Skip to main content

Our risks

Our risk management framework combines our risk strategy and practical guidance on managing risks at all levels in the organisation, so we can anticipate challenges we may face in implementing our plans and preparing for them effectively. Our Executive Group review, update and discuss risks on a quarterly basis, with a focus on both short/medium-term and long-term risks that are captured and discussed separately.

The risk of cyber-attacks remains a key focus. This reflects the current heightened global tensions and heightened risk levels across government. We are pleased to be making progress in reducing the risk that the CPS becomes unable to meet demand for its services, and the scoring of this risk is trending downwards.

Our principal risks:

Our principal risks during the year 2025-26:

RiskMitigations

Direction

Category

The CPS fails to meet expectations for Casework QualityQuality is strengthened through ongoing thematic assurance reviews, inspections, and specialist monitoring schemes. Casework is supported by the Casework App and enhanced legal guidance, while high-risk cases are closely overseen through monthly reporting to the Director of Legal Services Team, who actively work with areas to manage associated risks.

Risk is stable

Legal

The CPS does not progress cases effectively and is therefore unable to meet demand for its services

The CPS is improving its ability to meet demand by using national resourcing and forecasting, strengthening partnerships with HM Courts & Tribunals Service and other justice partners, implementing new court resourcing models, and deploying the Central Casework Team for resilience. It is also addressing skills gaps through strategic workforce planning and increasing capacity through engagement with Criminal Bar leaders.

Level of risk is reducing

Legal and Strategy

Delays to justice occur as a result of failure to keep pace with technological development

The CPS is strengthening its technological capability through further recruitment and responsible adoption of new technologies through clear AI governance frameworks, an ongoing CMS replacement programme, and a shift to cloud services that enable automatic updates and security patching.

Risk is stable

Technology

The CPS is insufficiently prepared to discharge its obligations in the event of external event/s that impact its activitiesThe CPS has documented business continuity management plans that enable prompt local responses in the event of external events. These are supported by a robust security baseline and governance framework that includes supplier assurance, secure-by-design principles, threat intelligence, and enhanced colleague training.Level of risk is increasingSecurity, Technology and Estates
Loading...