Insolvency of supplier(s) of critical services to the public sector
| Impact | 5 |
|
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 4 |
|
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||
| 3 |
|
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||
| 2 |
|
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||
| 1 |
|
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||
| 1 |
2 |
3 |
4 |
5 |
|||||||||||||||||||||||||||||||||||||||||||||||
| Likelihood | |||||||||||||||||||||||||||||||||||||||||||||||||||
| ID | 14 |
|---|---|
| Risk theme | Accidents and system failures |
Impact & Likelihood
| 5 | Catastrophic |
|---|---|
| 4 | Significant |
| 3 | Moderate |
| 2 | Limited |
| 1 | Minor |
| 5 | >25% |
|---|---|
| 4 | 5-25% |
| 3 | 1-5% |
| 2 | 0.2-1% |
| 1 | <0.2% |
Background
There is a risk that a major supplier of critical services to public sectors could suffer insolvency. The types of critical service impacted may vary, and include (but are not limited to) IT services, banking facilities or medical sterilisation services. Any insolvency of a critical supplier could also lead to the disruption of essential public sector services. A number of risk management activities mitigate the risk of insolvency or its impacts, including ongoing commercial capability building across government and the requirement for corporate resolution plans for suppliers of the most critical contracts across government.
Scenario
The reasonable worst-case scenario of this risk is based on the insolvency of a supplier of critical IT services supporting operational systems or back office processes integral to critical national services across the country, such as emergency services communication systems, court services and customs/ immigration services and systems. Potential significant impact upon critical service operational delivery, such as lack of ability of emergency services to effectively operate, shutdown or slowdown of immigration systems resulting in reduction of UK border capacity. Ongoing projects likely to incur delays and increased costs. Strategic and political consequences are likely, such as job losses and reputational impacts for the government. Impact dependent on the nature, size and geography of service and supplier.
Key assumptions
This scenario assumes that reasonable recovery measures are in place at customers, including government departments, but that these are not sufficient to entirely mitigate the risks associated with loss of service.
Variations
Insolvencies may create secondary risks to critical national infrastructure (CNI) targets, such as cyber attacks. These may require more specialised capability and intervention to manage the risk.
Response capability requirements
Continued training on the Sourcing Playbook, the government guidance on making insourcing and outsourcing decisions, and delivering public services in partnership with the private and third sectors. This should be complemented by building commercial, financial and operational capability across government, bolstering effective contract and supplier management. Specialist capability is required to manage distress and contingency plans, such as back- up operations. Central capability in corporate finance (restructuring, insolvency, etc) and in the planning and provision of digital services and data would be required to manage the wide-ranging risks across the government portfolio. Risk mitigations, such as government intervention, should be enabled through controlled and evidenced assessment procedures and relevant legislation.
Recovery
With reasonable recovery plans in place, recovery of systems could be instantaneous or take as long as weeks, depending on the type of services and the supplier’s role. Recovery of services could be hampered by backlogs as a result of outages and further work generated by the adoption of short-term manual processes.