Common use of Main Risks to Achievement of Targets Clause in Contracts

Main Risks to Achievement of Targets. The main potential risks to achievement of the targets set out in this Agreement, and the corresponding mitigation measures in place or planned, are as follows: Risk Mitigation Measures Inability to ensure provision of safe and secure custody due to issues such as overcrowding, access, capital budget, etc. • Monitoring mechanisms, Management data and reviews, Interface with Governors • Engagement with Department on prisoner number strategy to reflect current environment • Engagement with Department on implementation of relevant Penal Policy Review Group recommendations • Request and participate in development of impact assessments on resource allocation and legislative changes across the justice system • Request and participate in development of prison population model to allow for proactive planning • Engage with the Department on legislative requirements Inability to secure psychiatric services to the extent required, thus impacting on the ability of the IPS to provide appropriate treatment to persons with severe and enduring mental illness. • Consultant-led mental health in-reach services under the aegis of National Forensic Mental Health Service (NFMHS) in all closed prisons • Ongoing engagement regarding provision of services with HSE/ NFMHS and Department of Health • Monitoring of waiting lists for treatment in CMH • Inability to deliver an enhanced Governance & Compliance function in line with IPS strategy, resulting in a lack of oversight, assurance and statutory compliance (with direct implications for key objectives, e.g. risks of damage and injury arising from ineffective implementation of health & safety rules) • Up to date Oversight Agreement reflecting Code of Practice for Governance of State Bodies • Regular governance meetings and oversight by senior management • Active management of risks and issues • Open communication with the Department • Engagement with the Department regarding placement of the IPS on appropriate statutory footing • Internal audit co-ordination unit established • Risk management framework in place and being further developed • Developing clinical governance framework Insufficient data protection knowledge and supporting framework negatively impacting effective operations, service delivery and project roll out across every Directorate, e.g. data breaches • External Data Protection Officer (DPO) services procured through Privacy Engine, following an OGP framework competition. • Internal full-time DPO appointed in January • More effective implementation of existing controls, and development of a more comprehensive IPS-wide data protection framework • Further training and retraining of staff • Engage with Department on governance arrangements to support reporting, and clarify resources available to support data protection compliance Risk Mitigation Measures Inability to recruit sufficient staff. There will be a significant rise in staff retiring from 2025-2027 inclusive, on age grounds. • Ensuring that the organisation has adequate staff with the appropriate competency reporting for duty every day to provide safe and secure custody and compliant with all policies and procedures. • Multi annual recruitment plan.

Main Risks to Achievement of Targets. The main potential risks to achievement of the targets set out in this Agreement, and the corresponding mitigation measures planned or in place or plannedplace, are as follows: Risk Description Mitigation Measures Inability Failure to deliver statutory functions and other obligations due to inability to provide business continuity in face of the COVID-19 pandemic • Policy and response Plan for Business Continuity during COVID-19 in place and arrangements implemented • Staff on a blended working pattern involving attendance at the office based on a rota and remote working • Restricted attendance arrangements during level 5 lockdown • All staff equipped to ensure provision that full lines of safe communication remain open at all levels within the organisation • Documented Disaster Recovery Policy and secure custody Plan and implemented pre-planned Business Continuity measures in place for ICT and some other units Limitations in GSOC’s ability to deliver the reforms proposed in the establishment of and transition to the new arrangements under proposed Policing, Security & Community Safety Bill due to uncertainty, timing and resource issues • Submissions to the Department on the draft Bill to ensure that legislative proposals are practical and reflect GSOC’s experience in handling complaints and allegations of police misconduct • Planning for transition to a different organisation with new statutory requirements • Preparation of a business case to set out resourcing requirements for the transition and the new organisation Impact on GSOC’s public profile of high profile case(s) • Response to media queries • Keeping victims and families informed Impact on GSOC’s ability to deliver effective service to the public in accordance with its statutory functions due to issues such as overcrowdingrelating to resources or to systems and processes • Financial management procedures to ensure budgets are closely monitored and expenditure needs are managed in terms of procurement and timing to ensure best VFM is obtained • Submission to Department on additional funding needs • Over the lifetime of GSOC’s Strategy Statement (2021- 23), accessreview and improve efficiency of complaints process by seeking to identify and use technological solutions to streamline complaint and administrative processes • Over the lifetime of the Strategy Statement, capital budget, etc. • Monitoring mechanisms, Management implement performance quality and management systems to monitor and address any shortcomings in the effectiveness of business management systems Failure to deliver statutory functions and other obligations due to loss of data and reviews, Interface with Governors business continuity in face of cyber threat • Engagement with Department on prisoner number strategy to reflect current environment • Engagement with Department on implementation Maintenance of relevant Penal Policy Review Group recommendations • Request and participate in development of impact assessments on resource allocation and legislative changes across the justice system • Request and participate in development of prison population model to allow for proactive planning • Engage with the Department on legislative requirements Inability to secure psychiatric services to the extent required, thus impacting on the ability of the IPS to provide appropriate treatment to persons with severe and enduring mental illness. • Consultant-led mental health in-reach services under the aegis of National Forensic Mental Health Service (NFMHS) in all closed prisons • Ongoing engagement regarding provision of services with HSE/ NFMHS and Department of Health • Monitoring of waiting lists for treatment in CMH • Inability to deliver an enhanced Governance & Compliance function in line with IPS strategy, resulting in a lack of oversight, assurance and statutory compliance (with direct implications for key objectives, e.g. risks of damage and injury arising from ineffective implementation of health & safety rules) • Up up to date Oversight Agreement reflecting Code internal and external firewalls configured with appropriate security rules • Software to counter ransomware attacks • Secure email Gateway scans of Practice for Governance of State Bodies incoming and outgoing email and anti-virus software • Regular governance meetings staff briefings/communication regarding threats of phishing and oversight by senior management other information security measures • Active management Review of risks and issues • Open communication with the Department • Engagement with the Department regarding placement of the IPS on appropriate statutory footing • Internal audit co-ordination unit established • Risk management framework in place and being further developed • Developing clinical governance framework Insufficient data protection knowledge and supporting framework negatively impacting effective operations, service delivery and project roll out across every Directorate, e.g. data breaches • External Data Protection Officer (DPO) services procured through Privacy Engine, following an OGP framework competition. • Internal full-time DPO appointed in January • More effective implementation of existing controls, and development of a more comprehensive IPS-wide data protection framework • Further training and retraining of staff • Engage with Department on governance arrangements to support reporting, and clarify resources available to support data protection compliance Risk Mitigation Measures Inability to recruit sufficient staff. There will be a significant rise in staff retiring from 2025-2027 inclusive, on age grounds. • Ensuring that the organisation has adequate staff with the appropriate competency reporting ICT Security planned for duty every day to provide safe and secure custody and compliant with all policies and procedures. • Multi annual recruitment plan.Q3 2021

Main Risks to Achievement of Targets. The main potential risks to achievement of the targets set out in this Agreement, and the corresponding mitigation measures planned or in place or plannedplace, are as follows: Risk Description Mitigation Measures Inability Failure to deliver statutory functions and other obligations due to inability to provide business continuity in face of the COVID-19 pandemic  Policy and response Plan for Business Continuity during COVID-19 in place and arrangements implemented  Staff on a blended working pattern involving attendance at the office based on a rota and remote working  Restricted attendance arrangements during level 5 lockdown  All staff equipped to ensure provision that full lines of safe communication remain open at all levels within the organisation  Documented Disaster Recovery Policy and secure custody Plan and implemented pre-planned Business Continuity measures in place for ICT and some other units Limitations in GSOC’s ability to deliver the reforms proposed in the establishment of and transition to the new arrangements under proposed Policing, Security & Community Safety Bill due to uncertainty, timing and resource issues  Submissions to the Department on the draft Bill to ensure that legislative proposals are practical and reflect GSOC’s experience in handling complaints and allegations of police misconduct  Planning for transition to a different organisation with new statutory requirements  Preparation of a business case to set out resourcing requirements for the transition and the new organisation Impact on GSOC’s public profile of high profile case(s)  Response to media queries  Keeping victims and families informed Impact on GSOC’s ability to deliver effective service to the public in accordance with its statutory functions due to issues such as overcrowdingrelating to resources or to systems and processes  Financial management procedures to ensure budgets are closely monitored and expenditure needs are managed in terms of procurement and timing to ensure best VFM is obtained  Submission to Department on additional funding needs  Over the lifetime of GSOC’s Strategy Statement (2021- 23), accessreview and improve efficiency of complaints process by seeking to identify and use technological solutions to streamline complaint and administrative processes  Over the lifetime of the Strategy Statement, capital budget, etc. • Monitoring mechanisms, Management implement performance quality and management systems to monitor and address any shortcomings in the effectiveness of business management systems Failure to deliver statutory functions and other obligations due to loss of data and reviews, Interface with Governors • Engagement with Department on prisoner number strategy to reflect current environment • Engagement with Department on implementation business continuity in face of relevant Penal Policy Review Group recommendations • Request and participate in development cyber threat  Maintenance of impact assessments on resource allocation and legislative changes across the justice system • Request and participate in development of prison population model to allow for proactive planning • Engage with the Department on legislative requirements Inability to secure psychiatric services to the extent required, thus impacting on the ability of the IPS to provide appropriate treatment to persons with severe and enduring mental illness. • Consultant-led mental health in-reach services under the aegis of National Forensic Mental Health Service (NFMHS) in all closed prisons • Ongoing engagement regarding provision of services with HSE/ NFMHS and Department of Health • Monitoring of waiting lists for treatment in CMH • Inability to deliver an enhanced Governance & Compliance function in line with IPS strategy, resulting in a lack of oversight, assurance and statutory compliance (with direct implications for key objectives, e.g. risks of damage and injury arising from ineffective implementation of health & safety rules) • Up up to date Oversight Agreement reflecting Code internal and external firewalls configured with appropriate security rules  Software to counter ransomware attacks  Secure email Gateway scans of Practice incoming and outgoing email and anti-virus software  Regular staff briefings/communication regarding threats of phishing and other information security measures  Review of ICT Security planned for Governance of State Bodies • Regular governance meetings and oversight by senior management • Active management of risks and issues • Open communication with the Department • Engagement with the Department regarding placement of the IPS on appropriate statutory footing • Internal audit co-ordination unit established • Risk management framework in place and being further developed • Developing clinical governance framework Insufficient data protection knowledge and supporting framework negatively impacting effective operations, service delivery and project roll out across every Directorate, e.g. data breaches • External Data Protection Officer (DPO) services procured through Privacy Engine, following an OGP framework competition. • Internal full-time DPO appointed in January • More effective implementation of existing controls, and development of a more comprehensive IPS-wide data protection framework • Further training and retraining of staff • Engage with Department on governance arrangements to support reporting, and clarify resources available to support data protection compliance Risk Mitigation Measures Inability to recruit sufficient staff. There will be a significant rise in staff retiring from 2025-2027 inclusive, on age grounds. • Ensuring that the organisation has adequate staff with the appropriate competency reporting for duty every day to provide safe and secure custody and compliant with all policies and procedures. • Multi annual recruitment plan.Q3 2021

Main Risks to Achievement of Targets. The main potential risks to achievement of the targets set out in this Agreement, and the corresponding mitigation measures planned or in place or plannedplace, are as follows: Risk Description Mitigation Measures Inability Lack of Organisation Capacity and Capability - Lack of facilitating conditions including governance structure and appropriate resourcing to ensure provision enable GSOC’ successor body to deliver its statutory functions • Prepare a detailed statement of safe and secure custody due to issues such as overcrowding, access, capital budget, etc. resourcing needs informed by the organisational review • Monitoring mechanisms, Management data and reviews, Interface with Governors • Engagement with Department on prisoner number strategy to reflect current environment • Engagement with Department on implementation of relevant Penal Policy Review Group recommendations • Request and participate in development of impact assessments on resource allocation and legislative changes across the justice system • Request and participate in development of prison population model to allow for proactive planning • Engage Ongoing engagement with the Department on legislative relating to future resourcing and requirements Inability • Strategic workforce planning including recruitment and retention, staff development, implementation roadmaps and review mechanisms. Reputational damage caused by poor information and institutional knowledge management • Procure and implement a new Case Management System with business analytics capability • Prepare a Data Strategy for GSOC. • A knowledge audit of assets has commenced with a view to secure psychiatric services developing a work programme for the GSOC Knowledge Management Group • Establish a learning climate/culture, mitigating knowledge loss, developing a shared team memory and create channels for knowledge flow. Work is required to develop, update and maintain a repository of organisational manuals, policies, SOPs for all business units ICT Security, availability and resilience - causing reputational and financial damage through data breaches or failure to support business continuity. • Development of Policy and procedures and governance structure for: • Business Continuity Management/Disaster Recovery and back up: • ICT System Life-Cycle Management: • Information Technology Security (Cyber Security) - External and Internal Threat: • Implement recommendations of ICT Service Delivery Model Audit. Reputational damage caused by failure to achieve the extent required, thus impacting on reforms envisaged under the ability transition programme • A detailed examination of the IPS provisions of the Bill to provide appropriate treatment to persons with severe and enduring mental illnessmap the relevant impacts • Development of robust transition implementation plan. • Consultant-led mental health in-reach services under the aegis of National Forensic Mental Health Service (NFMHS) in all closed prisons • Ongoing engagement regarding provision with the relevant stakeholders to ensure resources and other relevant supports are in place. Reputational and financial cost of services with HSE/ NFMHS and Department of Health • Monitoring of waiting lists for treatment in CMH • Inability potential operational failure to deliver an enhanced Governance & Compliance function in line with IPS strategy, resulting progress case files in a lack timely, customer focussed manner • Review and update operational business processes: • Development of oversight, assurance governance structure with monitoring and statutory compliance (with direct implications for key objectives, e.g. risks of damage and injury arising from ineffective implementation of health & safety rules) • Up to date Oversight Agreement reflecting Code of Practice for Governance of State Bodies • Regular governance meetings and oversight by senior management • Active management of risks and issues • Open communication with the Department • Engagement with the Department regarding placement review of the IPS on relevant procedures • Ensure that all staff receive appropriate statutory footing • Internal audit co-ordination unit established • Risk management framework training, including role specific accredited training, in place and being further developed • Developing clinical governance framework Insufficient data protection knowledge and supporting framework negatively impacting effective operations, service delivery and project roll out across every Directorate, e.g. data breaches • External Data Protection Officer (DPO) services procured through Privacy Engine, following an OGP framework competitionaccordance with L&D plan. • Internal full-time DPO appointed in January • More Development of a new Case Management System to facilitate knowledge sharing, effective implementation management, the supervision of existing controlscases, and development the extraction of a more comprehensive IPS-wide data protection framework • Further training and retraining of staff • Engage with Department on governance arrangements to support reporting, and clarify resources available to support data protection compliance Risk Mitigation Measures Inability to recruit sufficient staff. There will be a significant rise in staff retiring from 2025-2027 inclusive, on age grounds. • Ensuring that the organisation has adequate staff with the appropriate competency reporting for duty every day to provide safe and secure custody and compliant with all policies and procedures. • Multi annual recruitment plananalytical purposes.