We are currently moving our web services and information to Canada.ca.

The Treasury Board of Canada Secretariat website will remain available until this move is complete.

Inventory of Federal Risk Management Tools and Departmental Training



December 2001

Table of Content



Background

Throughout the 1990s, many factors contributed to an increased focus on risk management in the public and private sectors, both domestically and internationally. In Canada, both the Independent Review Panel on the Modernization of Comptrollership (1997) and Results for Canadians (2000) placed increased importance on strengthening risk management and applying risk management principles to effective decision-making and the sound management of resources.

In responding to this priority on the Government's management agenda, the Treasury Board of Canada Secretariat (TBS) established the Centre of Expertise for Risk Management (the Risk Management Directorate, RMD) in 1999 to provide leadership and guidance to strengthen risk management practices across the Federal Government. The RMD has studied and published best practices in risk management, and in April 2001, released the Integrated Risk Management Framework (IRMF) to aid departments in implementing a more systematic and integrated approach to risk management.

To contribute to the advancement of a more integrated and systematic approach to risk management, the RMD commissioned research to take stock of risk management tools and in-house training that are in use or under development in federal departments and agencies. Through document reviews, interviews and telephone surveys, information was collected during the period of September 2000 to January 2001 from departments and agencies at the management and operational levels. Forty-four (44) organizations were invited to participate, and thirty-seven (37) responded (Annex 1).

This document provides a summary and inventory of the research findings. It is our hope that this inventory will provide those starting to implement risk management in their organizations, and even those well on their way, with a mechanism to tap into the variety of approaches and methodologies that exist, foster discussions with others working in risk management across the public service, and support learning from existing experiences.

TBS is grateful to the many departmental participants who took time from their busy schedules to share their knowledge, insights and perceptions on this subject.

Note to Readers

Readers should note that:

Recognizing that the tools used to manage risk in the federal government are evolving and the limitations of a static inventory, we invite and encourage departments and agencies to advise us of other tools and departmental training that are candidates for possible inclusion in a more comprehensive inventory of risk management tools. TBS is counting on the continued co-operation and collaboration of all departments and agencies to maintain a dynamic inventory of existing risk management tools used by departments.

Inventory of Federal Risk Management Tools

To better understand the state of risk management, organizations were asked to describe the various methodologies that were being employed to help manage risk. The documents, processes and tools/ techniques that were either in use or under development when this research was undertaken were identified and collected in most cases. This information was used to build the inventory.

The research uncovered a wide spectrum of policies, frameworks, guides, systematic processes, tools and techniques being used in departments and agencies across the federal public service. This inventory provides a valuable collection of approaches for managing risk, from strategic, departmental-level policies and frameworks to the operational tools and techniques. Similarly, the sources of the material is equally vast, ranging from products developed in-house, adapted or tailored from existing sources, or licensed from commercial entities.

There were many products and methods developed by departments and agencies which used common descriptive words differently in their titles. For example, many items described with the word "framework" are quite different in nature. The description used to classify products and methods for each discrete category in the inventory is outlined at the beginning of each section.

Departmental Training

As training and development initiatives are key to building federal capacity for risk management, information was collected on the departmental risk management training that was currently being offered or was under development in participating organizations.

Seven organizations had existing risk management courses or courses that were under development. These are outlined in the inventory.

The research also revealed that no federal government training and development organization offered courses exclusively dedicated to risk management in recent years. TBS will work collaboratively with federal partners such as the Canadian Centre for Management Development (CCMD) and Training and Development Canada (TDC) to address this gap.

Policies

Policies
For the purposes of this inventory, policies are instruments that establish a required accountability in terms of what is to be done (policy objectives) and who is to do it (roles and responsibilities).

Application / Description

Risk Areas

Organization/Contact

Canada Customs and Revenue Agency (CCRA)
CCRA developed and issued a Risk Management Policy in 1998. As the concept of risk management evolved it became necessary to rewrite the Risk Management Policy to reflect practices being adopted by the private sector and, more importantly, Treasury Board. In January 2001, the new Policy received approval from CCRA's Board of Management. Its sections include a Policy Statement, Authority, Application, Requirements, Definitions and Organizational Considerations.

In an effort to move toward a more integrated risk management corporate culture, the Agency is in the process of formalizing a risk identification process that will lead to the establishment of a risk inventory for consideration by the Agency Management Committee and the Board of Management. This exercise may result in further changes to the Policy.

All

Corporate Planning,
Finance and Administration Branch

Canadian Space Agency (CSA)
The CSA Project Approval and Management Framework (PAMF) was recently approved (May 2001) and provides for: formalized, standardized project management policies; practices and procedures; professional development program and proficiency standards for Project Managers within the Agency; and Internal Review and Audit of project approval processes and internal audit of Agency wide implementation of PAMF. The risk assessment section, to be completed by end of June 2001, is part of PAMF and will provide for procedures, tools and techniques applicable to projects within CSA.

Project,
Program

Standardization and Risk Management,
Project Management

Indian and Northern Affairs Canada (INAC)
INAC developed and implemented Operating Principles for Management of Risk in 1997. The main sections are Operating Principles, Fundamental Precepts, Roles, and Definitions. Also included is a list of Key Risk Areas.

All

Departmental Audit and Evaluation Branch,
Corporate Services

National Parole Board (NPB)
NPB's Policy Manual includes a section on Risk Assessment for Pre-Release Decisions. It outlines the risk factors to be considered for pre-release decisions and the requirement for analysis and evaluation of risk management release strategies.

Safety, Security

Policy, Planning and Operational Division,
Executive Director's Office

Public Works and Government Services Canada (PWGSC)
PWGSC issued an Integrated Risk Management (IRM) Policy in 2001. The Policy has sections covering Purpose, Benefits, Policy Objective, and Roles and Responsibilities.

The IRM Policy is part of a departmental IRM Framework, which is discussed under the section "Frameworks." The IRM Policy requires all Branches to have a "general purpose" risk management process in addition to any special purpose process they may use. The department's general purpose process is set out in an appendix in their IRM Framework.

All

Corporate Planning Directorate,
Government Operational Service Branch

Transport Canada (TC)
TC is in the process of drafting a Risk Management Policy. The version reviewed at the time of this study sets out sections on Policy Objective, Roles and Responsibilities.

All

Comptrollership Office,
Executive Services

Treasury Board (TB)
TB has a Risk Management Policy (April 1994) that places a focus on safeguarding the government's property, interests and certain interests of employees. There is less focus on risk related to programs, policies or plans.

The TB Risk Management Policy provides a four-step process to manage risk across the spectrum of: before the incident (identification and minimization phases), during an incident (containment phase) and after an incident (compensation and recovery phase).

The TB Policy includes guidelines for each of the four phases.

All

Risk Management Directorate,
Comptrollership Branch

Frameworks

Frameworks
For the purposes of this inventory, frameworks are instruments that address how to situate a more systematic, continuous and rigorous approach to managing risk in the organization. A risk management framework will generally address issues such a risk context/profile.

Application / Description

Risk Areas

Organization/Contact

Agriculture and Agri-Food Canada (AAFC)
At the time of this study, AAFC was developing an Integrated Risk Management Framework. The draft Framework proposes a Risk Management Vision, Risk Management Objective, Operating Principles, Roles and Responsibilities, and a Risk Management Process.

All

Strategic Management Directorate,
Corporate Management Branch

Canadian Heritage (PCH)
A Discussion Paper on Management of Risk in Canadian Heritage was completed in April 1999. It served as a basis for a draft policy statement, issued in June 2001, entitled Integrated Risk Management Framework. This policy is presently intended for internal consumption until other efforts aimed at revising the corporate strategic and business planning processes incorporate risk management.

The IRM Framework defines types and sources of risk as it may impact the organization at the strategic, operational and project levels. It also defines the department's general risk management policy and proposes the use of several tools, including a Risk Assessment Matrix -- with clear definitions of "impact" and "likelihood".

Implementation of the IRM Framework is being piloted in 2001-2002 through workshops.

All

Corporate Review Branch,
Strategic Policy

Canadian Space Agency (CSA)
The CSA has established, in December 1999, a Risk Management Framework that is well integrated into its overall CSA management practices so as to facilitate the implementation of proper risk evaluation and mitigation processes, including timely identification of risks affecting projects, development of strategies to significantly reduce or avoid risks, and allocation of sources of funds to cover risks.

The CSA Risk Management Framework includes provisions to identify and manage risks in accordance with the principles of modern comptrollership. The key parameters are as follows:

  • Integration of risk management into the Agency's long-term and annual planning, resource allocation and performance framework;
  • Timely identification and assessment of risks routinely performed by CSA's program managers over a five year planning horizon;
  • Design and implementation of measures to abate and/or mitigate potential program risks;
  • Maintenance of uncommitted funds within approved Reference Levels (over the 5 year planning horizon), at the level required to cover risks;
  • Integration of risk management into CSA's annual work plan and management agreement process, making senior officials accountable to the President for the management of risks related to programs under their authority;
  • Regular risk monitoring reports providing the CSA's Executive Committee with the information required to allocate frozen funds to programs whose risks of cost increases have materialized, or keep the funds frozen, or to make them available for spending if anticipated risks have disappeared; and
  • Commitment from the CSA Executive Committee to implement recognized best practices in its risk management process.

All

Standardization and Risk Management,
Project Management

Fisheries and Oceans Canada (DFO)
The Canadian Coast Guard (CCG) has established a Risk Management Division within the Marine Programs Directorate. The Division provides subject matter expertise and the necessary knowledge, framework and background to assist program managers in the design, implementation strategy and requirements of a risk-based approach to management in the Coast Guard.

Safety, Environment,
Financial, Organization

Risk Management Decision Support,
Policy & Legislation Branch,
Marine Programs Directorate

Health Canada (HC)
HC has developed the Health Canada Decision-Making Framework for Identifying, Assessing and Managing Health Risk. The HC process sets out six steps as follows:

  1. Identify the Issue and its Context
  2. Assess Risks and Benefits
  3. Identify and Analyze Options
  4. Select a Strategy
  5. Implement the Strategy
  6. Monitor and Evaluate the Results

These steps are presented in a circular model. The model places "Involve Interested and Affected Parties" at the centre of the process. The document details the elements of each step when dealing with health risk, and identifies a number of Guidelines in support of the detailed steps. These guidelines are listed in the section on "Guides."

HC has also established a Risk Management Committee (RMC) in its Health Products and Food Branch. The RMC is tasked with identifying emerging risk management issues that would potentially require the collective attention of program managers to assess the nature and level of health risk and develop options for the management of risk and risk communication strategies.

If the RMC identifies an emerging issue as having potentially high visibility, or as having major implications for the health and safety of Canadians, it is referred to the Departmental Executive Committee sub-committee on Risk Management.

Health,
Safety

Health Products and Food Branch

Indian and Northern Affairs Canada (INAC)
INAC has had an active Advisory Committee on the Management of Risks (ACMoR) since 1998, with representation from every sector and region of the department. ACMoR was established to provide support and guidance on the general direction of the Management of Risk initiative. The overall goal of ACMoR is to facilitate greater use of the systematic application of management of risk where warranted by decisions involving high costs and/or high impacts.

All

Departmental Audit and Evaluation Branch,
Corporate Services

Public Works and Government Services Canada (PWGSC)
PWGSC has developed a corporate level Integrated Risk Management Framework. The Real Property Services Branch developed a branch level framework (RPS Integrated Risk Management Framework) that links to the corporate level one. Both frameworks provide information on risk context, policy direction and a description of a systematic process to be used.

All

Corporate Planning Directorate,
Government Operational Service Branch

Treasury Board of Canada Secretariat (TBS)
TBS developed an Integrated Risk Management Framework (April 2001) to provide guidance to advance the use of a more corporate and systematic approach to risk management.

The TBS Framework is composed of four elements:

  • Developing the Corporate Risk Profile;
  • Establishing an Integrated Risk Management Function;
  • Practising Integrated Risk Management; and
  • Ensuring Continuous Risk Management Learning.

The TBS Framework describes each of the elements and suggests a number of roles and responsibilities for shared leadership in moving toward integrated risk management.

All

Risk Management Directorate,
Comptrollership Branch

Guides

Guides
For the purposes of this inventory, guides are instruments to aid with the how of risk management by explaining aspects of the process, and/or concepts on how to use the process.

Application / Description

Risk Areas

Organization/Contact

Atlantic Canada Opportunities Agency (ACOA)
ACOA has developed Risk Management and Project Monitoring Guidelines. These guidelines outline a risk matrix to aid in the assessment of ACOA's level of risk for investing in a given project. Details on five (5) types of characteristics and a five (5) tier risk gradation model are provided. The guidelines recommend the extent of monitoring required based upon level of risk. 		Financial Programs Branch

Health Canada (HC)
HC has developed a number of guidance documents which support its Decision-Making Framework for Identifying, Assessing and Managing Risks. These include:

  • Guidance Document on Environmental Risk Assessment;
  • Guidance Document on Risk Communication;
  • Guidance Document on Public Involvement;
  • Guidance Document on Incorporating a Population Health Approach into Risk Management Decision-Making;
  • Guidance Document on Developing Health-Based Outcome Measures;
  • Guidance Document on Priority Setting.
Health, Safety Health Products and Food Branch

Human Resources Development Canada (HRDC)
HRDC has developed a Guide to Facilitating Managing Risk Sessions.

This guide provides advice on risk concepts, facilitated practices and organizing risk assessment sessions.

All Internal Audit and Risk Management Services,
Financial and Administrative Services
Indian and Northern Affairs Canada (INAC)
INAC produced a guide called Responsible Risk-Taking for Innovation and Results (2000) and communicated it to all staff. This guide was created to give employees context for managing risk in their work, and to describe some strategies and tools for building that competency into daily decision-making. 		All

Departmental Audit and Evaluation Branch,
Corporate Services

http://www.ainc-inac.
gc.ca/ai/ldr/rrtir-eng.pdf

National Parole Board (NPB)
NPB has a Board Members Professional Standards Guide which outlines that Risk Assessment Orientation at Levels I and II is part of the Professional Standard Framework for Board Members.

NPB also has a Board Member Risk Assessment Manual, covering risk theory, its application to prediction and risk assessment relating to specific situations such as mentally disordered offenders, sex offenders and violent offenders.

Safety,
Security 		Professional Development and Decision Processes Division,
Executive Vice-Chairperson's Office
Natural Resources Canada (NRCan)
NRCan has incorporated Risk Management practices in the NRCan Guide to Good Management. This guide is designed to help the department improve its performance and to establish a sound management approach. Responsible risk-taking is one of the competencies NRCan has adopted for its leaders. Within its seven elements, which include Leadership and Planning, this guide shows NRCan employees where risk management can be applied. 		All Excellence NRCan,
Strategic Planning and Coordination Branch
Parks Canada Agency (PCA)
PCA has developed a Visitor Risk Management Handbook. It provides a guide for managing public safety programs, drawing upon principles of risk management and visitor management. The Handbook aids managers in the completion of risk analyses and in developing public safety plans for national parks, historic sites, canals and marine conservation areas enabling field managers to meet requirements set out in Parks Canada's Guiding Principles and Operational Policies and management directives. The Handbook provides a structure to assess risk and co-ordinate public safety efforts. It offers tips on how to rationalize existing and future safety measures. 		Safety

Ecological Integrity,
National Parks Directorate

Systematic Processes

For the purposes of this inventory, systematic processes refer to the step-by-step procedures to help facilitate decision-making. Generally, the steps in the process should be completed in a certain order but there can be variation in the number and content of the steps.

1. Enhanced Management Framework (EMF) for IM/IT

The Enhanced Management Framework for IM/IT was developed by the Chief Information Officer Branch, Treasury Board Secretariat as an integrated management model. It is comprised of principles, best practices, methodologies, tools, and templates, and was designed to improve the government's capability to manage its IM/IT investments, successfully deliver IM/IT projects and minimize risks.

The EMF is based on four guiding principles:

  1. Align IM/IT investments with business strategies;
  2. Establish clear accountabilities for managing IM/IT investments;
  3. Develop corporate project management disciplines; and
  4. Identify and manage risks on a continuous basis.

EMF provides tools and links to industry standards to support implementing a risk management discipline in compliance with Treasury Board policies and guidelines.

One such industry standard is the Software Engineering Institute's (SEI) Continuous Risk Management Methodology. The Public Works and Government Services Canada's Institute offers a course in the SEI methodology and has trained 340 public servants, mostly in IM/IT, since 1997.

The Chief Information Officer Branch of TBS, together with PWGSC, has established an Expert Services Supply Arrangement with qualified external experts in risk management.

http://www.tbs-sct.gc.ca/emf-cag/index-eng.asp

http://www.pwgsc.gc.ca/text/government/index-e.html

http://www.pwgsc.gc.ca/ames/text/risk_index-e.html

Application / Description

Risk Areas

Organization/Contact

Public Works and Government Services Canada (PWGSC)
PWGSC, in its Government Telecommunications and Informatics Services (GTIS) Branch, applies the EMF and its SEI approach for systematic risk assessment to its IM/IT projects including many for the Government On-Line (GOL) initiative.

Project

Application Environment Services Directorate,

Application Management Services Sector

Treasury Board of Canada Secretariat (TBS)
In TBS, the Chief Information Officer Branch has developed and is responsible for updating the EMF. In addition to its primary use by government institutions, the systematic risk assessment process set out in the EMF is used to assess the risks of GOL proposals made to TBS by departments and agencies.

Project

Enhanced Management Framework Division,
Chief Information Officer Branch

Systematic Processes

2. Project Management Institute (PMI) Process

The PMI process is based upon the Project Management Body of Knowledge (PMBOK). Project risk management includes the processes concerned with identifying, analyzing, and responding to project risk.

The process itself contains six steps: Risk Management Planning; Risk Identification; Qualitative Risk Analysis; Quantitative Risk Analysis; Risk Response Planning; and Risk Monitoring and Control (PMBOK Guide, 2000). This process has been expanded from the 1996 version which had four steps: Risk Identification; Risk Quantification; Risk Response Development; and Risk Response Control.

http://www.pmi.org/Pages/default.aspx

Application / Description

Risk Areas

Organization/Contact

Public Works and Government Services Canada (PWGSC)

The Real Property Services (RPS) Branch of PWGSC uses the PMI process as the basis of its training of Property Managers responsible for building and construction projects.

The RPS Risk Management Process, while based on PMI, has five key steps: Understand Objectives; Risk Identification; Risk Analysis; Risk Response; and Monitoring and Reporting. (Project Risk Identification has a focus on cost, schedule quality and safety).

Project

Architectural and Engineering Services,
Real Property Services Branch

Systematic Processes

3. Canadian Standards Association Q850 Risk Management Process

The Canadian Standards Association Q850 process is a national standard of Canada for risk management. It has been developed as a guideline for decision-makers.

Q850 sets out a six-step process for risk management that include risk analysis, assessment and evaluation, development of risk control measures, and implementation and monitoring of the chosen control measures. In the Q850 process, risk communications and consultations with stakeholders are an important part of each step in the decision process.

http://www.csa.ca/Default.asp?language=english

http://alert.scc.ca/std_e/std6777.html

Application / Description

Risk Areas

Organization/Contact

Natural Resources Canada (NRCan)
NRCan's Minerals and Metals Sector is looking to use the Q850 process as a basis for proposed risk and opportunity based public consultations via the internet on the Offshore Minerals and Mining Initiative (OMMI). A discussion paper on risk-based public consultation for OMMI was completed in March 2000. It discusses how the Q850 steps fit with public consultations.

Environmental, Social, Economic

Sustainable Development Policy Integration Division,
Minerals and Metal Policy Branch,
Minerals and Metal Sector

Transport Canada (TC)
TC's Safety and Security Group uses the Q850 process as the basis for many of its systematic risk management processes. The involvement of stakeholders early in the decision process and adoption of an accepted Canadian Standard has earned the Department credibility with public and industry stakeholders.

Safety

Risk Assessment and Safety Studies Branch,
Safety and Security Group

Custom Systematic Processes

Custom Systematic Processes
Many organizations have examined the various systematic processes developed by different authoritative bodies and have decided to customize a systematic process that is suited to their organization.

Application / Description

Risk Areas

Organization/Contact

Agriculture and Agri-Food Canada (AAFC)
AAFC uses a variety of systematic processes. These processes involve the use of experts such as engineers, scientists and economists to assess impact and likelihood using both qualitative and quantitative techniques.

Assets, Environmental,
Financial

Asset Management and Capital Planning Directorate,
Corporate Management Branch

Canadian Environmental Assessment Agency (CEAA)
CEAA administers an Environmental Assessment Act which is essentially a systematic risk management process. It is a project planning tool that identifies possible adverse effects on the environment before they occur and identifies measures to allow projects to be better designed and more environmentally friendly.

The Citizen's Guide of the Canadian environmental assessment process provides the following general information on key aspects of the process as described in the Canadian Environmental Assessment Act:

  • an explanation of environmental assessment;
  • the principles and purpose of the Act;
  • the role of the Canadian Environmental Assessment Agency (Agency/CEAA);
  • an overview of the federal environmental assessment process; and the role of the public.

Environmental

http://www.ceaa-acee.
gc.ca/013/act-eng.htm

http://www.ceaa-acee.gc.ca/013/0001/
0002/guide-eng.htm

Canadian Food Inspection Agency (CFIA)
CFIA has developed a Risk Analysis Framework. This framework is consistent with the CSA Q850 process for risk management, Health Canada's Decision Making Framework for Identifying, Assessing and Managing Health Risks and risk analysis frameworks developed by relevant international organizations, e.g. OIE (Office International des Epizooties - World Organization for Animal Health), IPPC (International Plant Protection Convention). It may be used to estimate the human, animal or plant health risks associated with defined risk scenarios and to select and implement appropriate risk control measures.

Animal Health,
Plant Health,
Food Safety

Science Division,
Policy, Planning and Coordination Directorate

Canadian International Development Agency (CIDA)
CIDA has developed and implemented a Country Program Risk Assessment Methodology. It examines political, institutional, economic, social/ cultural, security and environmental aspects of a "system" that may have the potential to prevent CIDA from accomplishing its program objectives. The methodology outlines the use of scenarios and a method for providing a numerical score (1 - 5) based upon whether the assessor strongly agrees (5) or strongly disagrees (1) with the implication of the scenario. The methodology also assesses the likelihood of the scenario.

Political, Economic, Social, Security, Environmental

Performance Review Branch

Fisheries and Oceans Canada (DFO)
The Canadian Coast Guard (CCG) has developed guidelines to outline a systematic process that may be applied by Marine Aids to Navigation to effectively manage all the risk addressed by an Aids to Navigation program. The CCG custom process is based on Q850.

The guidelines were introduced in October 2000 for trial applications aimed at demonstrating the potential of utilizing a systematic (formal) risk management process.

The steps identified are:

  1. Identify Risk/Hazards.
  2. Assess Risk.
  3. Specify Risk Control Options.
  4. Make a Decision.
  5. Take Actions.
  • Consultation, Reporting, Monitoring and Review are considered at each step.

A guideline document explains each step and provides suggested techniques for addressing each step.

Safety, Environmental

Risk Management Decision Support,
Policy & Legislation Branch,
Marine Programs Directorate

Human Resources Development Canada (HRDC)
HRDC has adopted the nine-step process promoted in the TB Integrated Risk Management Framework.

HRDC has developed worksheets and other tools and techniques to help carry out the process.

Strategic, Operational, Project

Internal Audit and Risk Management Services,
Financial and Administrative Services

Indian and Northern Affairs Canada (INAC)
The Departmental Audit and Evaluation Branch has pilot tested two different systematic processes - an Expanded Process and a General Purpose Process.

Steps in the Expanded Process are:

  1. Risk Area Identification.
  2. Risk Assessment.
  3. Stakeholder Interest.
  4. Analysis of Options.
  5. Decision-making.
  6. Document and Communicate.
  7. Monitor.
  8. Adapt.

Steps in the General Purpose Process are:

  1. Objectives.
  2. Risk Area Identification.
  3. Risk Assessment.
  4. Risk Response.
  5. Monitor and Learn.

Supporting worksheets, tools and training courses have been developed for both processes.

The Expanded Process is targeted to the analysis of issues that have significant stakeholder involvement. The General Purpose Process is used for general management issues and/or stakeholder issues.

Liability, Operational

Departmental Audit and Evaluation Branch,
Corporate Services

National Defence (DND)
DND has developed a Desktop Support system in the Materiel Acquisition and Support Sector. This system includes a module for the application of risk management to support projects. It sets out steps to have continuous and effective risk management in a project organization and to have ongoing proactive and accountable exchange of risk information between the project and its stakeholders.

The Tools and Techniques section provides examples of the features provided to enable the systematic process.

Project, Financial

Material Acquisition and Support Sector

National Energy Board (NEB)
The NEB has developed a systematic process to establish the priority of approximately 500 above ground facilities under its jurisdiction for inspection. The inspection prioritization process assists in decision making related to allocating resources and prioritizing inspection efforts based on relative risk.

The NEB also has a systematic risk based approach for selection of the companies it audits.

Safety, Environmental

Operations Branch

Transport Canada (TC)
TC has a number of custom systematic processes built on Canadian Standards Association Q850. These include:

  • The Aeronautical Study Process - a comprehensive risk management process for looking at proposed changes to the level of air navigation services provided to civil aviation; and
  • The Pilotage Risk Management Methodology - a comprehensive risk management process for making decisions about the requirement for mandatory Pilotage at Canadian ports and in other navigable waters.

Safety

Risk Management and Safety Studies Branch,
Safety and Security Group

Tools and Techniques

Tools and Techniques
For the purposes of this inventory, tools and techniques refer to instruments such as checklists and methodological procedures that support the use of risk management.

Application / Description

Risk Areas

Organization/Contact

Agriculture and Agri-Food Canada (AAFC)
AAFC has a technique for selection of Internal Audit and Program Evaluation projects based on defined risk criteria.

All

Review Branch

Atlantic Canada Opportunities Agency (ACOA)
ACOA has developed a tool to aid in determining the level of risk for a given project ACOA might invest in. The tool provides easy means to summarize a numerical score for the factors set out in a risk matrix included in ACOA's Risk Management and Project Monitoring Guidelines.

Financial

Program Branch

Canada Customs and Revenue Agency (CCRA)
CCRA has Risk Management Workshops to identify risks (control self assessment process), including a matrix and appendix illustrating how risks areas at each level of the organization are identified, communicated and systematically managed. CCRA is piloting a risk management template and has a number of tools including:

  • IT risk assessment tool - "Navigator" SEI protocols;
  • Tools used by customs agents; and
  • Tools for taxation auditing

Operational, Financial

Corporate Planning,
Finance and Administration Branch

Canadian Heritage (PCH)
CH is piloting a tool for calculating the risk in contribution agreements. This is incorporated into the software used for managing Grants and Contributions, Grants and Contributions Information Management System. It is a compulsory step whose completion is required before any proposal for a contribution agreement can be submitted for approval. The screen will show a Project Complexity Assessment Matrix composed of a series of rated questions that users must answer. Each question contains a list of guidelines and/or information for the users to assist them in determining each answer. The total of the answers from each of the questions will determine the potential complexity of the project. Both the officer and the manager are required to sign-off on the Project Complexity Assessment.

Upon completion of the pilot application, PCH will roll out the Project Complexity Assessment Matrix to all programs.

Financial, Reputation

  1. Corporate Review Branch
  2. G&Cs Secretariat
    (Financial Management Branch)

Canadian Space Agency (CSA)
The Risk Information and Assessment System (RIAS) software is being utilized by CSA for risk identification and planning, assessment and quantification, risk response, tracking and control. This software was initially applied to the Canadian Space Station Program and is still used as the guide for the risk database implementation within the Agency as a whole.

All

Standardization and Risk Management,
Project Management

Communication Canada
Communication Canada manages a Depository Service Program which includes a database of federal government publications. This database can be searched for topics such as risk management. There are several hundred documents in the depository on risk management.

All

http://dsp-psd.pwgsc.
gc.ca/index-e.html

Fisheries and Oceans Canada (DFO)
Canadian Coast Guard (CCG), with the assistance of Consulting and Audit Canada, has developed a Geographic Information System tool called Oceans Risk and Criteria Analysis (ORCA), to display marine data and calculate risk indexes for CCG programs. Nearly 150 program-related marine criteria data series for 100+ Canadian waterways has been collected and stored in user accessible Excel data sheets covering vessel movements, potential impacts, risk modifiers, accident history, and CCG activities including costing data.

ORCA allows a user to weight and combine criteria data into a risk index. This index approach is often called Multi-Criteria Decision Analysis and is commonly used to order complex requests for proposals, alternate policies, options and strategies. Study area risk index values for a given safety program can be compared to study area expenditures for the program, and potential anomalies identified. Allocation and/or re-allocation of CCG resources can then be undertaken in a manner consistent with risk generated demand. ORCA also allows data to be easily displayed in bar charts and map formats, permits the visual comparison of criteria data sets, and could support a standardized marine reference source.

CCG is reviewing the possibility of making the system web-based to make the ORCA Systems available to a broader range of CCG users and to assess ways for efficiently updating and/or adding to the referenced data series.

Safety, Environment, Financial, Organizational

Risk Management Decision Support,
Policy & Legislation Branch,
Marine Programs Directorate

Foreign Affairs and International Trade (FAIT)
FAIT is developing a tool to assist in the assessment of financial risk in missions abroad. The tool sets a point rating system based on various factors such as Revenue Collected, Complexity, Administrative Infrastructure and Cultural Differences.

Financial

Corporate Finance, Planning and Systems Bureau,
Corporate Services, Passport and Consular Affairs

Health Canada (HC)
HC has a tool for summarizing risk issues that are brought forward to the Risk Management Committee.

All

Health Products and Food Branch

Human Resources Development Canada (HRDC)
Internal Audit and Risk Management Services (IARMS) has developed a number of tools (to remain in draft form during the first year of use). These include:

  • Risk Worksheets.
  • A number of training tools (as outlined in the Training section of this inventory).
  • Framework for Engagement protocol tool - for collaborative work on risk management between IARMS and each program and corporate service Branch.
  • HRDC Framework for Integrated Risk Management which tailors the TBS Framework for Integrated Risk Management, and includes standards for full implementation.
  • HRDC Corporate Risk Profile developed on basis of Branch Risk Profiles.
  • Benchmarking Tool - a tool that can be used by managers as well as auditors to assess current status of implementing integrated risk management and plan further progress (20 criteria over four themes).
  • 22 Management Practices for the 21st Century (Management control model adapted from CoCo).

All

Internal Audit and Risk Management Services,
Financial and Administrative Services

Indian and Northern Affairs Canada (INAC)
INAC has incorporated the Risk ScorecardTM Toolkit to aid in various risk analysis exercises.

  • The toolkit includes the following:
  • Risk ScorecardTM Process Chart;
  • Risk Identification Worksheet;
  • Risk Analysis Worksheet;
  • Communications and Integration Strategies Worksheet;
  • Risk ScorecardTM Worksheet; and
  • Risk Matrix.

All

Departmental Audit and Evaluation Branch,
Corporate Services

Industry Canada (IC)
In conjunction with the Office of the Auditor General (OAG), IC developed a Risk Assessment Framework for Grant and Contribution Programs. The Framework provides managers and staff of grant or contribution programs with a tool for assessing and managing risk and provides Parliamentarians with an approach for reviewing the performance of these programs.

Financial,
Political

Programs and Services Branch,
Operations Sector

Justice Canada (DOJ)
Together with Treasury Board of Canada Secretariat, DOJ has undertaken a comprehensive initiative to manage the federal government's legal risks. As part of this initiative, the following programs are under development:

  • Scanning for legal risks - to avoid being "blind-sided" and explore non-litigious ways to resolve disputes before they reach litigation. A pilot project is underway in 8 government departments.
  • Litigation avoidance measures - to encourage departments to look beyond laws as the primary instrument to achieving public policy objectives.
  • Litigation management measures - to encourage departments to manage litigation when it does occur strategically and as efficiently as possible.
  • Communications support - to ensure that the communications aspects (involving litigators, client departments, central agencies, Ministers and the media) of high profile litigation are considered early.
  • Resource Allocation - to develop consistent and easily accessible processes for funding litigation and allocating costs.
  • Clearer Roles and Responsibilities articulation - to minimize conflicts among stakeholders (clients, Department of Justice and central agencies).

Legal

Legal Risk Management

National Defence (DND)
DND has developed a Desktop Support system in the Materiel Acquisition and Support (MAS) Branch. The Desktop Support system includes a wide variety of tools, techniques and references to aid MAS staff in managing projects. It includes tools and techniques such as:

  • Risk Identification Sheet;
  • Brainstorming;
  • Taxonomy-based Questionnaire;
  • Tri-level Attribute Evaluation;
  • Affinity Grouping; and
  • Comparison Risk Ranking

Project
(Schedule, Cost, Quality)

Material Acquisition and Support Sector

National Defence (DND)
DND and Emergency Preparedness Canada, along with other government departments and levels of government have been developing the Natural Hazards Electronic Map and Assessment Tools Information System (NHEMATIS) (1995-2000). NHEMATIS is a modern computerized system for data capture, storage, presentation, hazard assessment and modelling. It provides a repository of information on historical and potential future disasters, an inventory of information on facilities and people at risk to natural hazards, and tools and algorithms for estimating the damage and injury that could be caused by various natural hazard events. NHEMATIS currently contains national geographic databases as well as data for four local study areas (Vancouver, Edmonton, Ottawa, and Montreal) for demonstration purposes. Hazard impact assessment modelling capabilities in NHEMATIS are currently available for earthquakes, floods, tornadoes, and landslides.

Natural Hazards

http://en.wikipedia.org/wiki/Natural_hazards

http://ww3.ps-sp.gc.ca/research/ram3_mer_a-eng.asp

National Energy Board (NEB)
NEB has developed a spreadsheet-based computer application to sum scores assigned to qualitative facility attributes. The attributes are assessed from a safety (people) perspective and an environmental perspective to determine inspection priorities.

Safety, Environmental

Operations Branch

Public Works and Government Services Canada (PWGSC)
PWGSC has a website for Benefits Driven Procurement (BDP) which includes a section of Risk Tools. This is an extensive reference source for managing procurement risk. It includes extensive lists of possible sources of risks and methods for assessing risks. It presents details on the risk management process as divided into nine (9) steps.

The BDP group has also done an analysis of the most popular risk management system programs, namely:

  • Team EC Advanced Decision Support Software;
  • RiskTrak;
  • Risk + for Microsoft Project 98;
  • @ Risk and @ Risk for Project;
  • Risk Evaluation Management Information System;
  • Crystal Ball; and
  • Risk Information and Assessment System.

Each was evaluated for its ability to support risk management in terms of continuous risk identification, analysis, planning, monitoring, control, reporting, and communications.

Procurement

 

Tools and Techniques - Control and Risk Self-Assessment (CRSA)

Control and Risk Self-Assessment

Application / Description

Risk Areas

Organization/Contact

Canada Customs and Revenue Agency (CCRA)
CCRA has Risk Management Workshops which use the Control and Risk Self-Assessment technique to identify and manage risk.

Operational, Financial

Corporate Planning,
Finance and Administration Branch

Indian and Northern Affairs Canada (INAC)
INAC has a site license to use the Collaborative Assurance and Risk Design software (CARD®) which was used to test the value-added through technology on a number of projects for Integrated Risk Management, Assurance Services, and Control and Risk Self-Assessment sessions. The Departmental Audit and Evaluation Branch (DAEB) has pilot tested the CARD® map software, sponsored courses, and shares self-study materials on implementing and integrating enterprise-wide risk and assurance management systems using CARD® methodology.

DAEB has also applied risk based auditing to a number of projects for the past five years.

All

Departmental Audit and Evaluation Branch,
Corporate Services

Natural Resources Canada (NRCan)
NRCan is testing the Collaborative Assurance Risk Design (CARD® ) tool. CARD® is a Control and Risk Self-Assessment methodology which uses software that assigns and then generates data relationships in developing control and risk management strategies. In assisting ADM Corporate Services Sector in its priority setting exercise, a sector-wide risk assessment using CARD® , was completed in February 2001. The CARD® decisions license has been purchased for the department.

All

NRCan Risk Management Initiative,
Audit and Evaluation Branch

Departmental Training

Departmental Training

Department

Course Purpose

Target Audience

Contact

Canada Customs and Revenue Agency

Introduce basic risk management techniques.

Program Managers & Officers

Internal Audit Division

Department of National Defence

Build awareness of a systematic approach to managing risk.

Program Managers

Director General Financial (SFFO and Departmental Comptroller)

Basic and Intermediate Project Management Courses - each has a risk management module providing guidance on how to manage and mitigate risk in Capital projects.

Project Management Practitioners

Materiel Acquisition and Support Program

Risk Management - course aimed at managing and mitigating risk in Capital projects.

Project Management Practitioners

Materiel Acquisition and Support Program

Human Resources Development Canada

Managing Risk at HRDC, A Guide to Facilitating Risk Self-Assessment Sessions - provides a step-by-step guide to applying the risk self-assessment approach to managing risks and the corresponding tools used in the process.

IARMS staff and others who would like to facilitate an RSA session

Internal Audit and Risk Management Services

Risk Management Training - designed to provide an overview of the risk management process in HRDC, TBS integrated risk management and the risk self-assessment process in particular. The course also provides an overview of the various tools designed to assist managers.

Operational Managers

Internal Audit and Risk Management Services

Risk Management Training- Instructors Manual - a tool developed as an aide to anyone who wants to deliver the one-day Risk Management Training.

Potential instructors for the risk management training courses

Internal Audit and Risk Management Services

Health Canada

Health Canada has a number of training initiatives to strengthen risk management practices and awareness of a systematic approach to managing risk. For example:

a) Policy Development Curriculum - uses the Health Canada Decision Making Framework as its basis and includes discussion of risk management/ risk communication in the introductory sessions. Other components of the Curriculum are also risk related (e.g., a module on risk-benefit assessment).

Health Canada employees

Continuing Education and Training Programme,
Health Products and Food Branch

b) Health Products and Food Branch is developing a training program on risk awareness based on a pilot training session delivered in the Healthy Environments and Consumer Safety Branch.

Branch staff

Risk Management Coordination Division,
Health Products and Food Branch

Indian and Northern Affairs Canada

Develop skills and ability with tools and techniques

Program Managers & Officers

Departmental Audit and Evaluation Branch

Public Works and Government Services Canada

Build awareness of a systematic approach to managing risk and tools & techniques

Program Managers & Project Officers

Architectural and Engineering Services

Transport Canada

Build awareness of a continuous, systematic and integrated approach to risk management

Program Managers & Line Staff

Risk Assessment and Safety Studies Branch

Annex 1: Organizations Invited to Participate

Organizations Invited to Participate

Agriculture and Agri-Food Canada
Atlantic Canada Opportunities Agency
Atomic Energy Control Board*
Canada Customs and Revenue Agency
Canada Industrial Relations Board
Canadian Centre for Management Development
Canadian Environmental Assessment Agency
Canadian Food Inspection Agency
Canadian Heritage
Canadian Human Rights Commission
Canadian Institutes of Health Research*
Canadian International Development Agency
Canadian Radio-Television and
Telecommunications Commission
Canadian Space Agency
Canadian Transportation Agency*
Citizenship and Immigration Canada
Correctional Service Canada
Department of Finance Canada
Economic Development Agency of Canada (Quebec)*
Environment Canada
Fisheries and Oceans Canada
Foreign Affairs and International Trade

Health Canada
Human Resources Development Canada
Immigration and Refugee Board*
Indian and Northern Affairs Canada
Industry Canada
Justice Canada
National Defence
National Energy Board
National Parole Board
National Research Council
Natural Resources Canada
Office of the Superintendent of Financial Institutions*
Parks Canada Agency
Public Service Commission
Public Works and Government Services Canada
Royal Canadian Mounted Police
Solicitor General Canada
Statistics Canada
Transport Canada
Treasury Board of Canada Secretariat
Veterans Affairs Canada
Western Economic Diversification*

* indicates organizations unable to participate 


Date modified: