Common use of Potential Risk Factors Clause in Contracts

Potential Risk Factors. The ISI operates a formal Risk Management policy and maintains a Risk Register. The ISI Risk Committee meet quarterly to review all risks. This ensures that risks are identified and assessed, and necessary mitigating actions are, where resources allow, put in place. Reflecting the key priorities of the organisation, the following potential risks were identified as the main areas that could negatively impact on the ISI in 2024: Risks Controls & Mitigating Actions Adequate staff resources ▪ We have maintained a close relationship with HR over 2023 including conducting monthly meetings and working to retain promoted staff where possible. As a result we had reduced our vacancy rate significantly over the year. ▪ However, this continues to be an issue across the Civil Service and we expect this risk to remain at an elevated level in the ISI throughout 2024. It is particularly critical for the ISI given elevated staff turnover levels over the past two years and a consequent loss of highly skilled staff, especially through promotion. ▪ We will continue to liaise closely with HR and have mitigated somewhat the impact of a loss in specialist staff through appropriate operational restructuring. GDPR ▪ The ISI has a high level of compliance to GDPR requirements and we have completed an extensive exercise to improve our policies, procedures and training in the area. ▪ However, our organisation manages a large volume of sensitive information and we therefore consider this to be one of our top risks.. ▪ We are prepared for an audit of our GDPR compliance scheduled for Quarter 2 of 2024 and will welcome any further recommendations that flow from that audit. ▪ A related risk revolves around an increasing number and complexity of DAR requests, particularly in our Bankruptcy division. Dealing with these requests can require significant resources and carry a risk of non-compliance with statutory delivery deadlines. We have recently delivered specialist training to staff to help us deal more efficiently with these requests. IT Infrastructure and security ▪ A cyber-attack risks exposure of confidential financial information of debtors and/or substantial disruption to regular ISI operation of insolvency arrangements and bankruptcies. The ISI is fully dependant on the security and resilience of the ICT hosting services of the DOJ IM&T team and continues to engage around adequate disaster recovery assurances. ▪ The ISI has also taken action locally to train staff to be aware of potential cyber-attack techniques.

Potential Risk Factors. The ISI operates a formal Risk Management policy and maintains a Risk RegisterRegister and this is updated on an ongoing basis. The ISI Risk Committee meet quarterly to review all risks. This maintenance of the Register ensures that risks are identified and assessed, assessed and necessary mitigating actions are, where resources allow, put in place. Reflecting the key priorities of the organisation, the following potential risks were identified as the main areas that could negatively impact on the ISI in 20242021: Risks Controls & Mitigating Actions Adequate staff resources ▪ Mitigants Funding of Bankruptcy Function given depleted Unclaimed Dividends Account • Temporary solution agreed with Department/DPER on Bankruptcy funding for 2020/21. • Provision made in ISI Budget for 2021 for prudence sake. • Subject to legal advice around the use of Section 21 for funding Bankruptcy, ISI will seek to agree a longer term mechanism in due course with the Department/DPER Business Continuity during Covid-19 Pandemic • ISI maintained business continuity in 2020 although activity was subdued somewhat with protective certificates and insolvency arrangements down 29% and 15% respectively overall compared to 2019. We are in a strong position to deal with any recovery in demand together with any additional demand arising from the economic consequences of the Pandemic. • Our new CMS went operational in 2020 despite the disruption to working arrangements. • Access to remote working has been maximised and is working well. • Revised logistical arrangements have maintained been agreed with Stakeholders including virtual meetings between PIPs and Debtors, virtual court sittings and revised court protocols. • The Personal Insolvency Amendment Xxxx which will, inter alia, give statutory effect to the above revised arrangements is currently working its way through the Oireachtas. • Staff access to a close relationship with HR over 2023 including conducting monthly meetings and working to retain promoted staff where possible. As a result we had reduced our vacancy rate significantly over softphone solution has ensured that the year. ▪ However, this ISI helpline continues to be an issue across the Civil Service and we expect this risk operate GDPR • GDPR project expected to remain at an elevated level complete in 2021 to ensure the ISI throughout 2024. It is particularly critical for the ISI given elevated staff turnover levels over the past two years and a consequent loss of highly skilled staff, especially through promotion. ▪ We will continue to liaise closely with HR and have mitigated somewhat the impact of a loss in specialist staff through appropriate operational restructuring. GDPR ▪ The ISI has a high level of maximises its compliance to GDPR requirements and we have completed an extensive exercise to improve our policies, procedures and training in the area. ▪ However, our organisation manages a large volume of sensitive information and we therefore consider this to be one of our top risks.. ▪ We are prepared for an audit of our GDPR compliance scheduled for Quarter 2 of 2024 and will welcome any further recommendations that flow from that audit. ▪ A related risk revolves around an increasing number and complexity of DAR requests, particularly in our Bankruptcy division. Dealing with these requests can require significant resources and carry a risk of non-compliance with statutory delivery deadlines. We have recently delivered specialist training to staff to help us deal more efficiently with these requests. IT Infrastructure and security ▪ A cyber-attack risks exposure of confidential financial information of debtors and/or substantial disruption to regular ISI operation of insolvency arrangements and bankruptcies. The ISI is fully dependant on the security and resilience of the ICT hosting services of the DOJ IM&T team and continues to engage around adequate disaster recovery assurances. ▪ The ISI has also taken action locally to train staff to be aware of potential cyber-attack techniquesrequirements.

Potential Risk Factors. The ISI operates a formal Risk Management policy and maintains a Risk Register. The ISI Risk Committee meet quarterly to review all risks. This ensures that risks are identified and assessed, and necessary mitigating actions are, where resources allow, put in place. Reflecting the key priorities of the organisation, the following potential risks were identified as the main areas that could negatively impact on the ISI in 20242022: Risks Controls & Mitigating Actions Adequate staff resources Mitigants Funding of Bankruptcy Function given depleted Unclaimed Dividends Account ▪ We have The ISI agreed a solution with the Department/DPER on Bankruptcy funding for 2021/22. The ISI will work with the Department on funding for 2023 and beyond. Business Continuity ▪ The ISI adapted well to the business continuity risks caused by the Covid-19 Pandemic and ensured that access to insolvency solutions was maintained a close relationship for debtors in difficulty. ▪ Achieved through logistical innovations, amending legislation, successful remote working arrangements and ongoing case management system upgrades. ▪ Given the current geo-political situation, remote access will be key in scheduling workloads in the event of any unforeseen occurrence impacting on site attendance. ▪ While insolvency activity was subdued somewhat during the pandemic it has stabilised and the ISI is well placed to deal with HR over 2023 including conducting monthly meetings and working to retain promoted staff where possibleany recovery and/or increase in demand post pandemic. ▪ As a result result, our risk is currently assessed as “Green” but given the unpredictable nature of Covid, and the geo- political context, we had reduced our vacancy rate significantly over the year. ▪ However, this continues to be an issue across the Civil Service and we expect this still assess it as a priority risk to remain at an elevated level in the ISI throughout 2024. It is particularly critical for the ISI given elevated staff turnover levels over the past two years and a consequent loss of highly skilled staff, especially through promotion. ▪ We will continue to liaise closely with HR and have mitigated somewhat the impact of a loss in specialist staff through appropriate operational restructuringmonitoring purposes. GDPR ▪ The Whilst ISI has a high level of compliance to GDPR requirements we initiated an exercise in late 2020 to maximise this through completing more detailed ROPAs and we have completed an extensive exercise to improve updating our policies, procedures and training in data retention policy. We are also clarifying our records retention obligations with the areaNational Archives. ▪ However, our organisation manages Good progress has been made but its completion in 2021 was impacted by a large volume loss of sensitive information and we therefore consider this to key personnel. ▪ This exercise will be one of our top risks.. ▪ We are prepared for an audit priorities in 2022. Timely completion of our GDPR compliance scheduled for Quarter 2 of 2024 and will welcome any further recommendations that flow from that audit. ▪ A related risk revolves around an increasing number and complexity of DAR requests, particularly in our Bankruptcy division. Dealing with these requests can require significant resources and carry a risk of non-compliance with statutory delivery deadlines. We have recently delivered specialist training to staff to help us deal more efficiently with these requests. IT Infrastructure and security ▪ A cyber-attack risks exposure of confidential financial information of debtors and/or substantial disruption to regular ISI operation of insolvency arrangements and bankruptcies. projects within budget The ISI is fully dependant completing a number of approved IT projects during 2022 including:- ▪ New bankruptcy case management system; ▪ Phoenix system enhancement project; ▪ Redevelopment of Back on the security Track website; ▪ EU Insolvency Interconnector project. Appropriate oversight and resilience of the ICT hosting services of the DOJ IM&T team monitoring structures are in place, including SMT oversight, to ensure completion in a timely and continues to engage around adequate disaster recovery assurances. ▪ The ISI has also taken action locally to train staff to be aware of potential cyber-attack techniquescost effective manner.

Potential Risk Factors. The ISI operates a formal Risk Management policy and maintains a Risk Register. The ISI Risk Committee meet quarterly to review all risks. This ensures that risks are identified and assessed, and necessary mitigating actions are, where resources allow, put in place. Reflecting the key priorities of the organisation, the following potential risks were identified as the main areas that could negatively impact on the ISI in 20242023: Risks Controls & Mitigating Actions Adequate staff resources ▪ This has become a critical risk for the ISI in the latter half of 2022 and into 2023. We have maintained a close relationship with HR over 2023 including conducting monthly meetings and working to retain promoted staff where possible. As a result we had reduced our vacancy rate significantly over the year. ▪ However, recognise that this continues to be is also an issue across the Civil Service Service. ▪ It is particularly critical for the ISI however given the loss of highly skilled and experienced staff, especially through promotion. ▪ We are working hard to mitigate our staff vacancy risks including retaining promoted staff where we can and meeting monthly with HR at a senior management level to maximise our recruitment efforts. ▪ However we expect this risk to remain at an elevated level in the ISI throughout 2024. It is particularly critical for the ISI given elevated staff turnover levels over the past two years and a consequent loss of highly skilled staff, especially through promotion. ▪ We will continue to liaise closely with HR and have mitigated somewhat the impact of a loss in specialist staff through appropriate operational restructuring2023. GDPR ▪ The Whilst ISI has a high level of compliance to GDPR requirements we completed an exercise in 2022 where we constructed more detailed ROPAs, updated our data retention policy and clarified our records retention obligations with the National Archives. ▪ Good progress has been made in this complicated area and we have completed an extensive exercise to improve our policies, procedures and training in the area. ▪ However, our organisation manages a large volume of sensitive information and we therefore consider this to be one of our top risks.. ▪ We are prepared for an audit of our GDPR compliance scheduled for expected in Quarter 2 3 of 2024 and 2023. We will welcome any further recommendations that flow from that audit. Timely completion of IT projects within budget The ISI has completed a number of approved IT projects during 2022 including:- ▪ A related risk revolves around an increasing number and complexity Phoenix system enhancement project; ▪ Redevelopment of DAR requests, particularly Back on Track website; ▪ EU Insolvency Interconnector project. The completion of our new bankruptcy case management system has been delayed into 2023 for reasons beyond our control primarily due to the loss of key personnel in our Bankruptcy divisionIT Contractor. Dealing with these requests can require significant resources As such, this remains a key risk for the ISI. Appropriate oversight and carry a risk monitoring structures are in place, including SMT oversight, to ensure completion of non-compliance with statutory delivery deadlines. We have recently delivered specialist training to staff to help us deal more efficiently with these requeststhis project in 2023. IT Infrastructure and security ▪ A cyber-attack risks exposure of confidential financial information of debtors and/or substantial disruption to regular ISI operation of insolvency arrangements and bankruptcies. The ISI is fully dependant on the security and resilience of the ICT hosting services of the DOJ IM&T team and continues to engage around adequate disaster recovery assurances. ▪ The ISI has also taken action locally to train staff to be aware of potential cyber-cyber attack techniques, and is currently awaiting support from the DOJ IM&T team to proceed with a programme of phishing testing. ▪ The ISI access to statistical reporting from Phoenix is restricted to one staff member reporting on a case-by-case basis resulting a key person risk and a restricted ability to respond to business demands, press inquiries etc. ▪ The ISI continues to request access from DOJ IM&T team to Phoenix data via Microsoft Power BI or equivalent technologies but is reliant on local resource heavy solutions until that access is granted.