ARCHIVED - Treasury Board of Canada Secretariat - 2011-12 Departmental Performance Report

This page has been archived.

Risk Analysis

Each year, the Secretariat identifies key risks that could affect progress toward its Strategic Outcome. Key risks are captured in the Secretariat's corporate risk profile, which is updated at least once per year. In 2011–12, the Secretariat identified corporate risks, grouped into two categories: i) risks affecting the Secretariat's central agency functions; and ii) departmental risks related to its internal operations. Significant progress was made in mitigating these risks.

Central Agency Risks

The Secretariat managed a risk that had to do with the possible effect of the number and range of cost-containment measures (e.g., operating budget freeze, Strategic Review savings) on government operations and the capacity of departments and agencies to manage. The Secretariat was effective in enabling the government's fiscal restraint objectives: it kept up regular dialogue with deputy heads to anticipate upcoming expenses and financial pressures; it ensured that resource management practices were consistent across government; and it also took part in active, ongoing dialogue with bargaining agents to promote effective management of government compensation. This risk was most relevant to the People Management and Program 3: Expenditure Management programs.

Substantial progress was also made in mitigating a risk that had to do with to a shift in the Secretariat's roles and responsibilities (toward an enabling role) and a corresponding shift for deputy heads (to clearer accountability for departmental management performance), as envisaged in the Federal Accountability Act. In recent years, 80 per cent of Treasury Board policies have been renewed to reflect this shift in responsibilities, work that was ongoing in 2011–12. The Secretariat also clarified expected results and provided deputy heads with flexibilities in managing people within their organizations while complying with Treasury Board policy requirements. It expanded its efforts to build capacity in communities of practice across government, such as human resources, information technology (IT) and finance. This risk was relevant to the Management Frameworks program.

Departmental Risks

During 2011–12, the Secretariat addressed risks that had to do with its aging IT infrastructure and the need to safeguard information against ever-changing security threats. A cyber attack in 2011 exposed the need to further strengthen the Secretariat's network. As a result, the Secretariat accelerated planned initiatives to enhance both physical and IT security measures to protect sensitive data and information. The Secretariat's data centre was moved to a more secure location, and disaster recovery measures were improved. The Secretariat also improved controlled security perimeters (e.g., enhanced firewalls, reduced access to certain work zones) and completed a departmental IT Disaster Recovery Plan, which is integrated with its Business Continuity Plan.

The Secretariat also addressed a risk related to its ability to respond to an emergency situation (e.g., natural disasters, infrastructure-related problems). Accomplishments in 2011–12 included completing emergency scenario walkthroughs with key internal stakeholders and senior management and increasing employee awareness of emergency management procedures through mandatory training. The Secretariat also reviewed and improved its emergency plans and procedures based on lessons learned during emergency test exercises and through government-wide best practices. Departmental risks are relevant to the Internal Services program.