Risk Management Framework
During 2024, Uisce Éireann maintained an effective, integrated and structured approach to risk management, including a comprehensive risk management process to manage, review, monitor and report on the principal risks and uncertainties that could potentially impact the achievement of our strategic objectives.
Uisce Éireann’s Organisational Risk Management Framework, policy and processes are well established and are consistently applied across the organisation, thus facilitating the identification, assessment, monitoring and reporting of risks at all levels of the organisation at an individual and aggregate level.
Risk Culture
Uisce Éireann recognises that successful risk management is dependent on an effective risk culture, encompassing the behaviours, norms and attitudes of our people. Uisce Éireann management recognises the criticality of an effective risk culture which continuously evolves and develops and is promoted through ‘tone from the top’ and regular risk management training. We continuously and actively engage in horizon scanning to assist in identifying new and emerging risks. As a result, the importance of risk management, including clear accountability and ownership of risks, is evident throughout Uisce Éireann. It is recognised that everyone in the organisation has a role to ‘speak up’ about risk.
The Board and Risk Management
The Board has overall accountability for effective risk management across Uisce Éireann, regularly reviewing and challenging the principal risks presented to them by management, ensuring they are appropriately assessed, managed and mitigated.
The Audit and Risk Committee has the delegated authority to support the Board with these obligations. It is supported in maintaining an effective risk management environment by a dedicated risk team and a top-down, bottom-up risk governance model.
Risk Assessment Methodology
Uisce Éireann undertook a comprehensive review of its risk assessment methodology in 2024. A refreshed risk assessment methodology is now in place which sets out an updated standard methodology to assessing risks at all levels of the organisation, considering both risk impact and likelihood. This consistent approach aids decision making and prioritisation of key mitigating actions. The methodology was reviewed and approved by the Audit and Risk Committee, and the Board.
Risk Strategy
The Board approved a new Risk Strategy for Uisce Éireann in 2024. The approved Risk Strategy (2025-2029) sets out ambitions for the next 5 years in the areas of leadership and governance, people and culture, integration and tools, and technology. The ambition of the strategy is to deliver further maturity of the risk model and to support and empower risk based decision making across the organisation.
Risk Appetite
During 2024, the Board set an updated Risk Appetite for the organisation, expressing the level and type of risk Uisce Éireann is willing to accept in the pursuit of its strategic objectives. The Risk Appetite is aligned to categories of risk to which Uisce Éireann is exposed.
Deep Dives
During 2024, the Audit and Risk Committee considered the status of the principal risks and related mitigating actions and was presented with a number of Deep Dive Reviews to further enhance their understanding of certain principal risks and their key mitigations.
Organisational Risk Management (ORM ) 4 step process
Uisce Éireann follows leading practice and uses a four-step process to ensure the consistent identification, assessment, response and monitoring of risk across the organisation, to support the delivery of our strategic objectives.