, crossing a road, travelling in an aeroplane. There is a constant process of evaluation of risk against benefit from the activity. Indeed, a life without risk may be a very boring and unhappy one. When our clients are unable to process such risk assessments themselves in an adequate or consistent manner, it is part of our duty of care to consider not just restrictive risk prevention strategies, but also to weigh risk against quality of life. This is termed ‘Positive Risk Assessment and Management’. The Positive Risk Assessment and Management approach recognises that the client has the right to take risks and indeed risks are necessary for fulfilment, development and learning. The model champions the least restrictive approach for the client.

The Enablement Based Risk Assessment model presented here places the client at the centre of the process, to provide psychoeducation and learning in order to give the client the best opportunity to decide for themselves the relative balance of risk versus achievement of a positive goal.

The following heat map demonstrates a potential model for comparing risk to the contribution of quality of life.

Manthorpe and Moriarty, 2010

How to ‘Enable’

Marilyn Vos Savant famously said “success is achieved by developing our strengths, not by eliminating our weakness’. Risk enablement works best when the client’s strengths are recognised, utilising those strengths as a resource, and distributing responsibility proportionately and safely to the client, not maintaining it within a staff team. To ‘enable’ a client is to offer them their best chance at actively mitigating their own risk behaviour, the basic principles of which include:

  • Transparent and unambiguous communication about the risk identified.
  • Modelling and promoting a process that the client can follow and understand
  • Providing information that is accessible to the client within the context of cognitive or language deficits
  • Genuinely listening to and validating the clients view point
  • Offering compassionate guidance to assist the client to grow in flexibility and appreciate other view points.
  • Collaboratively trialling the client’s ideas, with an agreed plan for monitoring and evaluation that fosters the client’s learning.
  • Encourage creativity!
  • Accepting and validating the client’s emotional reaction to the process.

Holding Complexity

A positive approach to risk assessment and management must fit within the ethical and legal responsibilities that therapists hold. There must always be a balance between safety and wellbeing. Whilst a removal of autonomy from the client is not desirable, there is a danger and risk of failing to safeguard when too much responsibility is placed on a client who lacks the resources to keep themselves or others safe. Three overlapping factors are prevalent for Totus as a service:

This trio of principles and processes provides a risk management process that involves improving the client’s quality of life and rehabilitation progress….
…whilst remaining aware of the safety needs of the client, their broader care and social network and the public (safeguarding)…
…and is mindful of organisational risk and holding risk at an organisational level.


A number of responsibilities associated with safeguarding fall outside of the Totus Neurorehabilitation Ltd remit and will require referral to statutory service which may include Social Services, Mental Health Services, MASH (Multi-Agency Safeguarding Hub), or the Police. Ultimately it is the role of these services to determine whether a safeguarding concern reaches threshold for intervention, either civil or criminal. However, we do still have a role which includes:

  • Deciding when to refer to statutory services
  • Knowing how to refer to the appropriate service
  • Maintaining good, clear records that document the decision that led to the referral
  • Providing good quality communication and information sharing and possible attendance at meetings
  • Assisting the client to understand the process
  • Advocating for the client
  • Supporting therapy teams through the process

Organisational Responsibility

As an organisation we recognise that Totus Neurorehabilitation Ltd has a responsibility to:

  • Staff – for their physical safety, and emotional wellbeing.
  • Uphold legal frameworks – in relation to criminal law, civil law (litigation) and GDPR.
  • The business – to protect the organisation from financial, criminal, litigation and cyber threats that could undermine it sustainability and stability.

These responsibilities are mitigated through our professional codes of conduct, Insurance and Clinical Governance.

The requirement for this document arose out of our commitment to staff to feel safe in the risk assessment and management process. We are committed to building a culture of safety for staff, and to lead and support staff in their work, in a way that integrates risk management into the culture of our work, promotes the reporting of risk with good communication, and encourages learning from both good and adverse examples of practice.

Defensible Decision Making

There are inevitably times when even the best practice fails to result in the hoped for outcome and a more restrictive route of safeguarding is required. Such examples may include referring the case to Social Services against the client’s wishes, or a financial deputy applying restrictions to finances. At these times defensible decision making becomes important, a defensible decision may be taken when there is a continued risk of harm. At such times good record keeping should include:

  • The reason for the decisions
  • How the decisions were balanced
  • How the individual has been supported to date
  • When the decisions were reviewed, by whom, and the relevant legislation
  • Documentation of best interest opinions offered by the team (the ‘heat map’ may be utilised here.)

The Enablement Based Model of Risk Management

The three values at the centre of the model stipulate that the process is:

  • Compassionate – to the needs of all, client, family, staff and services
  • Client Centred – constantly returning to the best interests of the client as the driver for the process
  • Collaborative – amongst all parties

The model is termed ‘Enablement Based’ because of its focus on enabling the individual through positive risk taking, compassion for their unmet needs, and by remaining client centred. It recognises and builds on the client’s strengths, recognising the psychological factors and social context of the individual. But it does not dismiss or avoid the reality of disability and the very significant limits that cognitive disability can place on the client’s ability for decision making. Through transparent communication of these barriers, we offer the client their best chance for understanding and learning about their own role in contributing to risk with the choices that they make, and through this process offer their best opportunity to reduce risk through their own choices.

Collaborative decision making serves not only the aim of empowering the client, but also reduces the stress, pressure and emotional load on any one professional. Lone decision making promotes anxiety and fear, and behaviours become increasingly risk averse when an individual is anxious. Lone decision makers run the risk of promoting restrictive practices as they struggle to manage their own anxieties regarding the potential risk of harm to others. We must also recognise that risk management is everyone’s business. There is no profession that is exempt, and the responsibility does not solely rest with health professionals and statutory services, this document aims to offer skills and support to all professionals involved in the risk management process.

The model is presented as a cycle to acknowledge that risk management is a process that requires frequent review and sometimes does not have an end point. The following section will take you through each of the stages beginning with ‘context’ and describes completion of the relevant record forms that we have provided to support the process. The Forms are provided at the end of this document as a PDF for completion manually, and can also be found on the Totus team drive in the folder RISK ASSESSMENT FORM. These forms are made with Google Forms allowing data to be extrapolated as needed. We encourage you to use the googleform version for ease, and to allow the data to be viewed by the senior leadership team in our quarterly governance meetings.

MDT Process and Documentation

The process has been summarised in a set of Google Forms accessible to Totus staff to record the MDT and client discussions.


When discussing this section, it is important to recognise diversity in all its forms and that discrimination in risk assessment may come from a lack of understanding or knowledge regarding a cultural or life style aspect of the client, this could lead to an overly reactive approach.
Be aware of relevant legislation or personal documentation (Care Plan, Medical Records, Positive Behaviour Plan) and relevant literature that may be informing a therapeutic approach. The legislative documents relevant to risk assessment and safeguarding are saved on the Totus Team Drive in the folder ‘Safeguarding’ and include:

  • NICE Guidelines (summarised in next section)
  • Care Act 2014 section 42 and easy read summary (for other sections of the Care Act please search on line)
  • The Bournemouth Framework
  • Domestic Abuse Act 2022 Statutory Guidance (which now recognises coercion and control as abuse)
  • GDPR Schedule 1 – lists exclusions to GDPR
  • Safeguarding Children and Young People; Roles and Competencies for Healthcare Staff, January 2019
  • Keeping Children Safe in Education 2023
  • Working together to Safeguard Children, 2018

The social situation is often crucial to determining risk; housing, employment, family, power dynamics and resources within the support system to protect or hinder the client’s needs. Social factors often inform the fluidity of the risk (discussed later), and who it is a risk for.

Historical factors should be considered in this section including past factors that are influencing the current risk, what has helped, what has hindered, behavioural patterns and trends that the client has previously exhibited.

Finally, but most importantly, what do you know about the client’s perspective of risk? Are they expressing concern, how have they evaluated risk in the past, do they hold strong views about specific topics that others may consider risk.

Risk Identification

Risk identification requires consideration of perspectives from the wider network, what are the beliefs and values of the network that may be a support or a barrier.
Consider that client’s resources, their strengths, skills, resources, achievements, and coping mechanisms.

NICE guidelines are available for self-harm and violence. There is an optional link on the form to this section of the risk assessment.

Impact and Likelihood

The risk is rated as it is now, without further action, taking all of the above views and opinions into account using the classic risk assessment matrix (likelihood vs impact).

It is important to consider the fluidity of the risk to inform action planning later. Is the risk:

  • Static – present for some time with a stable history, the risk is present but there is no indication of an imminent change of behaviour that will lead to harm. Intervention approaches may be more ‘slow stream’, with lower levels of urgency.
  • Dynamic – the situation continues to change and fluctuate, making the situation difficult to evaluate. There may be a recent or imminent change to the social context with the removal of a protective factor, or addition of a stressor. These risks have the greatest opportunity for enablement-based risk management.
  • Acute – acute risks change rapidly and are triggers which increase the level of risk when they are present e.g. behaviour when intoxicated, or an argument with a family member. This is often where reactive risk management comes into effect.

Risk Enablement and Planning

Risk enablement combines all of the principles of positive risk taking, with the evidence collected regarding level of risk, to form an action plan that follows the least restrictive course of action. At this stage the plan may be incomplete as discussion with the client (next section) has not yet been held. The plan may include what to discuss with the client, who should be present, where and when the session/s will be offered, language and cognitive considerations to ensure the information is accessible to the client. The plan may also document the best hoped for outcome and the worst-case scenario. The plan should document who is responsible for each action and a date for review.

Consider all aspects of defensible decision making have been addressed including; client discussions (held or planned), issues of capacity, best interests, whether the level of intervention is proportionate to the risk, the level of collaboration utilised, cultural sensitivity, and fluidity of the risk.

The risk should then be re-scored at the predicted level once all actions have been implemented.

Communicate and Review

Good communication is imperative throughout the process but the last stage in the cycle emphasises consideration of what information has been communicated and to who, whether other services/people need to be informed (considering consent and confidentiality limitations), and whether the communication to date has been adequate. This is the stage at which a decision is made as to whether to inform statutory services either under safeguarding or to provide additional resources for the client.

There should always be a review date set.

Client Process and Documentation. – Client Positive Risk Planning

Following the MDT meeting where the risks are identified the client must be brought into the process (if not already done so) to engage them in psychoeducation and positive risk planning. Transparent communication is at the heart of the enablement-based approach, even when those conversations may be challenging or uncomfortable. However, the therapist should on no account place themselves in danger, or at risk of harm for this principle. If there is a concern of a violent reaction to the conversation, consideration should be given to how and by whom the information is communicated, and if this is not safely available safeguarding processes may need to be followed without the client’s understanding or consent in their best interest.

Questions for discussion with the client can include:

  • How do others see the risk?
  • How do I view the risk? (including what is most important to me)
  • What are the risks to myself?
  • What are the risks to others?
  • Client rating of the risk
  • The steps I will take to manage the risk, and who will support me?
  • What is the most important course of action for me?
  • Client re-rating of the risk with steps in place

The process should then be reviewed at an agreed time considering with the client:

  • How I view the support I have received
  • What I have managed well, what I need to continue to work on
  • My view of risk now
  • What are the ongoing risks (self and others)? Client rating of the risk.
  • What will I continue to work on?

Clinical Concerns Monitoring Form

There are frequent times when clients or system behaviours raise some concern for therapists, but the action is not significant to warrant a risk assessment process. Though it is possible that frequent repetition of these behaviours causes a dynamic risk that becomes increasingly concerning over time. This may include communication styles that are damaging relationships, or comments that reflect thoughts about risk behaviours that have not been followed through. Whilst such information is often documented in the therapist filenotes, it is easy for this information to be lost and the frequency to go unobserved (particularly if different therapists are observing the same behaviour). Therefore, we have created a separate ‘Clinical Concerns Monitoring Form’ to allow these observations to be collated in one place for easy review.
This section is for monitoring low level risk behaviours that do not breach safeguarding threshold (ratings that would be green on the matrix), but when the frequency of these behaviours is causing anxiety or concerns for others. There may be concern about the risk escalating, or that the frequency or occurrence presents a cumulative risk. The forms also document the evolution of risk, making reviews less time consuming.

If the risk rating is 6 or above this should trigger an MDT discussion, though discretion is advised regarding high frequency of behaviour may trigger this process below a 6.

Clinical Governance

The Google forms competed by Totus staff will generate data on risk scores for each client every time a form is completed. As part of our clinical governance and commitment to supporting our staff, these scores will be monitored monthly and support offered to the clinician/s working on the case.


Whilst risk management is best managed as a team or with another in, for example, supervision, there may be times when you disagree with another member or your supervisor about the severity and likelihood of the risk. At such times you can escalate your supervision to one or both of the Totus Directors for support. If you continue to feel that your concerns are not being validated, as an autonomous practitioner you do not require approval to make a referral to the social services safeguarding team. The local team are often happy to take anonymous enquiries if you are not sure whether a referral is warranted. All communications must be documented.

Making a Referral to Social Services Safeguarding

An internet search will direct you to a referral form for the local Safeguarding Team under Social Services (often referred to by professionals as ‘statutory services’ or ‘local authority’).

When making a referral it is important to state that your client meets the following three criteria (Section 42 of the Care Act 2014):

  • The individual has care needs (this is any need, not just personal care, regardless of whether these needs are being met or by whom)
  • The individual is being exploited or is at risk
  • The individual is not able to safeguard themselves and detail why

It can also be helpful to be familiar with the local authority threshold criteria for safeguarding (levels 1-4). These are often difficult to locate but can be found on the website for the local safeguarding board or partnership.

Use the language in these documents to make the referral, and do not include unnecessary or convoluted information.

It is important to know that referrals can be escalated to the Safeguarding Board or Partnership (this includes Social Services, the Police, Education, Health, Fire Services and Probation Services) if you feel that the Social Services route is not recognising the risk.

Deprivation of Liberty Safeguards (DoLs)

Our role within DoLs is to inform the local authority if a deprivation of liberty is occurring in their area, it is then the role of Social Services to follow the appropriate process.

References and Resources

Department of Health; Best Practice in Managing Risk. Principles and Evidence for Best Practice in the Assessment and Management of Risk to Self and Others in Mental Health Services, 2009.
Morgan, Steve. Risk Decision Making. Working with Risk and Implementing Positive Risk Taking. Pavilion Publishing.
Manthorpe and Moriarty, 2010. Nothing ventured, nothing gained: Risk Guidance for People with Dementia. Dept of Health.
Care Act 2014
Nice Guidelines
The Bournemouth Framework
Domestic Abuse Act 2022 Statutory Guidance (which now recognises coercive control as abuse)
GDPR Schedule 1 – lists exclusions to GDPR
Safeguarding Children and Young People; Roles and Competencies for Healthcare Staff, January 2019
Keeping Children Safe in Education 2023
Working together to Safeguard Children, 2018