Chapter 7: Risk Management And Contingency
111. Risk is the potential that an action or event will lead to a loss or undesirable outcome. Risk management is identification, prioritisation and treatment of risks to minimize, monitor, and control the likelihood of an unfortunate event or to maximize opportunities.
112. The Enquiry Point does not have a risk register detailing risks that may impact on achievement of objectives or in the ability to provide a service. However, there is a business continuity plan in place which details responsible persons and actions to be taken in the event of loss of service. For example:
- local power outage/IT issues - trained operators from Paisley or Highlands and Islands will log on and answer calls
- fire - re-locate to Scottish Prosecution College, Glasgow
113. It was noted that there is still further work or testing to be done in relation to some circumstances, for example, when BT equipment fails or IT services fail.
It is recommended that the Enquiry Point formally identifies and records all risks which may impact on the delivery of services. These risks should be prioritised and controls or counter measures identified to limit or help prevent negative outcomes.
It is also recommended that actions already identified in the Enquiry Point business continuity plan be followed up and tested.