Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - Risk Management

Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

Supporting Tools and Techniques



Top of Page Act

Sorry, no records match: Act and Risk Management

Top of Page Checklist

DM's Guide to Successful IT Projects
Provides a list of factors to evaluate a project from aSenior management perspective.
e-Government Capacity Check © Diagnostic Tool
Provides a list of questions to obtain information on the capability of a government institution in the areas of e-strategy, IM/IT infrastructure, risk and program management, organizational capabilities, value chain management and performance.
Guide to successful IT Projects - Parts I - II - III
Provides a list of factors influencing the success of a project and to be taken into consideration in the planning, implementation, and closure phases.
SEI - Taxonomy-Based Risk Identification, CMU/SEI-93-TR-006
Provides a risk identification checklist describing typical software development risks, along with a questionnaire.

Top of Page Glossary

Sorry, no records match: Glossary and Risk Management

Top of Page Guide

Audit and Review Guides
Provides a list of Audit and Review Guides related to Risk Management, Official Languages, Security and other GoC areas of activity.
Government On-line (GOL) Implementation Kit
Describes a set of tools and references for determining which programs currently being delivered through an organization are candidates for GOL exposure, and how to plan, justify, and launch the resulting project.
Integrated Risk Management Framework
Describes an approach to manage risks in a government organization.
SEI - The Continuous Risk Management Guidebook
Describes a continuous process of identifying, analyzing, prioritizing, monitoring and controlling project risks.

Top of Page Lexicon

Sorry, no records match: Lexicon and Risk Management

Top of Page Link

CRIM - Centre de Recherche Informatique de Montreal (CRIM)
Describes the activities of the Centre in the area of information technologies and their applications, and in orchestrating new technology development, including a Software Engineering and a Software Testing Centre.
General Accounting Office - USA
Provides publications on the effectiveness of IT investments, risk management, and the performance of CIO organizations.
ISACA - Control Objectives for Information and related Technology (COBIT)
Prescribes security and control practices that provides a reference framework in four domains Planning and Organization, Acquisition and Implementation, Delivery and Support, Monitoring) and as a key evaluation and analytical tool for IT performance audits.
IT Governance Portal
Describes the activities of the IT Governance Institute to develop and advance awareness of the link between IT and enterprise governance, and offers best practice guidance on the management of IT-related risks.
New South Wales Government's (NSW) Office of Information Technology
Provides access to NSW-OIT news, strategies and IM/IT policies, standards, and guidelines.
PMI - Guide to the Project Management Body of Knowledge (PMBOK)
Prescribes generally accepted processes to manage projects through their life cycle.
SEI - The Capability Maturity Model-Integrated SE/SW
Prescribes goals and practices for the development of systems and software grouped into project management, support, engineering and process improvement processes.
Software Exchange Service
Provides a focal point to promote the sharing of government-owned applications software, documentation, and related information among government institutions.
Software Exchange Service The Project Management Framework (PMF), version 2.0 - 827
Provides a brief overview of AAFC Project Management Framework - a web enabled toolkit with guidelines and templates to assist in the planning, execution and closure of IM/IT projects.
Software Program Managers Network
Offers free downloads through Integrated Computer Engineering (ICE) website of their Project Control Panel? and Risk Radar? software. Project Control Panel? provides for a visual representation of the state of health of a project and Risk Radar? provides standard MS Access database functions that allow entering, prioritizing, and reporting risks. Please refer to ICE disclaimer and copyright notice before downloading.
SPIN - Software Process Improvement Network
Lists regional groups called "SPINs" that meet and share their experiences initiating and sustaining software process improvement programs.

Top of Page Policy

Management of Major Crown Projects Policy
Prescribes additional project management requirements for projects that are assessed as high risk and that are normally over $Cdn100M.
Policy on Electronic Authorization and Authentication
Prescribes the requirements to control and protect business transactions in electronic form through proper authorization and authentication, and the need to conduct risk and threat assessments.
Project Management Policy
Prescribes the requirements and responsibilities for the management of government-funded projects
Risk Management Policy
Prescribes the requirements for government institutions to identify, minimize, contain, compensate, restore, and recover from risks to which their assets, programs activities, and interests are exposed. Identifies phases and provides guidelines to conduct risk management.
Security Policy
Prescribes the requirements to ensure the appropriate safeguarding of sensitive information and assets of the federal government. Establishes the need to classify information, to conduct an assessment of related threats and risks, to limit access to classified information and to conduct security reliability checks and assessments on employees.

Top of Page Presentation

Sorry, no records match: Presentation and Risk Management

Top of Page Procedure

Business Continuity Plan Outline
Defines the approach, roles and responsibilities, and high-level outline of the Business Continuity Plan
Business Continuity Procedure
Describes the steps involved in minimizing the effect of the potential loss of equipment, facilities and data (including electronic files).

Top of Page Process

Sorry, no records match: Process and Risk Management

Top of Page Report

Best Practices in Risk Management: Private and Public Sectors Internationally
Provides an annotated of risk management practices.

Top of Page Standard

Information Technology Security Standard
Prescribes the operational standard for information technology security. Establishes the need for security planning, threat and risk assessments, statement of security requirements, certification and accreditation, appropriate contract clauses, and the requirements for personnel, physical, hardware, software, and communications security.

Top of Page Template

Sorry, no records match: Template and Risk Management

Top of Page Terminology

Sorry, no records match: Terminology and Risk Management