Risk Management

Our Risk Management Environment

Throughout 2024, Uisce Éireann has continued to experience and respond to the dynamic and interconnected global risk landscape which is continually evolving. Uisce Éireann operates within a complex environment, managing and operating an aged asset infrastructure. Strong risk governance is integral to all our activities and our risk framework is designed to support the business in maintaining effective risk management in the ever-changing environment. We are committed to integrating and embedding effective risk management practices across all our activities to drive resilience in the operating environment.

Effective risk management within the organisation is key to achieving our strategic objectives while safeguarding the interests of our shareholders, customers and the wider community.

Risk management within Uisce Éireann also supports our forward planning and facilitates well informed and proactive risk-based decision making across our activities. The principles outlined in Uisce Éireann’s Organisational Risk Management Policy guide our risk management practices. Many of our risks are enduring, reflecting the long-term nature of our activities. These risks may evolve over time due to changing internal and external factors and events.

Despite a challenging risk landscape, Uisce Éireann successfully managed these challenges throughout 2024 and remains resilient in its responses. Risks with the potential to impact on our strategic objectives were fully assessed for their potential impacts, taking into consideration the risk mitigation measures which are being employed. These risks continue to be closely monitored, with our risk management approach forming an integral component of our overall organisational resilience.

Our approach to risk is championed under the following principles

Proactive Risk Culture

Ensures our risk culture is embedded within the organisation, enabling our people to have the awareness and understanding of the risks which have the potential to affect our ability to achieve our business objectives.

Competence

Ensures our people are competent and capable of managing risks effectively.

Effective Management

Ensures our risk management processes underpin the successful achievement of our business objectives by empowering our people to manage risks.

Risk Management Framework

During 2024, Uisce Éireann maintained an effective, integrated and structured approach to risk management, including a comprehensive risk management process to manage, review, monitor and report on the principal risks and uncertainties that could potentially impact the achievement of our strategic objectives.

Uisce Éireann’s Organisational Risk Management Framework, policy and processes are well established and are consistently applied across the organisation, thus facilitating the identification, assessment, monitoring and reporting of risks at all levels of the organisation at an individual and aggregate level.

Risk Culture

Uisce Éireann recognises that successful risk management is dependent on an effective risk culture, encompassing the behaviours, norms and attitudes of our people. Uisce Éireann management recognises the criticality of an effective risk culture which continuously evolves and develops and is promoted through ‘tone from the top’ and regular risk management training. We continuously and actively engage in horizon scanning to assist in identifying new and emerging risks. As a result, the importance of risk management, including clear accountability and ownership of risks, is evident throughout Uisce Éireann. It is recognised that everyone in the organisation has a role to ‘speak up’ about risk.

The Board and Risk Management

The Board has overall accountability for effective risk management across Uisce Éireann, regularly reviewing and challenging the principal risks presented to them by management, ensuring they are appropriately assessed, managed and mitigated.

The Audit and Risk Committee has the delegated authority to support the Board with these obligations. It is supported in maintaining an effective risk management environment by a dedicated risk team and a top-down, bottom-up risk governance model.

Risk Assessment Methodology

Uisce Éireann undertook a comprehensive review of its risk assessment methodology in 2024. A refreshed risk assessment methodology is now in place which sets out an updated standard methodology to assessing risks at all levels of the organisation, considering both risk impact and likelihood. This consistent approach aids decision making and prioritisation of key mitigating actions. The methodology was reviewed and approved by the Audit and Risk Committee, and the Board.

Risk Strategy

The Board approved a new Risk Strategy for Uisce Éireann in 2024. The approved Risk Strategy (2025-2029) sets out ambitions for the next 5 years in the areas of leadership and governance, people and culture, integration and tools, and technology. The ambition of the strategy is to deliver further maturity of the risk model and to support and empower risk based decision making across the organisation.

Risk Appetite

During 2024, the Board set an updated Risk Appetite for the organisation, expressing the level and type of risk Uisce Éireann is willing to accept in the pursuit of its strategic objectives. The Risk Appetite is aligned to categories of risk to which Uisce Éireann is exposed.

Deep Dives

During 2024, the Audit and Risk Committee considered the status of the principal risks and related mitigating actions and was presented with a number of Deep Dive Reviews to further enhance their understanding of certain principal risks and their key mitigations.

Organisational Risk Management (ORM ) 4 step process

Uisce Éireann follows leading practice and uses a four-step process to ensure the consistent identification, assessment, response and monitoring of risk across the organisation, to support the delivery of our strategic objectives.

Diagram of the ORM 4-step process: Define, Assess, Manage risks, and Monitor, review, report.

Principal risks and uncertainties

Note: Risks are not listed in order of importance or priority.

Health and Safety

Risk

A significant people, process or asset safety event resulting in serious injury/ fatality or negative impact to the health and well-being of staff, Water Services staff/ contractor, other delivery partner or the public.

Context

All health and safety legislation and arrangements must be adhered to in order to protect staff, delivery partners, and the public from injury or fatality and avoid potential prosecution and financial loss and reputational damage.

Uisce Éireann is currently going through an organisational change, implementing a consistent approach to safety behaviours and culture.

Key mitigations

  • Implementation of 31 existing Local Authority Safety Management systems in addition to the implementation, promotion and maintaining certification of the National Uisce Éireann Safety Management System (ISO 45001).
  • Strong governance, health and safety performance monitoring and promoting a safety culture.
  • National Safety Risk Programme.
  • Proactive approach to safety incidents to address systemic safety issues and taking risk-based, asset-specific interventions where required.
  • Provision of training and competency assessment across the water industry to ensure everyone is well versed in our safety expectations and standards.
  • Promoting a positive culture towards mental health and wellbeing for all who work with Uisce Éireann.
  • Safety Strategy implementation.

Infrastructure, Assets and Operational Delivery

Risk

Failure to meet present and future water demand in the Greater Dublin Area, resulting in major water outage/ loss of water treatment or the inability to provide new connections.

Context

Without additional capacity, quantity and quality issues could result in potential water supply challenges, social and economic impacts, and a failure to support future growth demands.

The supply of water to the Greater Dublin Area lacks resilience. Even with an improved network efficiency and leakage reduction, population growth, economic growth and climate change will exacerbate the water supply problem in the Greater Dublin Area. Until a major new source of water is delivered, Uisce Éireann will not be able to achieve the desired level of service and will continue to run the risk of sustained outages impacting homes and businesses.

A key concern is that the Water Supply Project - Eastern and Midlands Region (the long-term strategic solution to meet future demands) may experience delays in the statutory consent process, similar to other Strategic Infrastructure Delivery projects including the Greater Dublin Drainage project.

Key mitigations

  • The National Water Resources Plan has assessed national water capacity and quality, focusing on sustainable supply and demand balance in the short, medium, and long term.
  • The Water Supply Project - Eastern and Midlands Region has been identified as the key preferred project for the long-term strategic solution to meet the future demands of the Eastern and Midlands Region. The Minister has approved this project to go to An Bord Pleanála for planning permission in 2025.
  • Key upgrade measures and investment are underway and proposed to increase resilience, reduce leakage, and operationally manage the risk in the short to medium term.
  • Ongoing monitoring of all water resource levels (rivers, lakes, boreholes, impounding reservoirs) with short term measures available to boost water available for use.

Risk

Risk of failure to achieve sufficient net leakage reduction.

Context

Not achieving leakage reduction could result in customer and service impacts, increase operating costs and reduce efficiencies, impacting Uisce Éireann’s strategic objective of becoming a trusted utility.

Key mitigations

  • Project in place with specific focus on leakage in the Greater Dublin Area to prioritise short term leakage reduction activities to manage the increasing demand.
  • New Leakage Operations Centre of Excellence established.
  • Key programmes in place including - Find & Fix programme, First Fix Programme, watermain replacement, metering and pressure/ network management.
  • Leakage Strategy, Leakage Management System, and Annual Leakage Management plan in place.

Risk

Failure to deliver sufficient capacity nationally to meet the needs of future connecting customers and wider economic growth and development, could impact Uisce Éireann’s ability to deliver on Government Policy/ Plans.

Context

Uisce Éireann has a significant role to play in supporting Ireland’s economic growth, compliance, and development goals. If Uisce Éireann cannot deliver sufficient capacity, it will have a reputational impact as well as the potential to impact economic growth and development.

Key mitigations

  • Delivering the Uisce Éireann Capital Investment Plan.
  • Progression of key strategic infrastructure projects e.g. Water Supply Project - Eastern and Midlands Region and the Greater Dublin Drainage Project.
  • GDA Asset Upgrades ongoing. Mitigation plan in place for additional capital upgrades to improve GDA resilience.
  • Capacity upgrade works ongoing at Ringsend Wastewater Treatment Plant to increase capacity within the Ringsend agglomeration.
  • Ongoing interim measures to meet drinking water demand.

Risk

Risk of failure to provide adequate wastewater treatment and associated network infrastructure resulting in significant environmental impacts, and potential legal infringements.

Context

Poor asset condition and/ or operational issues can lead to environmental damage and prosecution, together with delays to critical improvement works due to operational challenges and external factors (such as statutory or planning or legal challenges).

An example of this is a delay in the completion of statutory processes for the Greater Dublin Drainage Project, which is directly impacting on the provision of strategic infrastructure essential to ensure the continued growth and development of the Greater Dublin Area. Changes in water quality standards, environmental regulations, and compliance requirements could lead to fines and/ or operational challenges.

Key mitigations

  • Greater Dublin Drainage Project is a key project for long term wastewater treatment and resilience in the Greater Dublin Area.
  • Capital maintenance programmes are in place to replace or refurbish failed or failing assets and maintain existing levels of service.
  • Cross functional forums ensure consistent wastewater reporting/ messaging on priority plants to the EPA and other stakeholders.
  • Capacity Upgrade works ongoing at Ringsend Wastewater Treatment Plant to increase treatment capacity within the Ringsend agglomeration (2.4M population equivalent).
  • Regional Biosolids Storage Facility construction has commenced.
  • National Wastewater Sludge Management Plan.
  • Sampling and analysis are undertaken in accordance with legislative requirements.
  • Drainage Area Plans are under development in key agglomerations.
  • Implementation of real-time monitoring and analysis of key/ critical plants to identify issues.
  • Ongoing engagement with key stakeholders in relation to the recast of the Urban Wastewater Treatment Directive.

Risk

Risk of critical asset failure, resulting in significant service disruption.

Context

Historic under-investment in Ireland’s water and wastewater networks and treatment facilities has resulted in Uisce Éireann operating with aged assets and infrastructure.

Due to aging infrastructure, network vulnerability to severe weather events, supply chain challenges, and/ or people resourcing challenges.

Key mitigations

  • Management and investment in key assets, including the Capital Investment Plan which prioritises areas of investment to focus on strategic priorities in line with the Water Services Policy Statement and Water Services Strategic Plan.
  • Continued focus on resilience, emergency preparedness and business continuity planning.
  • Adoption of an asset management approach in line with international best practice.
  • Asset Stewardship framework supported by site, regional and national stewardship groups.
  • Critical asset reporting.

Risk

Risk of a cyber-attack targeting systems impacting our infrastructure and delivery of services.

Context

A cyber-attack could compromise the integrity of data, disrupt normal operations, and pose a threat to the security of Ireland’s water supply. Such an incident would also have the potential to cause public health and safety issues, reputational damage, and/ or potential fines.

Key mitigations

  • Strategy to further mature and strengthen our cyber security capability to enhance Uisce Éireann’s resilience against a potential cyber-attack.
  • Security Operations Centre operating 24/7, monitoring Information Technology and Operating Technology assets.
  • Ongoing engagement with the National Cyber Security Centre to proactively manage any threats.
  • Continual monitoring for Network and Information Security Directive Compliance.
  • Cyber Resilience Plan and Runbook under ongoing review and simulation exercises undertaken.
  • Online cyber security training for employees with regular simulated phishing exercises and other initiatives to keep employees vigilant and informed about emerging threats.

Risk

Risk of an externally driven major shock, (e.g. extreme weather events due to climate change, threat of global pandemic, increasing geopolitical volatility, inflation, supply chain disruption etc.), impacting infrastructure and delivery of services.

Context

Uisce Éireann may be impacted by shock events such as macro-economic impacts arising from global volatility, global pandemic, climate changes e.g. increased frequency of flood/ storm events, national security challenges.

Key mitigations

  • Governance and oversight models support early identification of external events that may impact on business delivery activities.
  • Effective Risk and Resilience Management including crisis management, business continuity plans and response and scenario planning in place.
  • Climate resilience efforts continue to be developed as an integral part of our asset design and planning.
  • Active horizon scanning.

Financial

Risk

Failure to have an appropriate funding model, due to the lack of multi-annual funding certainty and allocation, or insufficient revenue control allowance determination, impacting our infrastructure and delivery of services.

Context

Uisce Éireann’s capital and operational funding is approved by the Commission for Regulation of Utilities (CRU) through a ‘Revenue Control’ process. The CRU are currently undertaking a determination of appropriate Operational and Capital allowances for the period 2025-2029.

Key mitigations

  • Comprehensive stakeholder engagement (Governmental Departments and Regulators) to ensure appropriate funding allocation and support.
  • Robust internal budgetary and expenditure governance.

Customer, People, Stakeholder and Reputation

Risk

Risk that Uisce Éireann will not have appropriate or sufficient resources/ capability, culture initiatives and strategic enablers in place impacting infrastructure and delivery of services.

Context

Uisce Éireann is undergoing organisational change until December 2026, having assumed direct responsibility for water services in 31 Local Authority areas. Alongside the transfer of operational services, Uisce Éireann continues to engage with Local Authority staff to join the organisation.

Uisce Éireann operates in a competitive recruitment environment with high employment levels nationally and resourcing challenges in key areas of our business requiring specialist capabilities.

Ensuring Uisce Éireann’s culture is effectively developed and maintained during a period of significant change is critical to enable the organisation’s success in the delivery of water services and will allow the retention and attraction of people, reducing the risk of organisational instability.

Key mitigations

  • Target Operating Model fulfilment.
  • Dedicated headcount forums in place.
  • Uisce Éireann’s People and Safety Strategy includes several employee-focused strategic plans, including but not limited to Diversity, Equity and Inclusion, Engagement and Wellbeing, Occupational Health, and Hybrid Working.
  • The new set of values and behaviours were launched in 2024, as part of the “We Live Water” programme.
  • Sustainable Employee Engagement is tracked, and development actions are undertaken at an organisational level in response to surveys and employee feedback.

Risk

Risk of Uisce Éireann incurring reputational damage and/ or loss of trust where Uisce Éireann is unable to deliver on key stakeholder expectations due to the scale of investment required versus funding available, combined with increasing policy and regulatory requirements.

Context

Delivering for our customers and stakeholders and building trust, confidence and gaining their support is essential to enable Uisce Éireann to deliver water services and to achieve the organisation’s strategic objectives.

Key mitigations

  • Keeping the public fully informed, in a timely manner, on all matters relating to water services is a critical priority especially on issues of public health.
  • A new Corporate Strategy has been developed and rolled out with a key focus on Customer Service, Stakeholder Engagement and Reputation.
  • Stakeholder engagement ongoing at key forums.
  • Comprehensive communication plans and processes, including public consultations on our key projects and local community and school programmes.

Strategy, Compliance and Regulation and Legal

Risk

A significant failure to comply with Drinking Water Regulations and to deliver clean, safe drinking water to required standards could lead to critical public health risk to consumers, prosecution, EU infringement or reputational impacts.

Context

While work continues across the aged asset infrastructure to improve quantity and quality of drinking water supply, there is a risk of quality issues materialising.

Issues may arise due to severe weather events or delays to critical improvement works (due to operational challenges and external factors such as statutory or planning issues, legal challenges, and judicial reviews).

Key mitigations

  • Our National Operations Management Centre is operating 24/7, monitoring alarms and water treatment performance at the critical water treatment plants.
  • Delivery of the Capital Investment Plan to upgrade assets and improve resilience.
  • Ongoing training of plant operational staff in plant operations and incident reporting.
  • Cross-functional forums ensure consistent drinking water reporting/ messaging on priority plants to the Environmental Protection Agency (EPA) and other stakeholders.
  • Sampling and analysis are undertaken in accordance with legislative requirements.
  • Cross organisational engagement on the new Drinking Water Regulatory compliance implementation is ongoing.
  • Drinking water Expert Implementation Groups – internal and external.
  • A National Drinking Water Safety Plan team, processes, procedures and system is in development.

Risk

Failure to fully deliver all expected outcomes in the Uisce Éireann Transformation Programme impacting our infrastructure and delivery of services.

Context

Uisce Éireann now has direct responsibility for water services in all 31 Local Authority areas. The transfer of operational responsibility means Uisce Éireann is fully accountable for the delivery of Water Services in these local authority areas along with the necessary management and direction of all water services staff, including those who remain employed by the Local Authority, whilst also directly responsible for regulatory and legislative compliance.

Key mitigations

  • Development of a future organisation structure that reflects the capabilities necessary for the Uisce Éireann of the future.
  • Strong Project governance in place.
  • The Uisce Éireann Transformation Programme has established Centres of Excellence.
  • Alongside the transfer of operational services, ongoing engagement continues with Local Authority staff to encourage as many as possible to join our new shared organisation while there is progress in recruitment for critical vacancies.