Treasury Board of Canada Secretariat
Symbol of the Government of Canada
Skip to content   Skip to institutional links

Common menu bar links

Breadcrumb Trail

Home  > 

Institutional links

  • Menu

Versions


ARCHIVED - Best Practices in Risk Management: Private and Public Sectors Internationally


Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

Appendix A

Statement of Work

The following work applies to scope parts a) and b) and will take into account information available from TBS, such as the work already done by the Financial Management Standards Division in preparing papers on Financial Risk Management Strategy and Guide to Business Risk Management and the Assessment Framework for Modernizing Comptrollership prepared by the Comptrollership Modernization Office.

  1. Literature Review-The contractor will identify and review literature on risk management practices, as appropriate to the project scope a) or b).
  2. Identification of Best Practices-The contractor will identify companies and organizations that appear to be using innovative or best practice approaches to risk management.
  3. Focused Research-Additional information will be collected on the strategies, approaches, methods, tools and techniques in use by the companies and organizations identified in Step 2 through interviews, telephone interviews, and/or requests for documentation.
  4. Report Writing-The contractor will document the identified best practices in the form of a draft and final report and make recommendations on their usefulness and applicability in the Canadian federal government context.

Appendix B

Bibliography

A CFO'S View. Vol. 44, Risk Management, New York, September 1997, pp. 21-27.

A change at the helm. Vol. 44, Risk Management, New York, April 1997, pp. R26-R28.

A Texas-Size. Risk Management, December 1998, pp. 16-17.

A World of Risk. Risk Management, January 1998, pp. 11.

Abbott, Howard. Food for Thought. Vol. 5, No. 9, International Risk Management, October 1998, p. 31.

Abbott, Howard. Taking the Rap. Vol. 5, No. 4, International Risk Management, April 1998, p. 24.

Adopting an Enterprise-Wide Approach to Risk. Risk Management, January 1998, pp. 16-17.

Aftermath of Bank Crisis - Better Supervision is Needed. Financial Times, Reuter Textline, March 14, 1997.

Age-old problem improving. Vol. 44, Risk Management, New York, August 1997, p. 6.

Allen, Anne B. Ghostly tales of opportunities for change: A legislative carol. Vol. 44, Risk Management, New York, December 1997, p. 66.

Allen, Anne B. Toward a better standard. Vol. 44, Risk Management, New York, January 1997, p. 54.

Anonymous. Job and family in balance. Risk Management, New York, November 1996.

Australia: Corporate Treasurers Lack Adequate Systems. Australian Banking and Finance, December 1997.

Bagneschi, Linda. Pollution prevention: The best-kept secret in loss control. Vol. 45, Risk Management, New York, July 1998, pp. 31-38.

Balcer, Georges. A forum for quality. Vol. 44, Risk Management, New York, January 1997, p. 62.

Baldry, David. The evaluation of risk management in public sector capital projects. Vol. 16, No. 1, International Journal of Project Management, 1998, pp. 35-41.

Barbuti, Jim. A new philosophy: Risk financing for the middle market. Risk Management, New York, Apr. 1996.

Barlow, Douglas. The Essence of Risk Management. Risk Management, September 1998, p. 88.

Barrett, Pat. Better Practice Principles for Performance Information. Australian National Audit Office.

Barrett, Pat. Selecting Suppliers-Managing the Risk. Australian National Audit Office, October 1998.

Beer, Stan. Australia: News - Bug-battle Bill Blows Out By Billions. Australian Financial Review, December 2, 1998, p. 1.

Bernens, Robert. Establishing Expected Practices. Risk Management, January 1997, pp. 14-16.

Berry, Andrew and Phillips, Julian. Pulling it together. Vol. 45, Risk Management, New York, September 1998, pp. 53-58.

Bieber, Robert. Bridging the Gap: Using Effective Communications to Improve Corporate Risk Management. Risk Management, February 1997, pp. 39-41.

Borst, JJ. Value at Risk in the Dutch Steel Industry. Tijdschrift Voor Corporate Finance (The Netherlands), Fall 1997.

Bryson, Nancy S. and Donohue, Brian G. Improving risk management decisions: A new road map and some specific destinations of interest. Vol. 6, No. 4, Environmental Quality Management, Summer 1997, pp. 85-89.

CBRA Methodology Guide.

CFOs on financial hiring. Vol. 45, Risk Management, New York, September 1998, p. 8.

Chand, Sooran and James, Sbrolla. A Director's Nightmare. Ivey Business Quarterly, Winter 1998.

Chapman, C. and Ward, S. Project Risk Management: Processes, Techniques and Insights. John Wiley and Sons, Chichester, 1997.

City of Santa Clara Moving Ahead: Silicon Valley Power, Engage Energy From Alliance. BUSINESS WIRE PR Newswire Reuter Textline.

Clack, Peter. Australia: Business Declares War on Fraud. Reuters Business Briefing, Jan. 25, 1999.

Clayton, Michelle. RMA releases risk survey. Vol. 7, No. 12, UMI, Inc. America's Community Bankers, 1998, p.7.

Coastal Corporation Re: Joint Venture's Alliance. Regulatory News Service, BUSINESS WIRE PR Newswire Reuter Textline, Dec. 17, 1997.

Collier, Rick. A better approach: Wrap-ups deliver construction savings. Vol. 45, Risk Management, New York, March 1998, pp. 26-30.

Company Directors Want Risk Protection. Sydney Morning Herald, Reuter Textline, July 30, 1996.

Comptroller General of the United States. Major Management Challenges and Program Risks: A Government wide Perspective. January 1999.

Cornford, Andrew. Some recent innovations in international finance: Different faces of risk management and control. Vol. 30, No. 2, Journal of Economic Issues, June 1996, pp. 493-508.

Corporate culture a concern for job seekers. Vol. 43, Risk Management, New York, Aug. 1996, p. 9.

Country Briefing. BAe rethinks risk management. EIU Country Alerts Economist Intelligence Unit, Sept. 4, 1998.

Covello, Dr. Vince. Crims '98 New Frontiers: Explore, Chart and Conquer. Risk Communication (Plenary Session), October 4-7, 1998.

Crockett, James, Pare, Carolyn, Montanez, William, Anello, Angelo, and et al. The future of employee benefits. Vol. 44, Risk Management, New York, June 1997, pp. 28-34.

Curbing sexual harassment complaints. Vol. 44, Risk Management, New York, January 1997, p. 52.

Davenport, John A. Loss control technologies. Vol. 44, Risk Management, New York, March 1997, pp. 30-34.

Davies, Anthony. New Zealand: Compliance - Keeping up with the Regulators. Independent Business Weekly (NZ), September 30, 1998.

Deanna Bellandi. The Expanding Reach of Risk Management: Suburban Heights Medical Center: Judges. 1997 Crain Communications Inc.

DePinto, Gary. Managing factory risk to improve customer satisfaction. Semiconductor International, June 1997, pp. 179-186.

Dickson, Thomas R. The evolution of risk financing. Vol. 43, Risk Management, New York, August 1996, p. 15.

Dorn, Mark. Vendors sell peanuts partners sell solutions. Vol. 45, Risk Management, New York, October 1998, pp. 14-16.

Driving change. Vol. 45, Risk Management, New York, December 1998, pp. 56-57.

Duden, David P. From data to decisions: Selecting risk management software. Vol. 43, Risk Management, New York, December 1996, pp. 33-35.

Edlin, Bob. New Zealand: Luxton Lunges at Red Tape While Business Champs at Bit. Independent Business Weekly (NZ), October 10, 1997.

Environmental Risk Management becoming a concern to Hospital Executives. Vol. 13, No. 1, 1998 Information Access Company, a Thomson Corporation Company, IAC (SM) Newsletter Database Business Word, Inc.

Ernst & Young. The Hidden Risks of Risk Management. Ernst & Young 1998.

Ewing, Lance. How to make a difference. Risk Management, New York, November 1998, Vol. 45, p. 12.

Fatal distractions. Vol. 45, Risk Management, New York, October 1998, p. 9.

Fed's Meyer calls for better bank capital Standard. BUSINESS WIRE PR Newswire Reuter Textline, March 2, 1998.

Feldman, Paul. Risk Managers' Global Concerns. Risk Management, June 1998, p. 64.

Feldman, Paul. The case for peer review. Vol. 45, Risk Management, New York, April 1998, p. 104.

Fenelle, Cheryl. "Partnerships-mirage or reality?". Risk Management, New York, May 1996.

First aid for disaster-struck businesses. Vol. 44, Risk Management, New York, May 1997, p. 8.

Fixing broken bucks: Fidelity proposes new captive use. Vol. 44, Risk Management, New York, December 1997, p. 42.

From the ground up. Vol. 45, Risk Management, New York, December 1998, pp. 48-52.

Gal, T. and H.J. Greenberg (eds) Advances in Sensitivity Analysis and Parametric Programming. Kluwer Academic Press, London, 1997.

Gentile, Mary C. Setting the right course: Business ethics. Vol. 45, Risk Management, New York, September 1998, pp. 26-34.

Gerber, Joseph A. and Glazer, Richard C. Seeking responsibility: Recovery for risk managers. Vol. 45, Risk Management, New York, February 1998, pp. 40-44.

Getting people involved. Vol. 43, Risk Management, New York, September 1996, p. 56.

Gluyas, Richard. Australia: Governance Bombshell - Only 1 in 10 Up to Scratch. Australian, April 17, 1997, p. 17.

Grabowski, Martha and Roberts, Karlene. Risk mitigation in large-scale systems: lessons from high reliability organizations. Vol. 39, No. 4, 1997 Information Access Company, a Thomson Corporation Company, 1997 Regents of the University of California, California Management Review, p.152.

Grapperhaus, Roberta. Management's Perspectives on Risk. Risk Management, September 1997, pp. 11-16.

Grapperhaus, Roberta. Measuring up: How risk managers apply the cost of risk survey results. Vol. 45, Risk Management, New York, January 1998, pp. 27-29.

Group Success. Risk Management, December 1998, pp. 53-54.

Guidelines for Managing Risk in the Australian Public Service. Joint publication of the Management Advisory Board and its Management Improvement Advisory Committee, MAB/MIAC Report No. 22, October 1996.

Hackett, Lloyd. Mastering disasters in Canada. Vol. 45, Risk Management, New York, April 1998, p. 98.

Haines, Joe. Not up to Scratch. Vol. 1, No. 2, Public Sector Risk Management, an Emap Business Publication, Autumn 1996, p. 23.

Hallam, Kristen. Healthcare International: Taking a Global Risk; MMI Cos Sees Gold in Foreign Malpractice Insurance. Modern Healthcare, November 2, 1998, p.40.

Hanley, Mike. Assured of a Greener Future. Vol. 5, No. 4, International Risk Management, An Emap Business Publication, April 1998, p. 27.

Hanley, Mike. Bespoke Solutions. Vol. 5, No. 8, International Risk Management, An Emap Business Publication, September 1998, p. 27.

Hanley, Mike. Chain Reactions. Vol. 6, No. 1, International Risk Management, An Emap Business Publication, December 1998/January 1999, p. 23.

Hanley, Mike. Containing the Colossus. Vol. 5, No. 4, International Risk Management, An Emap Business Publication, April 1998, p.18.

Hanley, Mike. Made to Measure. Vol. 5, No. 7, International Risk Management, July/August 1998, An Emap Business Publication, p. 22.

Hansen, Larry. Loss Control Strategies for. Risk Management, October 1998, pp. 38-41.

Hansen, Mark D. and Kysar, David S. Making the right moves: Implementing effective ergonomics management. Vol. 44, Risk Management, New York, February 1997, pp. 50-54.

Harper, Timothy F. Sharing our sandbox: Commonsense advice from an aviation risk manager. Vol. 44, Risk Management, New York, October 1997, pp. 35-40.

Harpole, Tom. Weathering the storm. Vol. 46, Risk Management, New York, January 1999, pp. 47-49.

Have Financial Institutions put the Development of Better Risk Management Systems on the Back Burner? American Banker, Reuter Textline, March 4, 1996.

Hawkins, Kyleen W. and Bill Huckaby. Using CSA to Implement COSO; Control Self-Assessment. Vol. 55, No.3, Institute of Internal Auditors, p.50.

Head, George L. Risk management education goes global. Risk Management, New York, June 1996.

Hedging profits weather or not. Vol. 45, Risk Management, New York, February 1998, p. 9.

Hein, Eric P. and O'Malley, Michael J. Two birds with one stone. Risk Management, New York, April 1996.

Hendriks, Martien. Project Risk-mapping. No. 19, Projectie (The Netherlands), September 1997.

HK Banks Remain Strong Despite Loan Losses - Study. Reuter News Service-Far East, Reuter Textline, May 8, 1997.

HM Treasury - Better Value for Money in Public Sector Construction Contracts. Hermes - UK Government Press Releases Reuter Textline, September 26, 1997.

Hodges, Alan. Towards a National Disaster-Mitigation Strategy. Australasian Fire Authorities Council 1997 Annual Conference, October 12, 1997.

Hohmann, Samuel F. Healthcare Cost of Risk Initiative: Preliminary findings. Vol. 50, No. 6, 1999 UMI., Healthcare Financial Management, June 1996, pp. 60-67.

Hopkins, Deborah C. Case Study-Introducing Business Risk Management, Global Council on Risk Management. General Motors Corporation, June 5, 1997.

How the damage is done. Vol. 45, Risk Management, New York, May 1998, p. 32.

Hunt, Ben, and Peto, Hugh. Forward Thinking. Vol. 5, No. 7, International Risk Management, An Emap Business Publication, July/August 1998, p. 32.

Hunt, Ben. Balancing Risk and Reward. Vol. 5, No. 9, International Risk Management, October 1998, An Emap Business Publication, p. 22.

Hunt, Ben. Colin Witheat. Vol. 6, No. 2, International Risk Management, An Emap Business Publication, February 1999, p. 30.

Hunt, Ben. On the Crest of a Global Wave. Vol. 4, No. 13, International Risk Management, March 1998, An Emap Business Publication, p. 21.

Hunt, Ben. Profile: Ray Matholie. Vol. 5, No. 9, International Risk Management, October 1998, An Emap Business Publication, p. 28.

Hunt, Ben. Staying out of Court. Vol. 6, No. 2, International Risk Management, An Emap Business Publication, February 1999, p. 20.

Improving ethical standards. Vol. 45, Risk Management, New York, June 1998, p. 9.

Increasing the odds. Vol. 45, Risk Management, New York, December 1998, pp. 32-34.

Institute of Interal Auditors-Australia, Australian Control Criteria: Effective Internal Control to Achieve Business Objectives within an Acceptable Degree of Risk. Exposure draft, March 1998.

Integrating. Risk Management, December 1997, pp. 48-49.

Investing in employee's futures. Vol. 44, Risk Management, New York, April 1997, p. 14.

Irvine, Julia. Taking a calculated risk. Vol. 122, No. 1263, 1998 UMI, Inc., Institute of Chartered Accountants in England & Wales 1998, Accountancy, pp.42-43.

Jegher, Simon. Flexible Structure: Managing Financial Risk. Risk Management, January 1999, pp. 29-33

Jorgensen, Lori. Connection to risk? Managing the exposures of cyberspace. Vol. 45, Risk Management, New York, February 1998, pp. 14-19.

Kelly, William J. The role of management consultant. Vol. 45, Risk Management, New York, January 1998, p. 50.

Kelly, William. Policies for the Real World. Vol. 4, No. 13, International Risk Management, March 1998, An Emap Business Publication, p. 25.

Kirby, Anne. Controlling Comp Costs? Risk Management, March 1997, pp. 37-44.

Kirkwood, Don. Australia: Smaller Companies Risk Financial Loss. Business Queensland, 1998 Business Newspapers Australia Pty Ltd., April 20, 1998.

Knight, Curtis. Statement on best practices. Vol. 80, No.6, Journal of Lending & Credit Risk Management, Feb. 1998, p. 79.

Knight, Rory F. and Pretty, Deborah J. Value at risk: The effects of catastrophes on share price. Vol. 45, Risk Management, New York, May 1998, p. 39-41.

Knowledge Management: Leveraging Information. GartnerGroup, Conference Presentation, 1998.

Kroll, Karen M. Integrated Risk - Corporate Insurance. Vol. 247, No.2, Industry Week, p.77.

Lam, James C. and Kawamoto, Brian M. Emergence of the Chief Risk Officer. Risk Management, September 1997, pp. 30-35.

Lange, Scott. Disaster planning: The challenge within. Vol. 45, Risk Management, New York, May 1998, pp. 34-37.

Larner, Digby. Benchmark or Impediment? Vol. 5, No. 7, International Risk Management, An Emap Business Publication, July/August 1998, p. 35.

Levin, Michael R. and Rubenstein, Michael L. A Unique Balance: The Essence of Risk Management. Risk Management, September 1997, pp. 37-40.

Liethhead, Barry S. Managing "people" risks. Vol. 55, No. 6, 1998 UMI, Inc., Institute of Internal Auditors Inc. 1998, Internal Auditor, pp.66-67.

Limperis, John. EDI Bringing workers' comp up to speed. Vol. 45, Risk Management, New York, October 1998, pp. 29-30.

Logue, Dennis. Australia: Supplement - Managing Currency Risk in a Volatile World. Australian Financial review, November 25, 1998, p. 6.

Mair, David L. Quality through diversity. Vol. 44, Risk Management, New York, November 1997, p. 68.

Managing risk, FNB, p. 67.

Managing Risks - Top-down Coordination is Crucial. Business Times (Singapore) Reuter Textline, October 22, 1997.

Matheson, David and Matheson, Jim. Get Smart About Big Risks. Risk Management, September 1998, pp. 73-76.

McGahern, Rachael. Super Highway Bandits. Vol. 5, No. 9, International Risk Management, An Emap Business Publication, October 1998, p. 25.

McGuaig, Bruce. Auditing, Assurance, & CSA; Control Self-Assessment. Includes Related Articles on CSA Approaches, Assurance Strategies and Definition of Controls, Vol. 55, No. 3, Institute of Internal Auditors, p. 43.

McNamee, David. Risk Management Today and Tomorrow, Management Control Concepts.

McNamee, David. Risk-based auditing. Includes related article on risk-based audits at Royal Bank of Canada, 1997 Information Access Company, a Thomson Corporation Company, 1997 Institute of Internal Auditors.

Meet the risk manager. Vol. 43, Risk Management, New York, August 1996, p. 41.

Meltzer, Susan. Limits on a company's ability to manage risk.Vol. 44, Risk Management, New York, January 1997, pp. 18-20.

Mendzela, Elisa. Managing Customer Risk. Chartered Accountants Journal, April 1998, p. 27-29.

Miccolis, Jerry A. and Quinn, Timothy P. What's your appetite for risk? Determining the optimal retention. Risk Management, New York, April 1996.

Millonzi, Kay and Passannante, William G. Beware of the pirates: How to protect intellectual property. Vol. 43, Risk Management, New York, August 1996, p. 39.

Mills, Evan, Deering, Ann and Vine, Edward. Energy Efficiency: Proactive Strategies for Risk Managers. Risk Management, March 1998, pp. 12-16.

Nichols, David. A changing landscape: Construction risk management. Vol. 43, Risk Management, New York, November 1996, pp. 17-20.

Norton, Phillip N. D&O: Past, present and future. Vol. 45, Risk Management, New York, February 1998, pp. 21-27.

Parry, John. Profile: Endesa's Vincente Martin. Vol. 5, No. 6, International Risk Management, An Emap Business Publication, June 1998, p. 23.

Paul-Choudury, Sumit and Alison. Firm-wide risk management: summing it all up - EIU/SPECIAL REPORT, Corporate Research. Report, September 1998

Pearson, Judith. Preventing sexual harassment: Risk management tools.Vol. 44, Risk Management, New York, January 1997, pp. 25-28.

Pelland, Dave. Emerging markets, emerging risks. Vol. 44, Risk Management, New York, February 1997, p. 60.

Pelland, Dave. Extortion risk awareness increasing: Exporting products, importing risk. Risk Management, New York, October 1997, Vol. 44, p. 10.

Pelland, Dave. Globalization Changing Roles, Shrinking Industries. Risk Management, April 1998, p. 96.

Pelland, Dave. Greater emphasis on financial skills: Changing face of risk management. Vol. 44, Risk Management, New York, April 1997, p. 108.

Pelland, Dave. Planning to survive. Vol. 43, Risk Management, New York, September 1996, p. 10.

Pelland, Dave. Resources for international risk managers: Global guidance. Vol. 44, Risk Management, New York, August 1997, p. 12.

Pelland, Dave. Risk manager applies quality: Litigation management. Vol. 44, Risk Management, New York, December 1997, p. 68.

Pelland, Dave. Several Trends Influencing Risk Management: Future Success Stories? Risk Management, December 1997, p. 72.

Pelland, Dave. Standing guard against fraud. Vol. 45, Risk Management, New York, February 1998, p. 6.

Perkins, Pia. An Integrated Solution. Vol. 4, No. 13, International Risk Management, An Emap Business Publication, March 1998, p. 28

Perkins, Pia. Break for the Border. Vol. 6, No. 1, International Risk Management, An Emap Business Publication, December 1998/January 1999, p. 26.

Perkins, Pia. Leading Lights. Vol. 5, No. 5, International Risk Management, An Emap Business Publication, May 1998, p. 18.

Perkins, Pia. What Do You Think Chief? Vol. 5, No. 7, International Risk Management, An Emap Business Publication, July/August 1998, p. 22.

Perkins, Pia. You keep me hanging on. Vol. 5, No. 4, International Risk Management, An Emap Business Publication, April 1998, p. 30.

Perkins, Pia. Profile: Judith Hanratty. International Risk Management, July/August 1998.

Peto, Hugh. Customised Solutions. Vol. 6, No. 2, International Risk Management, An Emap Business Publication,February 1999, p. 25

Pittsburgh gives it their best. Vol. 44, Risk Management, New York, December 1997, p. 50.

Promoting healthy living. Vol. 44, Risk Management, New York, October 1997, p. 8.

Pryor, Shepard. Balancing the Extremes of the Credit Process with a 'Best Practices' Orientation. Vol. 85, No. 4, Credit World, pp.24-28.

Public Cost of Risk Rising. Risk Management, November 1998.

Putting words to work. Vol. 45, Risk Management, New York, November 1998, p. 18.

Rahardjo, Kay and Dowling, Mary Ann. A Broader Vision: Strategic Risk Management. Risk Management, September 1998, pp. 44-50.

Recognizing excellence. Vol. 44, Risk Management, New York, June 1997, pp. 24-25.

Risk management activities found lacking. Vol. 55, No. 3, 1998 UMI, Inc., Copyright Institute of Internal Auditors Inc. 1998 Internal Auditor, p.14.

Risk Management Communications. Risk Management, February 1997, p. 40.

Risk Management in the Australian Customs Service, Australian Customs Service.

Risk Management, Australian/New Zealand Standard, AS/NZS 4360:1995.

Risk Management: The role of the internal audit. Vol. 75, No. 8, 1997 UMI, Inc. and Chartered Institute of Management Accountants 1997, pp.42-43.

Risk Monitoring: Is the Process of Ensuring That Risks are Competently Managed within Approved Structures, Policies, Parameters and Authorities. NedBank - Annual Report, 1997.

Risk Report. Risk Management, December 1998, p. 8.

Rolin, Gary. Nuclear Fusion. Vol. 1, No. 2, Public Sector Risk Management, an Emap Business Publication, Autumn 1996, p. 12.

Rosser, Bill. Knowledge Management: Applying and Leveraging Information. Gartner Group, October 1998.

Sanderson, Scott. Taking stock of your risks, includes related article. Vol. 13; No. 4, 1997 Information Access Company, a Thomson Corporation Company, 1997 Financial Executives Institute Financial Executive, p.42.

Sanderson, Scott. Taking stock of your risks; includes related article. Vol. 13; No. 4, 1997 Information Access Company, a Thomson Corporation Company; 1997 Financial Executives Institute Financial Executive, p. 42.

Sandri, Praveen, Guin, Jayanta and Richardson, Beth. Catastrophe Modeling: A New Tool for Risk Managers. Risk Management, May 1998, pp. 29-31.

Sandwell risk manager makes full use of internet; Government information services. Vol. 1, No. 2, Public Sector Risk Management an Emap Business Publication, Autumn 1996, p. 6.

Saul, Jonathan. Tools or Toys. Vol. 5, No. 6, International Risk Management, June 1998, An Emap Business Publication, p. 29.

Saul, Jonathan. Trade Doubt for Certainty. Vol. 5, No. 8, International Risk Management, An Emap Business Publication, September 1998, p. 33.

Sawyer, Lawrence B. When the problem is management. Vol. 55, No. 4, 1998 UMI, Inc., Institute of Internal Auditors Inc. 1998, Internal Auditor, pp.33-38.

Saylor, Richard. Meet the risk manager. Risk Management, New York, October 1996.

Scherzer, Martin H. and Mackay, Robert. Risky business. Vol. 14, No. 5, 1998 UMI, Inc., Financial Executives Institute 1998, Financial Executive, pp.30-32.

Schneier, Robert and Jerry Miccolis. Enterprise Risk Management. Vol. 26, No. 2, Strategy & Leadership, p.10.

Schroeder, Stephanie. Alternative dispute resolution resources. Vol. 45, Risk Management, New York, June 1998, p. 10.

Schroeder, Stephanie. Risk management key notes. Vol. 46, Risk Management, New York, January 1999, p. 56.

Schroeder, Stephanie. The human factor. Vol. 46, Risk Management, New York, January 1999, p. 1.

Scott Lange. Going Full Bandwidth at Microsoft, Microsoft Corporation, Presented to the Global Council on Risk Management, The Conference Board, November 21, 1996.

Serb, Chris. Uncalculated risks. Vol. 71, No. 13, 1997 UMI, Inc. American Hospital Publishing Inc. 1997 Hospitals & Health Networks, pp.28-30.

Sharman, Richard. Revealing Risk Patterns. Vol. 5, No. 10, International Risk Management, An Emap Business Publication, November 1998, p. 29.

Shelley, Suzanne, David L. Russell and P.E., Global Environmental Operations. Getting a Handle On Risk Management. Vol. 105, No. 13; Engineering Practice; p. 114.

Sime Bank CEO Leaves, Sparking Talk of Friction. Business Times (Singapore), Reuter Textline, January 20, 1998.

Skilled, trained workers in short supply. Vol. 43, Risk Management, New York, October 1996, p. 9.

Small, Sheila L. What you can expect. Vol. 43, Risk Management, New York, October 1996, pp. R11-R13.

Smit, Barbara. Ahead of the Game. Vol. 6, No. 1, International Risk Management, An Emap Business Publication, December 1998/January 1999, p. 30.

Smit, Barbara. Profile: Alain Lemaire. Vol. 5, No. 8, International Risk Management, September 1998, An Emap Business Publication, p. 39.

Smit, Barbara. Profile: Pierre Sonigo. Vol. 5, No. 5, International Risk Management, An Emap Business Publication, May 1998, p. 35.

Sparrow, Adrian. Business Risk Management. Chartered Accountants Journal, April 1998, pp. 11-13.

Spies, John A. Advice from a risk manager. Vol. 44, Risk Management, New York, March 1997, pp. C3-C4.

Spinner, Karen. Institutions put value on risk practices; software for risk management and valuation methods; Industry Trend or Event. Vol. 15, No. 6, 1997 Information Access Company, Thomson Corporation Company, 1997 Miller Freeman Inc. Wall Street & Technology, p. 56.

Strickland, Katrina. Australia: CBA Criticism of Wallis Report "Almost Absurd", Australian, April 28, 1997, p. 19.

Study backs supports. Vol. 44, Risk Management, New York, April 1997, p. 14.

Study: Work pressures prompt unethical acts. Vol. 44, Risk Management, New York, September 1997, p. 6.

Terry Paradine. All Systems Go. Vol. 5, No. 10, International Risk Management, An Emap Business Publication, November 1998, p. 32.

The Auditor General. Comment by the Auditor General. Australian National Audit Office.

The Boston Consulting Group. Scenario Planning, Noranda Inc.

The business meeting is alive and well for now. Vol. 44, Risk Management, New York, September 1997, p. 6.

The Changing Face of Risk Management. Vol. 55, No.5, Internal Audit, pp.11-12.

Thomas, Tony. Australia: A Treasury of Cost-Efficiency. Business Review Weekly, December 7, 1998, p. 46.

Toxopolis, S. Risk Management in New Product Development: The Case of DAF Trucks. Vol. 6, Sigma (The Netherlands), December 1998, pp. 20-24.

Vaughan, Patricia C. Risk managers: Creating public policy and influencing legislation. Risk Management, New York, June 1996.

Vitale, Lou. The invisible threat. Vol. 45, Risk Management, New York, July 1998, pp. 42-45.

Wansink, Drs DE and Thijssen, VJ Integral Risk Management: Beyond V.A.R.No. 3, Controllers Magazine (The Netherlands), June/July 1997.

Waring, Dr. Alan. Iran: Facts and Fables. Vol. 4, No. 13, International Risk Management, An Emap Business Publication, March 1998, p. 35.

Warning Signs Diagnostic Exercise, 1996 Arthur Andersen LLP

Weinstein, Edward A. and Dennis C. Carey. 10 Best Practices. Vol. 22, No. 4, 1999 UMI., Directors & Boards, Summer 1998, p. 40.

West, Kathryn Z. Can they afford not to? Risk Management, New York, April 1996.

West, Kathryn Z. Part-time risk managers full-time risks. Risk Management, New York, June 1996.

West, Kathryn Z. Unlock the Power of Global Risk Management. Risk Management, October 1996, p. 4.

When in doubt, simulate. Vol. 45, Risk Management, New York, November 1998, pp. 44-49.

When Things Go Bad, Fast. Risk Management, December 1998, pp. 22-24.

White, Earl. New Zealand: Letter - Diary Board Defends its Forex Management. Independent business Weekly (NZ), September 9, 1998.

Williams, Todd L. An integrated approach to risk management. Vol. 43, Risk Management, New York, July 1997, p. 22.

World's Seventh Largest Electric Utility Selects Infinity's Panorama for Trading and Risk Management. BUSINESS WIRE PR Newswire Reuter Textline, July 2, 1998.

Zomer, Heather. The education of a rookie risk manager. Risk Management, New York, June 1996.

Appendix C

Interview Guide

Thank you very much for agreeing to participate in this important study. This document describes the study and the areas that we would like to discuss with you.

A. Study background

The federal government of Canada has recently initiated a project to provide guidance on risk management tools, techniques and practices to federal departments. Ultimately, this will help government employees to better understand, manage and communicate the risks (and related choices) encountered in providing service to Canadians.

The Treasury Board Secretariat has engaged KPMG Canada to identify best practices in risk management in private and public sector organizations in other countries. The focus of the study is on risk management practices that have been integrated into an organization's management, planning and decision-making processes. It is also interested in the strategies for planning, developing, implementing and monitoring risk management.

Not all risk management practices are "best practices". A "best practice" for risk management is a strategy, approach, method, tool or technique that was particularly effective in helping an organization achieve its objectives for managing risk. A best practice is also one which is expected to be of value to other organizations. For example, a practice that was particularly helpful in establishing guidance would be of value to any other organization that has a responsibility to provide guidance.

We are collecting best practice information in three areas:

  • Integrating risk management into other management practices.
  • Tools for integrating risk management.
  • Key disciplines and functions which use risk management.

We do not expect that your organization will have best practices in all the areas described above and further elaborated in Section B. There may be many "good practices". However, we would like to concentrate on the "best practices" in your organization. Also, we are looking for "lessons learned" from practices that proved to be more difficult than initially anticipated. We will ask you a few questions about your organization's overall approach to managing risk so we can understand the context for the best practices.

The information you provide about your operations will remain confidential. The focus of our report will be on the practices, not on the organizations. We would like your permission to identify the name of your organization as a participant in this study. Even if we cannot use your name, we appreciate your input in this study.

B. Potential best practices

We have listed below some practices under each area that would be of common interest. There may be other practices that we have not identified that may help your organization manage risk or achieve objectives. Even if the practice does not seem to fit into the structure we define below, please share it with us. Ultimately, a best practice is one which may have some value for another organization in managing risk.

1. Integrating risk management into management practices

These are practices for integrating risk management into your organization's management practices. For example, these would include practices for ensuring that:

  • The objectives and benefits of managing risk are defined and communicated throughout the organization.
  • There is shared responsibility for managing risks and for fostering commitment at each administrative level of the organization and at the level of its governing body.
  • The organization-wide risks are identified and evaluated to support management processes (planning, resource allocation and decision-making).
  • Managing risks may be achieved through a series of strategies ranging from:
  • For those risks that can be directly controlled, reducing the risk using an internal system of control (and the continuous improvement of this control system).
  • For those risks that can only be indirectly addressed, indirectly influencing the risks, sharing or partnering.
  • For those risks that cannot be controlled or influenced, accepting and monitoring them.
  • Managing risks is monitored and there is communication and reporting to senior management, governing bodies and key stakeholders.

Appendix A provides more detail on these practices.

2. Tools for integrating risk management in the organization

Tools are generally used for integrating risk management in an organization.

Examples of tools which could be of common interest are:

  • Conceptualizing and defining the sources of key business risks to the organization. It serves as a communication and reporting tool for the organization. This leads to a common understanding of its risk context which, in turn, promotes consistent and coherent analysis and communication of risks.
  • Establishing a Management of Risk Policy (or similar authoritative communication tool) to define the organization's overall approach to managing risks, responsibilities, reporting structures and periodic reviews.
  • Identifying a "Risk Champion" to provide leadership to risk management initiatives.
  • Using task forces, pilot projects and consultant advisors.
  • Issuing guidelines, providing training and developing coaches to help employees and local work teams to manage their risks.
  • Creating your own or using an existing standard such as the Canadian Standards Council Q850/97 Risk Management: Guideline for Decision-Makers.
  • Using automated (software) tools to aid in risk analysis.
  • Defining corporate parameters on risk concepts such as likelihood and severity.

3. Disciplines and functions that manage risks

There are many specialized disciplines and functions that manage risks at an operational level. The practices used to integrate risk management into these specialized disciplines and functions (and, in turn, into the overall organization) are of common interest.

Examples of these disciplines and functions are:

  • Planning
  • Auditing
  • Project management
  • Finance
  • Security
  • Insurance and asset management
  • Environmental protection
  • Hazardous waste management
  • Materiel management
  • Real property management
  • Information technology
  • Legal
  • Human resources
  • Intangibles (e.g., Goodwill)
  • Compliance and enforcement
  • Service delivery.

The study is interested in the management process used to initiate and implement specialized risk management within a given function, not the details of the actual specialized practice.

C. Interview guide

Here are the questions that we would like to discuss with you regarding your organization's risk management best practices.

1. Overview and context for risk management

  1. How does your organization define risk in the context of its business or environment?
  2. Does your organization have a general risk management objective which guides risk management activities?
  3. Do the objectives and values of managing risk represent a new way of doing business in your organization?
  4. What are the benefits of managing risk for your organization or area? (Consider: communication for commitment; enhancement of stakeholder value or achievement of objectives; measurement for improved management; support for accountability and governance; strengthening of the planning and decision-making process (such as communication or synergy); increased confidence of stakeholders; measurable returns on investments).

2. Integrating risk management into the management practices of your organization

Are there some best practices or lessons learned (obstacles overcome) that you would like to tell us about, keeping in mind the items we defined in Section B1 above, and in our Appendix, or any other practice for integration.

  1. Can you describe in general terms how your organization defines the objectives and values for managing risk and communicates them in the organization?
  2. Does your organization have a formal risk management policy?
  3. What are the key features/messages conveyed? (Consider:
    • Objectives/principles
    • Opportunity and risk taking
    • Risk coverage
    • Risk tolerances and risk limits
    • A supportive work environment (i.e. Tolerance for mistakes)
    • Integrating risk management with other management processes)
  4. How are risk tolerances established and managed (i.e. at the corporate or local level)?
  5. Can you describe in general terms how your organization reflects shared responsibility for managing risks and fostering commitment in your organization's governance and administrative bodies?
  6. What responsibilities do governing bodies of your organization (e.g., Board of Directors, Senior Management Committees, Ministers, etc.) and senior management have for managing risks? Are they held accountable? If so, how?
  7. How does the responsibility/accountability for managing risks flow through the organization (e.g., through management/administration levels, to all employees)? How are people held accountable?
  8. Are significant risks communicated to stakeholders? If so, how often, and in what context? Who communicates these to the stakeholders?
  9. a) Can you describe in general terms how your organization identifies and evaluates organization-wide risks?
    b) Once the risks are identified, how does this information support the management process (planning, resource allocation and decision-making)?
  10. What techniques and methods are used for identifying and evaluating risks? (Consider:
    • The types of risks
    • How risks are identified
    • How risks are quantified
    • How risks are prioritized)
  11. Are the techniques and methods easily understood and used by managers? (Consider: use of plain language and user-friendliness).
  12. Are the results of the evaluation integrated into existing management processes (e.g., planning, resource allocation and decision-making)? How?
  13. Does the evaluation consider stakeholders' view of risk and the opportunity costs of a risk that is not taken?
  14. To what extent has risk management supported change and cultural shifts in your organization?
  15. Can you describe in general terms how your organization manages or reduces risk through an internal system of control and other strategies?
  16. Have your strategies or processes for managing risks been changing? In what way?
  17. Are stakeholders, customers, suppliers or other external bodies involved in your risk management process? In what way?
  18. Can you describe in general terms how your organization monitors the process of managing risks and communicates and reports on this to senior management, the governing body and key stakeholders?
  19. Is the success in achieving risk management objectives monitored and measured?
  20. Does your organization use a specific structure/medium to report on risk management?
  21. What is the role of internal audit in your risk management program? (Consider: monitoring compliance; compliance and providing best practices improvement or advice, best practices, methods, etc.)

3. Implementing risk management in your organization

Are there some best practices or lessons learned (obstacles overcome) that you would like to relate to us, reflecting on the practices listed in Section B2 above and in our Appendix, or any other practice for implementation? Do you have examples of tools that should not be used?

  1. Can you describe in general terms how your organization implements risk management? (Refer to the tools described in Section B pages 3 and 4).
  2. Have any tools been particularly effective? Why?

4. Disciplines and functions that manage risks

  1. Are there disciplines and functions within your organization which manage risks at an operational level? Which ones?
  2. Are there best practices/lessons learned (obstacles overcome) associated with the management process used to initiate and implement risk management in this/these disciplines and functions?

Are there any documents that you can provide to us to help us understand your risk management practices?

Can we call you again if we need to clarify or elaborate on your responses?

Are there any articles or publications that you found particularly useful in your risk management activities? (List)

Components of Risk Management

This elaborates on the practices for integrating risk management into the management practices of an organizaton.

The practices should ensure that:

  • The objectives and benefits of managing risk are defined and communicated throughout the organization:
    • Risk tolerance and limits
    • Opportunity and risk taking
    • Risk Coverage
    • Integration in management processes.
  • There is shared responsibility for managing risks and for fostering commitment at each administrative level of the organization and at the level of its governing body:
    • Role and responsibilities
    • Governance
    • Commitment.
  • The organization-wide risks are identified and evaluated to support the management processes (planning, resource allocation and decision-making):
    • Scope: types of risks
    • Identification of risks
    • Evaluation of probability of frequency and of impact
    • Quantification and prioritization.
  • The internal system of control and its continuous improvement is used to lessen or manage risks:
    • Control Framework (e.g. CoCo, COSO, etc.)
    • Strategies to directly mitigate risks while following-up/pursuing opportunities
    • Strategies to indirectly influence or to share risks by partnering, insuring, etc.
    • Decisions to accept risks beyond control or influence, and simply enhance monitoring and reporting frequency, while putting contingency plans in place
    • Continuous reassessment of residual risks, plus ongoing updating of strategies.
  • Risk management is monitored and there is communication and reporting to senior management, to the governing body and to the key stakeholders:
    • Quality of information
    • Communication
    • Internal and external audit
    • Reporting: to senior management, to governing body, to external stakeholders.

Appendix D

Criteria For Assessing Applicability Of Best Practices To The Canadian Federal Government

  • Has broad applicability, beyond the protection of assets and people
  • Fosters a supportive work environment
  • Supports innovation
  • Improves service delivery, e.g., efficiency, effectiveness
  • Improves access to government/government services
  • Facilitates management decision-making
  • Promotes sound resource allocation
  • Is easily understood and used (plain language, user-friendliness)
  • Helps managers understand the context and implications of risk
  • Demonstrates communication/involvement with stakeholders
  • Facilitates cultural shifts and change management
  • Builds on existing knowledge, lessons learned in the organization
  • Considers opportunity costs
  • Has a clear and potentially applicable accountability or governance framework
  • Makes effective use of audit and evaluation resources
  • Links horizontally in the organization
  • Integrates well with the existing management framework, processes and practices


Date Modified: 1999-04-27
 
Return to Top of Page
 Top of Page
Important Notices