Common use of Main Risks to Achievement of Targets Clause in Contracts

Main Risks to Achievement of Targets. The main potential risks to achievement of the targets set out in this Agreement, and the corresponding mitigation measures planned or in place, are as follows: Risk Description Mitigation Failure to deliver statutory functions and other obligations due to inability to provide business continuity in face of the COVID-19 pandemic  Policy and response Plan for Business Continuity during COVID-19 in place and arrangements implemented  Staff on a blended working pattern involving attendance at the office based on a rota and remote working  Restricted attendance arrangements during level 5 lockdown  All staff equipped to ensure that full lines of communication remain open at all levels within the organisation  Documented Disaster Recovery Policy and Plan and implemented pre-planned Business Continuity measures in place for ICT and some other units Limitations in GSOC’s ability to deliver the reforms proposed in the establishment of and transition to the new arrangements under proposed Policing, Security & Community Safety Bill due to uncertainty, timing and resource issues  Submissions to the Department on the draft Bill to ensure that legislative proposals are practical and reflect GSOC’s experience in handling complaints and allegations of police misconduct  Planning for transition to a different organisation with new statutory requirements  Preparation of a business case to set out resourcing requirements for the transition and the new organisation Impact on GSOC’s public profile of high profile case(s)  Response to media queries  Keeping victims and families informed Impact on GSOC’s ability to deliver effective service to the public in accordance with its statutory functions due to issues relating to resources or to systems and processes  Financial management procedures to ensure budgets are closely monitored and expenditure needs are managed in terms of procurement and timing to ensure best VFM is obtained  Submission to Department on additional funding needs  Over the lifetime of GSOC’s Strategy Statement (2021- 23), review and improve efficiency of complaints process by seeking to identify and use technological solutions to streamline complaint and administrative processes  Over the lifetime of the Strategy Statement, implement performance quality and management systems to monitor and address any shortcomings in the effectiveness of business management systems Failure to deliver statutory functions and other obligations due to loss of data and business continuity in face of cyber threat  Maintenance of up to date internal and external firewalls configured with appropriate security rules  Software to counter ransomware attacks  Secure email Gateway scans of incoming and outgoing email and anti-virus software  Regular staff briefings/communication regarding threats of phishing and other information security measures  Review of ICT Security planned for Q3 2021

Main Risks to Achievement of Targets. The main potential risks to achievement of the targets set out in this Agreement, and the corresponding mitigation measures planned or in placemitigation/contingency measures, are as follows: Risk Description Mitigation Failure Mitigations Providing a system for victim identification: Risk that not all interested parties will be identified, leading to deliver statutory functions flawed procedure and other obligations due unwelcome publicity, potential judicial reviews, reputational damage • Ongoing work to inability to provide business continuity in face of engage with victims • Dedicated victim area on the COVID-19 pandemic  Policy and response Plan for Business Continuity during COVID-19 website • Engagement with victims’ organisations • System in place with IPS and arrangements implemented  Staff An Garda Síochána to identify relevant victims wherever possible Risk of insufficient staffing levels resulting in statutory deadlines not being met and inadequate engagement with victims Board member renewal, recruitment and replacement challenges as 8 Board members reach the end of their two year appointment in 2023 and one is resigning. • Liaison with Department’s Governance and Corporate HR areas on a blended working pattern involving attendance at the office based on a rota resourcing/ recruitment matters Judicial Reviews: risk of budget being inadequate to meet costs • Monitor legal correspondence/cases and remote working  Restricted attendance arrangements during level 5 lockdown  All staff equipped to ensure that full lines of communication remain open at all levels within the organisation  Documented Disaster Recovery Policy expenditure and Plan and implemented pre-planned Business Continuity measures in place for ICT and some other units Limitations in GSOC’s ability to deliver the reforms proposed in the establishment of and transition to the new arrangements under proposed Policing, Security & Community Safety Bill due to uncertainty, timing and resource issues  Submissions flag emerging trends/ challenges to the Department Lack of an adequate Case Management System resulting in an overreliance on manual and clerical procedures, poor/inaccurate reporting and heightened risk of data protection breaches • Ongoing liaison with OGCIO and Department as necessary to have a new CMS implemented • Progress to be monitored and matter escalated if necessary Risk of data protection compliance errors arising from lack of sufficient capacity/expertise to fulfil GDPR/LED responsibilities • Engage legal advice where necessary and within budgetary limits • Staff training • Recruit Data Protection Officer Risk of trauma related stress and injury to staff and board as a result of the nature of the cases the Parole Board considers • Training provided to staff on the draft Bill nature and impact of trauma • Information session provided to ensure that legislative proposals are practical Board on the nature and reflect GSOC’s experience in handling complaints and allegations impact of police misconduct  Planning for transition trauma • Support available to a different organisation with new statutory requirements  Preparation of a business case to set out resourcing requirements for the transition and the new organisation Impact on GSOC’s public profile of high profile case(s)  Response to media queries  Keeping victims and families informed Impact on GSOC’s ability to deliver effective service to the public in accordance with its statutory functions due to issues relating to resources or to systems and processes  Financial management procedures to ensure budgets are closely monitored and expenditure needs are managed in terms of procurement and timing to ensure best VFM is obtained  Submission to Department on additional funding needs  Over the lifetime of GSOC’s Strategy Statement (2021- 23), review and improve efficiency of complaints process by seeking to identify and use technological solutions to streamline complaint and administrative processes  Over the lifetime of the Strategy Statement, implement performance quality and management systems to monitor and address any shortcomings in the effectiveness of business management systems Failure to deliver statutory functions and other obligations due to loss of data and business continuity in face of cyber threat  Maintenance of up to date internal and external firewalls configured with appropriate security rules  Software to counter ransomware attacks  Secure email Gateway scans of incoming and outgoing email and antiall staff through Inspire Well-virus software  Regular staff briefings/communication regarding threats of phishing and other information security measures  Review of ICT Security planned for Q3 2021Being • Peer support available through colleagues

Main Risks to Achievement of Targets. The main potential risks to achievement of the targets set out in this Agreement, and the corresponding mitigation measures planned or in place, are as follows: Risk Description Mitigation Failure Lack of Organisation Capacity and Capability - Lack of facilitating conditions including governance structure and appropriate resourcing to enable GSOC’ successor body to deliver its statutory functions • Prepare a detailed statement of resourcing needs informed by the organisational review • Ongoing engagement with the Department relating to future resourcing and requirements • Strategic workforce planning including recruitment and retention, staff development, implementation roadmaps and review mechanisms. Reputational damage caused by poor information and institutional knowledge management • Procure and implement a new Case Management System with business analytics capability • Prepare a Data Strategy for GSOC. • A knowledge audit of assets has commenced with a view to developing a work programme for the GSOC Knowledge Management Group • Establish a learning climate/culture, mitigating knowledge loss, developing a shared team memory and create channels for knowledge flow. Work is required to develop, update and maintain a repository of organisational manuals, policies, SOPs for all business units ICT Security, availability and resilience - causing reputational and financial damage through data breaches or failure to support business continuity. • Development of Policy and procedures and governance structure for: • Business Continuity Management/Disaster Recovery and back up: • ICT System Life-Cycle Management: • Information Technology Security (Cyber Security) - External and Internal Threat: • Implement recommendations of ICT Service Delivery Model Audit. Reputational damage caused by failure to achieve the reforms envisaged under the transition programme • A detailed examination of the provisions of the Bill to map the relevant impacts • Development of robust transition implementation plan. • Ongoing engagement with the relevant stakeholders to ensure resources and other obligations due relevant supports are in place. Reputational and financial cost of potential operational failure to inability to provide progress case files in a timely, customer focussed manner • Review and update operational business continuity in face processes: • Development of governance structure with monitoring and review of the COVID-19 pandemic  Policy and response Plan for Business Continuity during COVID-19 in place and arrangements implemented  Staff on a blended working pattern involving attendance at the office based on a rota and remote working  Restricted attendance arrangements during level 5 lockdown  All relevant procedures • Ensure that all staff equipped to ensure that full lines of communication remain open at all levels within the organisation  Documented Disaster Recovery Policy and Plan and implemented pre-planned Business Continuity measures in place for ICT and some other units Limitations in GSOC’s ability to deliver the reforms proposed in the establishment of and transition to the new arrangements under proposed Policingreceive appropriate training, Security & Community Safety Bill due to uncertaintyincluding role specific accredited training, timing and resource issues  Submissions to the Department on the draft Bill to ensure that legislative proposals are practical and reflect GSOC’s experience in handling complaints and allegations of police misconduct  Planning for transition to a different organisation with new statutory requirements  Preparation of a business case to set out resourcing requirements for the transition and the new organisation Impact on GSOC’s public profile of high profile case(s)  Response to media queries  Keeping victims and families informed Impact on GSOC’s ability to deliver effective service to the public in accordance with its statutory functions due L&D plan. • Development of a new Case Management System to issues relating to resources or to systems facilitate knowledge sharing, effective management, the supervision of cases, and processes  Financial management procedures to ensure budgets are closely monitored and expenditure needs are managed in terms of procurement and timing to ensure best VFM is obtained  Submission to Department on additional funding needs  Over the lifetime of GSOC’s Strategy Statement (2021- 23), review and improve efficiency of complaints process by seeking to identify and use technological solutions to streamline complaint and administrative processes  Over the lifetime of the Strategy Statement, implement performance quality and management systems to monitor and address any shortcomings in the effectiveness of business management systems Failure to deliver statutory functions and other obligations due to loss extraction of data and business continuity in face of cyber threat  Maintenance of up to date internal and external firewalls configured with appropriate security rules  Software to counter ransomware attacks  Secure email Gateway scans of incoming and outgoing email and anti-virus software  Regular staff briefings/communication regarding threats of phishing and other information security measures  Review of ICT Security planned for Q3 2021analytical purposes.

Main Risks to Achievement of Targets. The main potential risks to achievement of the targets set out in this Agreement, and the corresponding mitigation measures planned or in place, are as follows: Risk Description Mitigation Failure to deliver statutory functions and other obligations due to inability to provide business continuity in face of the COVID-19 pandemic  • Policy and response Plan for Business Continuity during COVID-19 in place and arrangements implemented  • Staff on a blended working pattern involving attendance at the office based on a rota and remote working  • Restricted attendance arrangements during level 5 lockdown  • All staff equipped to ensure that full lines of communication remain open at all levels within the organisation  • Documented Disaster Recovery Policy and Plan and implemented pre-planned Business Continuity measures in place for ICT and some other units Limitations in GSOC’s ability to deliver the reforms proposed in the establishment of and transition to the new arrangements under proposed Policing, Security & Community Safety Bill due to uncertainty, timing and resource issues  • Submissions to the Department on the draft Bill to ensure that legislative proposals are practical and reflect GSOC’s experience in handling complaints and allegations of police misconduct  • Planning for transition to a different organisation with new statutory requirements  • Preparation of a business case to set out resourcing requirements for the transition and the new organisation Impact on GSOC’s public profile of high profile case(s)  • Response to media queries  • Keeping victims and families informed Impact on GSOC’s ability to deliver effective service to the public in accordance with its statutory functions due to issues relating to resources or to systems and processes  • Financial management procedures to ensure budgets are closely monitored and expenditure needs are managed in terms of procurement and timing to ensure best VFM is obtained  • Submission to Department on additional funding needs  • Over the lifetime of GSOC’s Strategy Statement (2021- 23), review and improve efficiency of complaints process by seeking to identify and use technological solutions to streamline complaint and administrative processes  • Over the lifetime of the Strategy Statement, implement performance quality and management systems to monitor and address any shortcomings in the effectiveness of business management systems Failure to deliver statutory functions and other obligations due to loss of data and business continuity in face of cyber threat  • Maintenance of up to date internal and external firewalls configured with appropriate security rules  • Software to counter ransomware attacks  • Secure email Gateway scans of incoming and outgoing email and anti-virus software  • Regular staff briefings/communication regarding threats of phishing and other information security measures  • Review of ICT Security planned for Q3 2021

Main Risks to Achievement of Targets. The main potential risks to achievement of the targets set out in this Agreement, and the corresponding mitigation measures planned in place or in placeplanned, are as follows: Risk Description Mitigation Failure Measures Inability to ensure provision of safe and secure custody due to issues such as overcrowding, access, capital budget, etc. • Monitoring mechanisms, Management data and reviews, Interface with Governors • Engagement with Department on prisoner number strategy to reflect current environment • Engagement with Department on implementation of relevant Penal Policy Review Group recommendations • Request and participate in development of impact assessments on resource allocation and legislative changes across the justice system • Request and participate in development of prison population model to allow for proactive planning • Engage with the Department on legislative requirements Inability to secure psychiatric services to the extent required, thus impacting on the ability of the IPS to provide appropriate treatment to persons with severe and enduring mental illness. • Consultant-led mental health in-reach services under the aegis of National Forensic Mental Health Service (NFMHS) in all closed prisons • Ongoing engagement regarding provision of services with HSE/ NFMHS and Department of Health • Monitoring of waiting lists for treatment in CMH • Inability to deliver an enhanced Governance & Compliance function in line with IPS strategy, resulting in a lack of oversight, assurance and statutory functions compliance (with direct implications for key objectives, e.g. risks of damage and other obligations due injury arising from ineffective implementation of health & safety rules) • Up to inability to provide business continuity in face date Oversight Agreement reflecting Code of Practice for Governance of State Bodies • Regular governance meetings and oversight by senior management • Active management of risks and issues • Open communication with the Department • Engagement with the Department regarding placement of the COVID-19 pandemic  Policy and response Plan for Business Continuity during COVID-19 IPS on appropriate statutory footing • Internal audit co-ordination unit established • Risk management framework in place and being further developed • Developing clinical governance framework Insufficient data protection knowledge and supporting framework negatively impacting effective operations, service delivery and project roll out across every Directorate, e.g. data breaches • External Data Protection Officer (DPO) services procured through Privacy Engine, following an OGP framework competition. • Internal full-time DPO appointed in January • More effective implementation of existing controls, and development of a more comprehensive IPS-wide data protection framework • Further training and retraining of staff • Engage with Department on governance arrangements implemented  Staff to support reporting, and clarify resources available to support data protection compliance Risk Mitigation Measures Inability to recruit sufficient staff. There will be a significant rise in staff retiring from 2025-2027 inclusive, on a blended working pattern involving attendance at the office based on a rota and remote working  Restricted attendance arrangements during level 5 lockdown  All staff equipped to ensure age grounds. • Ensuring that full lines of communication remain open at all levels within the organisation  Documented Disaster Recovery Policy has adequate staff with the appropriate competency reporting for duty every day to provide safe and Plan secure custody and implemented pre-planned Business Continuity measures in place for ICT compliant with all policies and some other units Limitations in GSOC’s ability to deliver the reforms proposed in the establishment of and transition to the new arrangements under proposed Policing, Security & Community Safety Bill due to uncertainty, timing and resource issues  Submissions to the Department on the draft Bill to ensure that legislative proposals are practical and reflect GSOC’s experience in handling complaints and allegations of police misconduct  Planning for transition to a different organisation with new statutory requirements  Preparation of a business case to set out resourcing requirements for the transition and the new organisation Impact on GSOC’s public profile of high profile case(s)  Response to media queries  Keeping victims and families informed Impact on GSOC’s ability to deliver effective service to the public in accordance with its statutory functions due to issues relating to resources or to systems and processes  Financial management procedures to ensure budgets are closely monitored and expenditure needs are managed in terms of procurement and timing to ensure best VFM is obtained  Submission to Department on additional funding needs  Over the lifetime of GSOC’s Strategy Statement (2021- 23), review and improve efficiency of complaints process by seeking to identify and use technological solutions to streamline complaint and administrative processes  Over the lifetime of the Strategy Statement, implement performance quality and management systems to monitor and address any shortcomings in the effectiveness of business management systems Failure to deliver statutory functions and other obligations due to loss of data and business continuity in face of cyber threat  Maintenance of up to date internal and external firewalls configured with appropriate security rules  Software to counter ransomware attacks  Secure email Gateway scans of incoming and outgoing email and anti-virus software  Regular staff briefings/communication regarding threats of phishing and other information security measures  Review of ICT Security planned for Q3 2021procedures. • Multi annual recruitment plan.