450. Deputy Paul Donnelly asked the Minister for Justice the stage of preparation of a strategic threat risk assessment for An Garda Síochána at present. [60379/21]
Minister for Justice (Deputy Helen McEntee): As the Deputy will appreciate, under the Garda Síochána Act 2005, the Garda Commissioner is responsible for the management and administration of An Garda Síochána which includes the policy and procedures to manage operational and corporate risk.
I am advised by the Garda authorities that a comprehensive review of the organisation's risk management framework was conducted in 2015 and 2016 and resulted in the implementation of the 'Revised Approach to Risk Management’. This approach is compliant with obligations under An Garda Síochána Act 2005, the Department of Public Expenditure and Reform guidance, ‘Code of Practice for the Governance of State Bodies’ (August 2016) and ‘Risk Management Guidance for Government Departments and Offices’ (February 2016). It also aligns with ISO 31000 ‘Risk Management – Principles and Guidelines’.
I am informed that the Deputy Commissioner, Strategy, Governance & Performance is the Chief Risk Officer for An Garda Síochána, on behalf of the Commissioner, and chairperson of the Risk & Policy Governance Board. This role includes the identification of corporate risks, holding risk owners to account, championing risk management at all levels in the organisation and advising the Commissioner on the status and effectiveness of risk management.
In identifying strategic and corporate risks facing An Garda Síochána, I am further informed that the Chief Risk Officer conducts a ‘risk-proofing’ of the Annual Policing Plan, considers risks recorded on local risk registers and undertakes a process of environmental scanning. The Garda Risk Management Unit support the Chief Risk Officer in this process. The Corporate risks facing An Garda Síochána fall under a number of categories including Operational, Technological, Financial, Innovation, Infrastructure and numerous other categories.
The Chief Risk Officer appoints a Corporate Risk Owner, usually of Assistant Commissioner rank or Executive Director grade, and assigns them responsibility to manage specific corporate risks. The Chief Risk Officer presents the Corporate Risk Register, with assigned Corporate Risk Owners, to the Risk and Policy Governance Board for consideration and approval.
I am advised that the Risk and Policy Governance Board, chaired by the Chief Risk Officer has overall responsibility for the risk management process and for certifying its continuation and effective functioning. The Board meet at least quarterly and provide an annual assurance statement to the Garda Commissioner. The Board also has responsibility for approving corporate risks, managing the Corporate Risk Register, assigning risk owners to manage corporate risks and monitoring the effectiveness of risk controls for each corporate risk.
The Garda Risk Management Unit comes under the remit of Assistant Commissioner, Governance and Accountability and is headed by a Superintendent supported by Garda Staff. The Unit supports the Chief Risk Officer, the Risk and Policy Governance Board and all risk management stakeholders, and ensures organisation-wide compliance with policy by way of training, guidance, support and quality assurance.
The Garda authorities have advised me that there are currently 11 principal risks captured on the Corporate Risk Register, which are being actively managed by assigned Corporate Risk Owners. Risk registers are considered restricted documentation and only personnel who are involved in the management or auditing of risks, or the risk process, are provided with access to risk registers. Access to risk registers is determined based on requirement.