Inventory of Federal Risk Management Tools and Departmental Training
December 2001
Table of Content
- Background
- Note to Readers
- Inventory of Federal Risk Management Tools
- Departmental Training
- Inventory
- Annex 1: Organizations Invited to Participate
Background
Throughout the 1990s, many factors contributed to an increased focus on risk management in the public and private sectors, both domestically and internationally. In Canada, both the Independent Review Panel on the Modernization of Comptrollership (1997) and Results for Canadians (2000) placed increased importance on strengthening risk management and applying risk management principles to effective decision-making and the sound management of resources.
In responding to this priority on the Government's management agenda, the Treasury Board of Canada Secretariat (TBS) established the Centre of Expertise for Risk Management (the Risk Management Directorate, RMD) in 1999 to provide leadership and guidance to strengthen risk management practices across the Federal Government. The RMD has studied and published best practices in risk management, and in April 2001, released the Integrated Risk Management Framework (IRMF) to aid departments in implementing a more systematic and integrated approach to risk management.
To contribute to the advancement of a more integrated and systematic approach to risk management, the RMD commissioned research to take stock of risk management tools and in-house training that are in use or under development in federal departments and agencies. Through document reviews, interviews and telephone surveys, information was collected during the period of September 2000 to January 2001 from departments and agencies at the management and operational levels. Forty-four (44) organizations were invited to participate, and thirty-seven (37) responded (Annex 1).
This document provides a summary and inventory of the research findings. It is our hope that this inventory will provide those starting to implement risk management in their organizations, and even those well on their way, with a mechanism to tap into the variety of approaches and methodologies that exist, foster discussions with others working in risk management across the public service, and support learning from existing experiences.
TBS is grateful to the many departmental participants who took time from their busy schedules to share their knowledge, insights and perceptions on this subject.
Note to Readers
Readers should note that:
- The inventory of tools is not all encompassing, but rather a "snapshot" of what was found based on research constraints such as time and money; the knowledge and perception of selected individuals who were interviewed; and the willingness of departments and agencies to share their information across the federal public service.
- To more accurately reflect our knowledge at the time of publishing, some items in the inventory has been amended to reflect the evolution of the tool as well as organizational changes that have taken place since the initial data collection.
- The tools in this inventory were not validated for their effectiveness, nor is TBS endorsing the tools or imposing their use in other federal organizations. The inventory is a resource to help TBS and departments better understand and build-on what currently exists in the area of risk management.
- Information contained in this inventory is for internal use (federal departments and agencies) and should not be further distributed/ disclosed to non-federal sources without the consent of the source department.
Recognizing that the tools used to manage risk in the federal government are evolving and the limitations of a static inventory, we invite and encourage departments and agencies to advise us of other tools and departmental training that are candidates for possible inclusion in a more comprehensive inventory of risk management tools. TBS is counting on the continued co-operation and collaboration of all departments and agencies to maintain a dynamic inventory of existing risk management tools used by departments.
Inventory of Federal Risk Management Tools
To better understand the state of risk management, organizations were asked to describe the various methodologies that were being employed to help manage risk. The documents, processes and tools/ techniques that were either in use or under development when this research was undertaken were identified and collected in most cases. This information was used to build the inventory.
The research uncovered a wide spectrum of policies, frameworks, guides, systematic processes, tools and techniques being used in departments and agencies across the federal public service. This inventory provides a valuable collection of approaches for managing risk, from strategic, departmental-level policies and frameworks to the operational tools and techniques. Similarly, the sources of the material is equally vast, ranging from products developed in-house, adapted or tailored from existing sources, or licensed from commercial entities.
There were many products and methods developed by departments and agencies which used common descriptive words differently in their titles. For example, many items described with the word "framework" are quite different in nature. The description used to classify products and methods for each discrete category in the inventory is outlined at the beginning of each section.
Departmental Training
As training and development initiatives are key to building federal capacity for risk management, information was collected on the departmental risk management training that was currently being offered or was under development in participating organizations.
Seven organizations had existing risk management courses or courses that were under development. These are outlined in the inventory.
The research also revealed that no federal government training and development organization offered courses exclusively dedicated to risk management in recent years. TBS will work collaboratively with federal partners such as the Canadian Centre for Management Development (CCMD) and Training and Development Canada (TDC) to address this gap.
Policies
Application / Description |
Risk Areas |
Organization/Contact |
---|---|---|
Canada Customs and Revenue Agency (CCRA) In an effort to move toward a more integrated risk management corporate culture, the Agency is in the process of formalizing a risk identification process that will lead to the establishment of a risk inventory for consideration by the Agency Management Committee and the Board of Management. This exercise may result in further changes to the Policy. |
All |
Corporate Planning, |
Canadian Space Agency (CSA) |
Project, |
Standardization and Risk Management, |
Indian and Northern Affairs Canada (INAC) |
All |
Departmental Audit and Evaluation Branch, |
National Parole Board (NPB) |
Safety, Security |
Policy, Planning and Operational Division, |
Public Works and Government Services Canada (PWGSC) The IRM Policy is part of a departmental IRM Framework, which is discussed under the section "Frameworks." The IRM Policy requires all Branches to have a "general purpose" risk management process in addition to any special purpose process they may use. The department's general purpose process is set out in an appendix in their IRM Framework. |
All |
Corporate Planning Directorate, |
Transport Canada (TC) |
All |
Comptrollership Office, |
Treasury Board (TB) The TB Risk Management Policy provides a four-step process to manage risk across the spectrum of: before the incident (identification and minimization phases), during an incident (containment phase) and after an incident (compensation and recovery phase). The TB Policy includes guidelines for each of the four phases. |
All |
Risk Management Directorate, |
Frameworks
Application / Description |
Risk Areas |
Organization/Contact |
---|---|---|
Agriculture and Agri-Food Canada (AAFC) |
All |
Strategic Management Directorate, |
Canadian Heritage (PCH) The IRM Framework defines types and sources of risk as it may impact the organization at the strategic, operational and project levels. It also defines the department's general risk management policy and proposes the use of several tools, including a Risk Assessment Matrix -- with clear definitions of "impact" and "likelihood". Implementation of the IRM Framework is being piloted in 2001-2002 through workshops. |
All |
Corporate Review Branch, |
Canadian Space Agency (CSA) The CSA Risk Management Framework includes provisions to identify and manage risks in accordance with the principles of modern comptrollership. The key parameters are as follows:
|
All |
Standardization and Risk Management, |
Fisheries and Oceans Canada (DFO) |
Safety, Environment, |
Risk Management Decision Support, |
Health Canada (HC)
These steps are presented in a circular model. The model places "Involve Interested and Affected Parties" at the centre of the process. The document details the elements of each step when dealing with health risk, and identifies a number of Guidelines in support of the detailed steps. These guidelines are listed in the section on "Guides." HC has also established a Risk Management Committee (RMC) in its Health Products and Food Branch. The RMC is tasked with identifying emerging risk management issues that would potentially require the collective attention of program managers to assess the nature and level of health risk and develop options for the management of risk and risk communication strategies. If the RMC identifies an emerging issue as having potentially high visibility, or as having major implications for the health and safety of Canadians, it is referred to the Departmental Executive Committee sub-committee on Risk Management. |
Health, |
Health Products and Food Branch |
Indian and Northern Affairs Canada (INAC) |
All |
Departmental Audit and Evaluation Branch, |
Public Works and Government Services Canada (PWGSC) |
All |
Corporate Planning Directorate, |
Treasury Board of Canada Secretariat (TBS) The TBS Framework is composed of four elements:
The TBS Framework describes each of the elements and suggests a number of roles and responsibilities for shared leadership in moving toward integrated risk management. |
All |
Risk Management Directorate, |
Guides
Application / Description |
Risk Areas |
Organization/Contact |
---|---|---|
Atlantic Canada Opportunities Agency (ACOA) ACOA has developed Risk Management and Project Monitoring Guidelines. These guidelines outline a risk matrix to aid in the assessment of ACOA's level of risk for investing in a given project. Details on five (5) types of characteristics and a five (5) tier risk gradation model are provided. The guidelines recommend the extent of monitoring required based upon level of risk. |
Financial | Programs Branch |
Health Canada (HC)
|
Health, Safety | Health Products and Food Branch |
Human Resources Development Canada (HRDC) This guide provides advice on risk concepts, facilitated practices and organizing risk assessment sessions. |
All |
Internal Audit and Risk Management Services, Financial and Administrative Services |
Indian and Northern Affairs Canada (INAC) INAC produced a guide called Responsible Risk-Taking for Innovation and Results (2000) and communicated it to all staff. This guide was created to give employees context for managing risk in their work, and to describe some strategies and tools for building that competency into daily decision-making. |
All |
Departmental Audit and Evaluation Branch, |
National Parole Board (NPB) NPB also has a Board Member Risk Assessment Manual, covering risk theory, its application to prediction and risk assessment relating to specific situations such as mentally disordered offenders, sex offenders and violent offenders. |
Safety, Security |
Professional Development and Decision Processes Division, Executive Vice-Chairperson's Office |
Natural Resources Canada (NRCan) NRCan has incorporated Risk Management practices in the NRCan Guide to Good Management. This guide is designed to help the department improve its performance and to establish a sound management approach. Responsible risk-taking is one of the competencies NRCan has adopted for its leaders. Within its seven elements, which include Leadership and Planning, this guide shows NRCan employees where risk management can be applied. |
All |
Excellence NRCan, Strategic Planning and Coordination Branch |
Parks Canada Agency (PCA) PCA has developed a Visitor Risk Management Handbook. It provides a guide for managing public safety programs, drawing upon principles of risk management and visitor management. The Handbook aids managers in the completion of risk analyses and in developing public safety plans for national parks, historic sites, canals and marine conservation areas enabling field managers to meet requirements set out in Parks Canada's Guiding Principles and Operational Policies and management directives. The Handbook provides a structure to assess risk and co-ordinate public safety efforts. It offers tips on how to rationalize existing and future safety measures. |
Safety |
Ecological Integrity, |
Systematic Processes
For the purposes of this inventory, systematic processes refer to the step-by-step procedures to help facilitate decision-making. Generally, the steps in the process should be completed in a certain order but there can be variation in the number and content of the steps.
1. Enhanced Management Framework (EMF) for IM/IT
The Enhanced Management Framework for IM/IT was developed by the Chief Information Officer Branch, Treasury Board Secretariat as an integrated management model. It is comprised of principles, best practices, methodologies, tools, and templates, and was designed to improve the government's capability to manage its IM/IT investments, successfully deliver IM/IT projects and minimize risks.
The EMF is based on four guiding principles:
- Align IM/IT investments with business strategies;
- Establish clear accountabilities for managing IM/IT investments;
- Develop corporate project management disciplines; and
- Identify and manage risks on a continuous basis.
EMF provides tools and links to industry standards to support implementing a risk management discipline in compliance with Treasury Board policies and guidelines.
One such industry standard is the Software Engineering Institute's (SEI) Continuous Risk Management Methodology. The Public Works and Government Services Canada's Institute offers a course in the SEI methodology and has trained 340 public servants, mostly in IM/IT, since 1997.
The Chief Information Officer Branch of TBS, together with PWGSC, has established an Expert Services Supply Arrangement with qualified external experts in risk management.
http://www.tbs-sct.gc.ca/emf-cag/index-eng.asp
http://www.pwgsc.gc.ca/text/government/index-e.html
http://www.pwgsc.gc.ca/ames/text/risk_index-e.html
Application / Description |
Risk Areas |
Organization/Contact |
---|---|---|
Public Works and Government Services Canada (PWGSC) |
Project |
Application Environment Services Directorate, Application Management Services Sector |
Treasury Board of Canada Secretariat (TBS) |
Project |
Enhanced Management Framework Division, |
Systematic Processes
2. Project Management Institute (PMI) Process
The PMI process is based upon the Project Management Body of Knowledge (PMBOK). Project risk management includes the processes concerned with identifying, analyzing, and responding to project risk.
The process itself contains six steps: Risk Management Planning; Risk Identification; Qualitative Risk Analysis; Quantitative Risk Analysis; Risk Response Planning; and Risk Monitoring and Control (PMBOK Guide, 2000). This process has been expanded from the 1996 version which had four steps: Risk Identification; Risk Quantification; Risk Response Development; and Risk Response Control.
http://www.pmi.org/Pages/default.aspx
Application / Description |
Risk Areas |
Organization/Contact |
---|---|---|
Public Works and Government Services Canada (PWGSC) The Real Property Services (RPS) Branch of PWGSC uses the PMI process as the basis of its training of Property Managers responsible for building and construction projects. The RPS Risk Management Process, while based on PMI, has five key steps: Understand Objectives; Risk Identification; Risk Analysis; Risk Response; and Monitoring and Reporting. (Project Risk Identification has a focus on cost, schedule quality and safety). |
Project |
Architectural and Engineering Services, |
Systematic Processes
3. Canadian Standards Association Q850 Risk Management Process
The Canadian Standards Association Q850 process is a national standard of Canada for risk management. It has been developed as a guideline for decision-makers.
Q850 sets out a six-step process for risk management that include risk analysis, assessment and evaluation, development of risk control measures, and implementation and monitoring of the chosen control measures. In the Q850 process, risk communications and consultations with stakeholders are an important part of each step in the decision process.
http://www.csa.ca/Default.asp?language=english
http://alert.scc.ca/std_e/std6777.html
Application / Description |
Risk Areas |
Organization/Contact |
---|---|---|
Natural Resources Canada (NRCan) |
Environmental, Social, Economic |
Sustainable Development Policy Integration Division, |
Transport Canada (TC) |
Safety |
Risk Assessment and Safety Studies Branch, |
Custom Systematic Processes
Application / Description |
Risk Areas |
Organization/Contact |
---|---|---|
Agriculture and Agri-Food Canada (AAFC) |
Assets, Environmental, |
Asset Management and Capital Planning Directorate, |
Canadian Environmental Assessment Agency (CEAA) The Citizen's Guide of the Canadian environmental assessment process provides the following general information on key aspects of the process as described in the Canadian Environmental Assessment Act:
|
Environmental |
|
Canadian Food Inspection Agency (CFIA) |
Animal Health, |
Science Division, |
Canadian International Development Agency (CIDA) |
Political, Economic, Social, Security, Environmental |
Performance Review Branch |
Fisheries and Oceans Canada (DFO) The guidelines were introduced in October 2000 for trial applications aimed at demonstrating the potential of utilizing a systematic (formal) risk management process. The steps identified are:
A guideline document explains each step and provides suggested techniques for addressing each step. |
Safety, Environmental |
Risk Management Decision Support, |
Human Resources Development Canada (HRDC) HRDC has developed worksheets and other tools and techniques to help carry out the process. |
Strategic, Operational, Project |
Internal Audit and Risk Management Services, |
Indian and Northern Affairs Canada (INAC) Steps in the Expanded Process are:
Steps in the General Purpose Process are:
Supporting worksheets, tools and training courses have been developed for both processes. The Expanded Process is targeted to the analysis of issues that have significant stakeholder involvement. The General Purpose Process is used for general management issues and/or stakeholder issues. |
Liability, Operational |
Departmental Audit and Evaluation Branch, |
National Defence (DND) The Tools and Techniques section provides examples of the features provided to enable the systematic process. |
Project, Financial |
Material Acquisition and Support Sector |
National Energy Board (NEB) The NEB also has a systematic risk based approach for selection of the companies it audits. |
Safety, Environmental |
Operations Branch |
Transport Canada (TC)
|
Safety |
Risk Management and Safety Studies Branch, |
Tools and Techniques
Application / Description |
Risk Areas |
Organization/Contact |
---|---|---|
Agriculture and Agri-Food Canada (AAFC) |
All |
Review Branch |
Atlantic Canada Opportunities Agency (ACOA) |
Financial |
Program Branch |
Canada Customs and Revenue Agency (CCRA)
|
Operational, Financial |
Corporate Planning, |
Canadian Heritage (PCH) Upon completion of the pilot application, PCH will roll out the Project Complexity Assessment Matrix to all programs. |
Financial, Reputation |
|
Canadian Space Agency (CSA) |
All |
Standardization and Risk Management, |
Communication Canada |
All |
|
Fisheries and Oceans Canada (DFO) ORCA allows a user to weight and combine criteria data into a risk index. This index approach is often called Multi-Criteria Decision Analysis and is commonly used to order complex requests for proposals, alternate policies, options and strategies. Study area risk index values for a given safety program can be compared to study area expenditures for the program, and potential anomalies identified. Allocation and/or re-allocation of CCG resources can then be undertaken in a manner consistent with risk generated demand. ORCA also allows data to be easily displayed in bar charts and map formats, permits the visual comparison of criteria data sets, and could support a standardized marine reference source. CCG is reviewing the possibility of making the system web-based to make the ORCA Systems available to a broader range of CCG users and to assess ways for efficiently updating and/or adding to the referenced data series. |
Safety, Environment, Financial, Organizational |
Risk Management Decision Support, |
Foreign Affairs and International Trade (FAIT) |
Financial |
Corporate Finance, Planning and Systems Bureau, |
Health Canada (HC) |
All |
Health Products and Food Branch |
Human Resources Development Canada (HRDC)
|
All |
Internal Audit and Risk Management Services, |
Indian and Northern Affairs Canada (INAC)
|
All |
Departmental Audit and Evaluation Branch, |
Industry Canada (IC) |
Financial, |
Programs and Services Branch, |
Justice Canada (DOJ)
|
Legal |
Legal Risk Management |
National Defence (DND)
|
Project |
Material Acquisition and Support Sector |
National Defence (DND) |
Natural Hazards |
|
National Energy Board (NEB) |
Safety, Environmental |
Operations Branch |
Public Works and Government Services Canada (PWGSC) The BDP group has also done an analysis of the most popular risk management system programs, namely:
Each was evaluated for its ability to support risk management in terms of continuous risk identification, analysis, planning, monitoring, control, reporting, and communications. |
Procurement |
|
Tools and Techniques - Control and Risk Self-Assessment (CRSA)
Application / Description |
Risk Areas |
Organization/Contact |
---|---|---|
Canada Customs and Revenue Agency (CCRA) |
Operational, Financial |
Corporate Planning, |
Indian and Northern Affairs Canada (INAC) DAEB has also applied risk based auditing to a number of projects for the past five years. |
All |
Departmental Audit and Evaluation Branch, |
Natural Resources Canada (NRCan) |
All |
NRCan Risk Management Initiative, |
Departmental Training
Department |
Course Purpose |
Target Audience |
Contact |
---|---|---|---|
Canada Customs and Revenue Agency |
Introduce basic risk management techniques. |
Program Managers & Officers |
Internal Audit Division |
Department of National Defence |
Build awareness of a systematic approach to managing risk. |
Program Managers |
Director General Financial (SFFO and Departmental Comptroller) |
Basic and Intermediate Project Management Courses - each has a risk management module providing guidance on how to manage and mitigate risk in Capital projects. |
Project Management Practitioners |
Materiel Acquisition and Support Program |
|
Risk Management - course aimed at managing and mitigating risk in Capital projects. |
Project Management Practitioners |
Materiel Acquisition and Support Program |
|
Human Resources Development Canada |
Managing Risk at HRDC, A Guide to Facilitating Risk Self-Assessment Sessions - provides a step-by-step guide to applying the risk self-assessment approach to managing risks and the corresponding tools used in the process. |
IARMS staff and others who would like to facilitate an RSA session |
Internal Audit and Risk Management Services |
Risk Management Training - designed to provide an overview of the risk management process in HRDC, TBS integrated risk management and the risk self-assessment process in particular. The course also provides an overview of the various tools designed to assist managers. |
Operational Managers |
Internal Audit and Risk Management Services |
|
Risk Management Training- Instructors Manual - a tool developed as an aide to anyone who wants to deliver the one-day Risk Management Training. |
Potential instructors for the risk management training courses |
Internal Audit and Risk Management Services |
|
Health Canada |
Health Canada has a number of training initiatives to strengthen risk management practices and awareness of a systematic approach to managing risk. For example: |
||
a) Policy Development Curriculum - uses the Health Canada Decision Making Framework as its basis and includes discussion of risk management/ risk communication in the introductory sessions. Other components of the Curriculum are also risk related (e.g., a module on risk-benefit assessment). |
Health Canada employees |
Continuing Education and Training Programme, |
|
b) Health Products and Food Branch is developing a training program on risk awareness based on a pilot training session delivered in the Healthy Environments and Consumer Safety Branch. |
Branch staff |
Risk Management Coordination Division, |
|
Indian and Northern Affairs Canada |
Develop skills and ability with tools and techniques |
Program Managers & Officers |
Departmental Audit and Evaluation Branch |
Public Works and Government Services Canada |
Build awareness of a systematic approach to managing risk and tools & techniques |
Program Managers & Project Officers |
Architectural and Engineering Services |
Transport Canada |
Build awareness of a continuous, systematic and integrated approach to risk management |
Program Managers & Line Staff |
Risk Assessment and Safety Studies Branch |
Annex 1: Organizations Invited to Participate
Agriculture and Agri-Food Canada |
Health Canada |
* indicates organizations unable to participate
- Date modified: