Integrated Risk Management Framework

Embed Size (px)

Text of Integrated Risk Management Framework

  • 8/12/2019 Integrated Risk Management Framework


    Integrated Risk Management FrameworkTools & Resources

    President's Message

    In March 2000, I had the pleasure of tabling the Government of Canada's nemanagement frame or!, entitled Results for Canadians " It outlines ho e aremoderni#ing management practices in order to ma!e the Government of Canada moreciti#en$focused and better prepared to meet Canadians'changing needs and priorities"This Integrated Risk Management Framework is an essential part of these moderni#ationefforts"

    In an increasingl% comple public polic% environment, it is important that ublic (erviceemplo%ees are encouraged to approach their or! ith creativit% and a desire toinnovate" )t the same time, ho ever, e must recogni#e and respect the need to beprudent in protecting the public interest and maintaining public trust" )chieving thisbalance is hat this Integrated Risk Management Framework is all about"

    This frame or! is a practical guide to assist public service emplo%ees in their decision$ma!ing" )t the organi#ational level, it ill help departments and agencies to thin! morestrategicall% and improve their abilit% to set common priorities" )t the individual level, itill help all emplo%ees to develop ne s!ills and ill strengthen their abilit% to anticipate,assess and manage ris!"

    I invite %ou to read the frame or! and ma!e use of the concepts, guidelines ande amples that relate to %our particular needs" I am confident that this frame or! illlead to the adoption of a more holistic approach to ris! management and foster a or!ingenvironment hich supports emplo%ees in pursuing ne and innovative a%s to betterserve Canadians"

    The paper version as signed b%

    *ucienne Robillard

    resident of the Treasur% +oard


    The Integrated Ris! Management rame or! delivers on the commitment set out inResults for Canadians-A Management Framework for the Government of Canada -March2000. to strengthen ris! management practices ithin the ublic (ervice" In doing so,the Integrated Ris! Management rame or! supports the four management

    commitments outlined in Results for Canadians / citi#en focus, values, results andresponsible spending" The Integrated Ris! Management rame or! advances a citi#enfocus b% strengthening decision$ma!ing in the public interest and placing more emphasison consultation and communication" (imilarl%, it respects core public service values suchas honest%, integrit% and probit% at all levels, and contributes to improved results b%managing ris! proactivel%" Integrated ris! management also supports a hole$of$government vie grounded in rational priorit% setting and principles of responsiblespending"
  • 8/12/2019 Integrated Risk Management Framework


    The need for more affordable and effective government combined ith trends to ardsrevitali#ing human resources capacit% and redesigning service deliver% are dramaticall%affecting the structure and culture of public organi#ations" The faster pace and need forinnovation, combined ith significant ris!$based events from computer failures to naturaldisasters, has focused attention on ris! management as essential in sound decision$ma!ing and accountabilit%"

    Responding to the need to strengthen ris! management as a priorit% on the governmentmanagement agenda, the Treasur% +oard of Canada (ecretariat -the (ecretariat. ledresearch and consultations on ris! management in collaboration ith federalorgani#ations, academics and private interests" The results highlighted the need for acommon understanding of ris! management and a more corporate, s%stematic approach"Informed b% !no ledge and e perience from the public and private sectors in Canadaand internationall%, the (ecretariat and its partners collaborated on the development ofan Integrated Ris! Management rame or!"

    This rame or! is designed to advance the development and implementation of modernmanagement practices and to support innovation throughout the federal ublic (ervice" Itprovides a comprehensive approach to better integrate ris! management into strategic


    The rame or! provides an organi#ation ith a mechanism to develop an overallapproach to manage strategic ris!s b% creating the means to discuss, compare andevaluate substantiall% different ris!s on the same page" It applies to an entireorgani#ation and covers all t%pes of ris!s faced b% that organi#ation -e"g", polic%,operational, human resources, financial, legal, health and safet%, environment,reputational."

    The purpose of the Integrated Ris! Management rame or! is to/

    provide guidance to advance the use of a more corporate and s%stematicapproach to ris! management

    contribute to building a ris!$smart or!force and environment that allo s forinnovation and responsible ris!$ta!ing hile ensuring legitimate precautions areta!en to protect the public interest, maintain public trust, and ensure duediligence and

    propose a set of ris! management practices that departments can adopt, oradapt, to their specific circumstances and mandate"

    )pplication of the rame or! is designed to strengthen management practices, decision$ma!ing and priorit% setting to better respond to citi#ens'needs" Moreover, practisingintegrated ris! management is e pected to support the desired cultural shift to a ris!$smart or!force and environment" More specificall%, it is anticipated that implementationof the rame or! ill/

    support the government's governance responsibilities b% ensuring thatsignificant ris! areas associated ith policies, plans, programs and operations areidentified and assessed, and that appropriate measures are in place to addressunfavourable impacts and to benefit from opportunities

    improve results through more informed decision$ma!ing, b% ensuring thatvalues, competencies, tools and a supportive environment form the foundation forinnovation and responsible ris!$ta!ing, and b% encouraging learning frome perience hile respecting parliamentar% controls

  • 8/12/2019 Integrated Risk Management Framework


    strengthen accountability b% demonstrating that levels of ris! associated ithpolicies, plans, programs and operations are e plicitl% understood, and thatinvestment in ris! management measures and sta!eholder interests are optimall%balanced and

    enhance stewardship b% strengthening public service capacit% to safeguardpeople, government propert% and interests"

    Integrated ris! management respects and builds on core public service values" 1utcomesof applied integrated ris! management must be ethical, honest and fair respect la s,government authorities and departmental policies and result in prudent use of resources"

    The Integrated Ris! Management rame or! responds to the recommendationscontained in the Report of the Independent Review Panel on Modernization ofComptrollership in the Government of Canada - 334., hich ere approved b% Treasur%+oard ministers" The report highlights a ne guiding philosoph% for comptrollership" Thisne philosoph% combines a strong commitment to four !e% elements/ performancereporting -financial and non$financial. sound ris! management the application of anappropriate s%stem of control and reporting and values and ethics" In identif%ing as apriorit% the strengthening of ris! management across the ublic (ervice, the reportstressed the need for/

    5""" e ecutives and emplo%ees 6to be7 ris! attuned$not onl% identif%ing but alsomanaging ris!s """5

    5""" matching more creative and client$driven decision ma!ing and businessapproaches ith solid ris! management"""5 and

    5""" creating an environment in hich ta!ing ris!s and the conse8uences of doingso are handled ithin a mature frame or! of delegation, re ards and sanctions"5

    The rame or! builds on e isting ris! management practices, reflects current thin!ing,best practices and the value of ell$recogni#ed principles for ris! management" It islin!ed ith other federal ris! management initiatives across government, including recentefforts to strengthen internal audit and increase focus on monitoring" Ris! managementframe or!s are also being developed in areas such as legal ris! management and theprecautionar% approach" In addition, the Integrated Ris! Management rame or!complements the concepts and approach described in the riv% Council 1ffice report$ RiskManagement for Canada and Canadians: Report of the A M !orking Group on RiskManagement -2000." Collectivel%, these individual initiatives are contributing tostrengthening ris! management across the federal government in line ith moderncomptrollership and to improving practices in managing ris! from a hole$of$governmentperspective"

    Management Challenges

    In toda%'s orld, change and uncertaint% are constants" 9ith increased demand b%parliamentarians for greater transparenc% in decision$ma!ing, better educated anddiscerning citi#ens, globali#ation, technological advances, and numerous other factors,adapting to change and uncertaint% hile striving for operating efficienc% is afundamental part of the ublic (ervice" (uch an environment re8uires a stronger focus onintegrated ris! management practices ithin organi#ations in order to strategicall% dealith uncertaint%, capitali#e upon opportunities, and inform and increase involvement ofsta!eholders -including parliamentarians., to ensure better decisions in the future"

  • 8/12/2019 Integrated Risk Management Framework


    The challenge for the ublic (ervice of Canada is to approach ris! management in a moreintegrated and s%stematic a% that includes greater emphasis on consultation andcommunication ith sta!eholders and the public at large" In meeting this challenge, theublic (ervice can fulfill its increased responsibilit% to demonstrate sound decision$ma!ing, in line ith increasing e pectations of due diligence, more intense public andmedia scrutin%, and initiatives for transparenc% and open government" Ris! managementis no seen as an organi#ation$ ide issue that, as one of several co$ordinated initiatives,ill improve decision$ma!ing, enabling the shift to results$based management"Integrated ris! management re8uires loo!ing across all aspects of an organi#ation tobetter manage ris!" 1rgani#ations that manage ris! organi#ation$ ide have a greaterli!elihood of achieving their ob:ectives and desired results" ;ffective ris! managementminimi#es losses and negative outcomes and identifies opportunities to improve servicesto sta!eholders and the public at large"

    ) s%stematic, integrated but adaptable approach to ris! management re8uires anorgani#ation to build capacit% to address ris! e plicitl%, to increase the organi#ation's andsta!eholders'confidence in its abilit% to achieve its goals" It contributes to better use oftime and resources, improved team or! and strengthened trust through sharing anal%sesand actions ith partners" In emphasi#ing the need for more active and fre8uentconsultation and ris! communication, an integrated approach to ris! management leadsto shared responsibilit% for managing ris!" It also increases confidence in theorgani#ation's process, and improves public and sta!eholder understanding of trade$offs"

    Developing a Risk- mart !ork"orce and #nvironment

    )pplication of the Integrated Ris! Management rame or!, in con:unction ith relatedris! management activities, ill support a cultural shift to a ris!$smart or!force andenvironment in the ublic (ervice" (uch an environment is one that supports responsibleris! management, here ris! management is built into e isting governance andorgani#ational structures, and planning and operational processes" )n essential elementof a ris!$smart environment is to ensure that the or!place has the capacit% and tools tobe innovative hile recogni#ing and respecting the need to be prudent in protecting thepublic interest and maintaining public trust"

  • 8/12/2019 Integrated Risk Management Framework


    There are three critical concepts that are cornerstones of the Integrated Ris!Management rame or!/ ris!, ris! management and integrated ris! management" Theseconcepts are elaborated on belo "


    Ris! is unavoidable and present in virtuall% ever% human situation" It is present in ourdail% lives, public and private sector organi#ations"

  • 8/12/2019 Integrated Risk Management Framework


    Ris! management is not ne in the federal public sector" It is an integral component ofgood management and decision$ma!ing at all levels" )ll departments manage ris!continuousl% hether the% reali#e it or not$sometimes more rigorousl% ands%stematicall%, sometimes less so" More rigorous ris! management occurs most visibl% indepartments hose core mandate is to protect the environment and public health andsafet%"

    )s ith the definition of ris!, there are e8uall% man% accepted definitions of ris!management in use" (ome describe ris! management as the decision $ma!ing process,e cluding the identification and assessment of ris!, hereas others describe ris!management as the complete process, including ris! identification, assessment anddecisions around ris! issues" or e ample, the riv% Council 1ffice's report refers to ris!management as 5the process for dealing ith uncertaint% ithin a public polic%environment5 6=7

    or the purposes of the Integrated Ris! Management rame or!/

    Risk management is a systematic approach to setting the best course o" actionunder uncertainty by identi"ying) assessing) understanding) acting on and

    communicating risk issues%

    In order to appl% ris! management effectivel%, it is vital that a ris! management culturebe developed" The ris! management culture supports the overall vision, mission andob:ectives of an organi#ation" *imits and boundaries are established and communicatedconcerning hat are acceptable ris! practices and outcomes"

    (ince ris! management is directed at uncertaint% related to future events and outcomes,it is implied that all planning e ercises encompass some form of ris! management" Thereis also a clear implication that ris! management is ever%one's business, since people atall levels can provide some insight into the nature, li!elihood and impacts of ris!"

    Ris! management is about ma!ing decisions that contribute to the achievement of anorgani#ation's ob:ectives b% appl%ing it both at the individual activit% level and infunctional areas" It assists ith decisions such as the reconciliation of science$basedevidence and other factors costs ith benefits and e pectations in investing limitedpublic resources and the governance and control structures needed to support duediligence, responsible ris!$ta!ing, innovation and accountabilit%"

    Integrated Risk Management

    The current operating environment is demanding a more integrated ris! managementapproach" It is no longer sufficient to manage ris! at the individual activit% level or infunctional silos" 1rgani#ations around the orld are benefiting from a morecomprehensive approach to dealing ith all their ris!s"

    Toda%, organi#ations are faced ith man% different t%pes of ris! -e"g", polic%, program,operational, pro:ect, financial, human resources, technological, health, safet%, political."Ris!s that present themselves on a number of fronts as ell as high level, high $impactris!s demand a co$ordinated, s%stematic corporate response"

    Integrated Ris! Management
  • 8/12/2019 Integrated Risk Management Framework


    59hatever name the% put on it$business """ holistic """ strategic """ enterprise$leadingorgani#ations around the orld are brea!ing out of the 'silo mentalit%'and ta!ing acomprehensive approach to dealing ith all the ris!s the% face"5

    $To ers errin

    or the purposes of the Integrated Ris! Management rame or!/

    Integrated risk management is a continuous) proactive and systematic processto understand) manage and communicate risk "rom an organi ation-wideperspective% It is about making strategic decisions that contribute to theachievement o" an organi ation's overall corporate ob(ectives%

    Integrated ris! management re8uires an ongoing assessment of potential ris!s for anorgani#ation at ever% level and then aggregating the results at the corporate level tofacilitate priorit% setting and improved decision$ma!ing" Integrated ris! managementshould become embedded in the organi#ation's corporate strateg% and shape theorgani#ation's ris! management culture" The identification, assessment and managementof ris! across an organi#ation helps reveal the importance of the hole, the sum of theris!s and the interdependence of the parts"

    Integrated ris! management does not focus onl% on the minimi#ation or mitigation ofris!s, but also supports activities that foster innovation, so that the greatest returns canbe achieved ith acceptable results, costs and ris!s" Integrated ris! management strivesfor the optimal balance at the corporate level"

    The Government of Canada has alread% used an integrated ris! management approach tomanage ris! related to >2? and is currentl% appl%ing the approach to other ma:orinitiatives such as Government 1n$*ine and rogram Integrit%"

    *n Integrated Risk Management Framework

    The Integrated Ris! Management rame or! provides guidance to adopt a more holisticapproach to managing ris!" The application of the rame or! is e pected to enableemplo%ees and organi#ations to better understand the nature of ris!, and to manage itmore s%stematicall%"

    Four #lements and +heir #&pected Results

    The Integrated Ris! Management rame or! is comprised of four related elements" Theelements, and a s%nopsis of the e pected results for each, are presented belo " urtherdetails on the conceptual and functional aspects of the rame or! are provided insubse8uent sections of this document"

    #lement , Developing the Corporate Risk Pro"ile

    the organi#ation's ris!s are identified through environmental scanning

    current status of ris! management ithin the organi#ation is assessed and

    the organi#ation's ris! profile is identified"

    #lement . #stablishing an Integrated Risk Management Function

  • 8/12/2019 Integrated Risk Management Framework


    management direction on ris! management is communicated, understood andapplied

    approach to operationali#e integrated ris! management is implemented throughe isting decision$ma!ing and reporting structures and

    capacit% is built through development of learning plans and tools"

    #lement / Practising Integrated Risk Management

    a common ris! management process is consistentl% applied at all levels

    results of ris! management practices at all levels are integrated into informeddecision$ma!ing and priorit% setting

    tools and methods are applied and

    consultation and communication ith sta!eholders is ongoing"

    #lement 0 #nsuring Continuous Risk Management 1earning

    a supportive or! environment is established here learning from e perience isvalued, lessons are sharedlearning plans are built into an organi#ation's ris! management practices

    results of ris! management are evaluated to support innovation, learning andcontinuous improvement and

    e perience and best practices are shared, internall% and across government"

    The four elements of the Integrated Ris! Management rame or! are presented as the%might be applied/ loo!ing out ard and across the organi#ation as ell as at individualactivities" This comprehensive approach to managing ris! is intended to establish therelationship bet een the organi#ation and its operating environment, revealing theinterdependencies of individual activities and the hori#ontal lin!ages"

    9hile it is ac!no ledged that some departments are more advanced than others inmoving to ards the implementation of an integrated ris! management approach, there isgro ing appreciation across the ublic (ervice of the need to strengthen ris!management practices and develop a more strategic and corporate$ ide focus"Implementing integrated ris! management ill depend largel% on an organi#ation's stateof readiness, overall priorities and the level of effort necessar% to implement the variouselements" )s a result, developing a more mature ris! management environment illre8uire sustained commitment and ill evolve over time" This rame or! is a step inestablishing the foundation for integrated ris! management in the public sector" It isac!no ledged that to support and facilitate implementation, the development of specifictools and guidelines as ell as sharing of best practices and lessons learned ill bere8uired"

    #lement , Developing the Corporate Risk Pro"ile

    ) broad understanding of the operating environment is an important first step indeveloping the corporate ris! profile"

  • 8/12/2019 Integrated Risk Management Framework


    In building the corporate ris! profile, information and !no ledge at both the corporateand operational levels is collected to assist departments in understanding the range ofris!s the% face, both internall% and e ternall%, their li!elihood and their potential impacts"In addition, identif%ing and assessing the e isting departmental ris! managementcapacit% and capabilit% is another critical component of developing the corporate ris!profile"

    )n organi#ation can e pect three !e% outcomes as a result of developing the corporateris! profile/

    Threats and opportunities are identified through ongoing internal and e ternalenvironmental scans, anal%sis and ad:ustment"

    Current status of ris! management ithin the organi#ation is [email protected], capacit%, practices, culture$ and recogni#ed in planningorgani#ation$ ide management of ris! strategies"

    The organi#ation's ris! profile is identified$!e% ris! areas, ris! tolerance, abilit%and capacit% to mitigate, learning needs"

    #&ternal and Internal #nvironmentThrough the environmental scan, !e% e ternal and internal factors and ris!s influencingan organi#ation's polic% and management agenda are identified" Identif%ing ma:or trendsand their variation over time is particularl% relevant in providing potential earl% arnings"(ome e ternal factors to be considered for potential ris!s include/

    Political the influence of international governments and other governing bodies

    #conomic international and national mar!ets, globali#ation

    ocial ma:or demographic and social trends, level of citi#en engagement and

    +echnological ne technologies"

    Internall%, the follo ing factors are considered relevant to the development of anorgani#ation's ris! profile/ the overall management frame or! governance andaccountabilit% structures values and ethics operational or! environment individualand corporate ris! management culture and tolerances e isting ris! managemente pertise and practices human resources capacit% level of transparenc% re8uired andlocal and corporate policies, procedures and processes"

    The environmental scan increases the organi#ation's a areness of the !e% characteristicsand attributes of the ris!s it faces" These include/

    type o" risk technological, financial, human resources -capacit%, intellectualpropert%., health, safet%

    source o" risk e ternal -political, economic, natural disasters. internal-reputation, securit%, !no ledge management, information for decision ma!ing.

    what is at risk area of [email protected]%pe of e posure -people, reputation, programresults, materiel, real propert%. and

    level o" ability to control the risk high -operational. moderate -reputation.lo -natural disasters."

  • 8/12/2019 Integrated Risk Management Framework


    )n organi#ation's ris! profile identifies !e% ris! areas that cut across the organi#ation-functions, programs, s%stems. as ell as individual events, activities or pro:ects thatcould significantl% influence the overall management priorities, performance, andreali#ation of organi#ational ob:ectives"

    The environmental scan assists the department in establishing a strategic direction for

    managing ris!, ma!ing appropriate ad:ustments in decisions and actions" It is an ongoingprocess that reinforces e isting management practices and supports the attainment ofoverall management e cellence"

    *ssessing Current Risk Management Capacity

    In assessing internal ris! management capacit%, the mandate, governance and decision$ma!ing structures, planning processes, infrastructure, and human and financial resourcesare e amined from the perspective of ris!" The assessment re8uires an e amination ofthe prevailing ris! management culture, ris! management processes and practices todetermine if ad:ustments are necessar% to deal ith the evolving ris! environment"

    urthermore, the follo ing factors are considered !e% in assessing an organi#ation'scurrent ris! management capacit%/ individual factors -!no ledge, s!ills, e perience, ris!tolerance, propensit% to ta!e ris!. group factors -the impact of individual ris! tolerancesand illingness to manage ris!. organi#ational factors -strategic direction, stated orimplied ris! tolerance. as ell as e ternal factors -elements that affect particular ris!decisions or ho ris! is managed in general."

    Risk +olerance

    )n a areness and understanding of the current ris! tolerances of various sta!eholders isa !e% ingredient in establishing the corporate ris! profile" The environmental scan illidentif% sta!eholders affected b% an organi#ation's decisions and actions, and their degreeof comfort ith various levels of ris!" Anderstanding the current state of ris! tolerance of

    citi#ens, parliamentarians, interest groups, suppliers, as ell as other governmentdepartments ill assist in developing a ris! profile and ma!ing decisions on hat ris!smust be managed, ho , and to hat e tent" It ill also help identif% the challengesassociated ith ris! consultations and communication"

    In the ublic (ervice, citi#ens'needs and e pectations are paramount" or e ample, mostciti#ens ould li!el% have a lo ris! tolerance for public health and safet% issues -in:uries,fatalities., or the loss of Canada's international reputation" 1ther ris! tolerances forissues such as pro:ect dela%s and slo er service deliver% ma% be less obvious and ma%re8uire more consultation"

    In general, there is lo er ris! tolerance for the un!no n, here impacts are ne ,unobservable or dela%ed" There are higher ris! tolerances here people feel more incontrol -for e ample, there is usuall% a higher ris! tolerance for automobile travel thanfor air travel."

    Ris! tolerance can be determined through consultation ith affected parties, or b%assessing sta!eholders'response or reaction to var%ing levels of ris! e posure" Ris!tolerances ma% change over time as ne information and outcomes become available, associetal e pectations evolve and as a result of sta!eholder engagement on trade$offs"+efore developing management strategies, a common approach to the assessment of ris!tolerance needs to be understood organi#ation$ ide"

  • 8/12/2019 Integrated Risk Management Framework


  • 8/12/2019 Integrated Risk Management Framework


    1b:ectives and strategies for ris! management are designed to complement theorgani#ation's e isting vision and goals" In establishing an overall ris! managementdirection, a clear vision for ris! management is articulated and supported b% policies andoperating principles" The polic% ould guide emplo%ees b% describing the ris!management process, establishing roles and responsibilities, providing methods formanaging ris!, as ell as providing for the evaluation of both the ob:ectives and resultsof ris! management practices"

    Integrating Risk Management into Decision Making

    ;ffective ris! management cannot be practised in isolation, but needs to be built intoe isting decision$ma!ing structures and processes" )s ris! management is an essentialcomponent of good management, integrating the ris! management function into e istingstrategic management and operational processes ill ensure that ris! management is anintegral part of da%$to$da% activities" In addition, organi#ations can capitali#e on e istingcapacit% and capabilities -e"g", communications, committee structures, e isting roles andresponsibilities, etc".

    9hile each organi#ation ill find its o n a% to integrate ris! management into e istingdecision$ma!ing structures, the follo ing are factors that ma% be considered/

    aligning ris! management ith ob:ectives at all levels of the organi#ation

    introducing ris! management components into e isting strategic planning andoperational processes

    communicating corporate directions on acceptable level of ris! and

    improving control and accountabilit% s%stems and processes to ta!e into accountris! management and results"

    The integration of ris! management into decision$ma!ing is supported b% a corporatephilosoph% and culture that encourages ever%one to manage ris!s" This can be

    accomplished in a number of a%s, such as/

    see!ing e cellence in management practices, including ris! management

    having senior managers champion ris! management

    encouraging innovation, hile providing guidance and assistance in situations thatdo not turn out favourabl%

    encouraging managers to develop !no ledge and s!ills in ris! management

    including ris! management as part of emplo%ees'performance appraisals

    introducing incentives and re ards and

    recruiting on ris! management abilit% as ell as e perience"

    Reporting on Per"ormanceThe development of evaluation and reporting mechanisms for ris! management activitiesprovides feedbac! to management and other interested parties in the organi#ation andgovernment$ ide" The results of these activities ensure that integrated ris! managementis effective in the long term" (ome of these activities could fall to functional groups in theorgani#ation responsible for revie and audit" Responsibilit% ma% also be assigned tooperational managers and emplo%ees to ensure that information affecting ris! that iscollected as part of local reporting or practices is incorporated into the environmentalscanning process" Reporting could ta!e place through normal management channels

  • 8/12/2019 Integrated Risk Management Framework


    -performance reporting, ongoing monitoring, appraisal. as part of the advisor% andchallenge functions associated ith ris! management"

    Reporting facilitates learning and improved decision$ma!ing b% assessing both successesand failures, monitoring the use of resources, and disseminating information on bestpractices and lessons learned" 1rgani#ations should evaluate the effectiveness of their

    integrated ris! management processes on a periodic basis" In collaboration ithdepartments, the Treasur% +oard of Canada (ecretariat ill revie the effectiveness ofthe Integrated Ris! Management rame or! and ma!e the necessar% ad:ustments toensure sustained progress in building a ris!$smart or!force and environment"

    2uilding 3rgani ational Capacity

    +uilding ris! management capacit% is an ongoing challenge even after integrated ris!management has become firml% entrenched" ;nvironmental scanning ill continue toidentif% ne areas and activities that re8uire attention, as ell as the ris! managements!ills, processes, and practices that need to be developed and strengthened"

    1rgani#ations need to develop their o n capacit% strategies based on their specificsituation and ris! e posure" The implementation of the Integrated Ris! Managementrame or! ill be further supported b% the Treasur% +oard of Canada (ecretariat, hich,through a centre of e pertise, ill provide overall guidance, advice and share bestpractices"

    To build capacit% for ris! management, there needs to be a focus on t o !e% areas/human resources, and tools and processes at both the corporate and local levels" The ris!profile ill identif% the organi#ation's e isting strengths and ea!nesses vis$B$viscapacit%" )reas that ma% re8uire attention include/

    4uman Resources

    building a areness of ris! management initiatives and culturebroadening s!ills base through formal training including appropriate applicationsand tools

    increasing !no ledge base b% sharing best practices and e periences and

    building capacit%, capabilities and s!ills to or! in teams"

    +ools and Processes

    developing and adopting corporate ris! management tools, techni8ues, practicesand processes

    providing guidance on the application of tools and techni8ues

    allo ing for development [email protected] the use of alternative tools and techni8ues thatma% be better suited to managing ris! in speciali#ed applications and

    adopting processes to ensure integration of ris! management across theorgani#ation"

    #lement / Practising Integrated Risk Management

  • 8/12/2019 Integrated Risk Management Framework


    Implementing an integrated ris! management approach re8uires a management decisionand sustained commitment, and is designed to contribute to the reali#ation oforgani#ational ob:ectives" Integrated ris! management builds on the results of anenvironmental scan and is supported b% appropriate corporate infrastructure"

    The follo ing outcomes are e pected for practising integrated ris! management/

    A departmental risk management pro"ess is "onsistentl( applied at all levels#where risks are understood# managed and "ommuni"ated$

    Results of risk management pra"ti"es at all levels are integrated into informedde"ision-making and priorit( setting-strategi"# operational# management and

    performan"e reporting$

    )ools and methods are applied as aids to make de"isions$

    Consultation and "ommuni"ation with stakeholders is ongoing-internal ande%ternal$

    * Common Process

    ) common, continuous ris! management process assists an organi#ation inunderstanding, managing and communicating ris!" Continuous ris! management hasseveral steps" ;mphasis on various points in the process ma% var%, as ma% the t%pe,rigour or e tent of actions considered, but the basic steps are similar" In the e hibits thatfollo , ; hibit illustrates an e ample of a continuous ris! management process thatfocuses on an integrated approach to ris! management, hile ; hibit 2 presents a ris!management decision$ma!ing process in the conte t of public polic%"

    #&hibit , * Common Risk Management Process

  • 8/12/2019 Integrated Risk Management Framework


    erforming a sta!eholder anal%sis -determining ris! tolerances, sta!eholderposition, attitudes."

    Risk *ssessment

    .% *ssessing $ey Risk *reas

    )nal%#ing conte [email protected] of environmental scan and determining t%[email protected] ris! to be addressed, significant organi#ation$ ide issues, and vital local issues"

    /% Measuring 1ikelihood and Impact

  • 8/12/2019 Integrated Risk Management Framework


    1rgani#ations ma% var% the basic steps and supporting tas!s most suited to achievingcommon understanding and implementing consistent, efficient and effective ris!management" ) focused, s%stematic and integrated approach recogni#es that alldecisions involve management of ris!, hether in routine operations or for ma:orinitiatives involving significant resources" It is important that the ris! managementprocess be applied at all levels, from the corporate level to programs and ma:or pro:ectsto local s%stems and operations" 9hile the process allo s tailoring for different uses,having a consistent approach ithin an organi#ation assists in aggregating information todeal ith ris! issues at the corporate level"

    #&hibit . Risk Management in Public Policy * Decision-Making Process

  • 8/12/2019 Integrated Risk Management Framework


    Ancertaint% in science, together ith competing polic% interests -includinginternational obligations. has led to increased focus on the pre"autionar(approa"h "

    ) decision$ma!ing process does not o""ur in isolation $the public nature andcomple it% of man% government polic% issues means that certain factors, such ascommunications and consultation activities, legal considerations, and ongoing

    operational activities, re8uire active consideration at each stage of the process"

    Integrating Results "or Risk Management into Practices at all1evels

    The results of ris! management are to be integrated both hori#ontall% and verticall% intoorgani#ational policies, plans and practices" Dori#ontall%, it is important that results beconsidered in developing organi#ation$ ide policies, plans and priorities" Eerticall%,functional units, such as branches and divisions, need to incorporate these results intoprograms and ma:or initiatives"

    In practice, the ris! assessment and response to ris! ould be considered in developing

    local business plans at the activit%, division or regional level" These plans ould then beconsidered at the corporate level, and significant ris!s -hori#ontal or high$impact ris!s.ould be incorporated into the appropriate corporate business, functional or operationalplan"

    The responsibilit% centre providing the advisor% and 5corporate challenge5 functions canadd value to this process, since ne ris!s might be identified and ne ris! managementstrategies re8uired after the roll$up" There needs to be a s%nerg% bet een the overall ris!management strateg% and the local ris! management practices of the organi#ation"

    ;ach function or activit% ould have to be e amined from three standpoints/

    its purpose ris! management ould loo! at decision$ma!ing, planning, andaccountabilit% processes as ell as opportunities for innovationits level different approaches are re8uired based on hether a function oractivit% is strategic, management or operational and

    the relevant discipline the ris!s involved ith technolog%, finance, humanresources, and those regarding legal, scientific, regulator%, [email protected] health andsafet% issues"

    +ools and Methods

    )t a technical level, various tools and techni8ues can be used for managing ris!" Thefollo ing are some e amples/

    risk maps summar% charts and diagrams that help organi#ations identif%,discuss, understand and address ris!s b% portra%ing sources and t%pes of ris!sand disciplines [email protected]

    modelling tools such as scenario anal%sis and forecasting models to sho therange of possibilities and to build scenarios into contingenc% plans

    "ramework on the precautionary approach a principle$based frame or! thatprovides guidance on the precautionar% approach in order to improve the

  • 8/12/2019 Integrated Risk Management Framework


    predictabilit%, credibilit% and consistenc% of its application across the federalgovernment

    :ualitative techni:ues such as or!shops, 8uestionnaires, and self$assessment to identif% and assess ris!s and

    Internet and organi ational Intranets promote ris! a areness andmanagement b% sharing information internall% and e ternall%"

    ; hibit = provides an e ample of a ris! management model" In this model, one canassess here a particular ris! falls in terms of li!elihood and impact and establish theorgani#ational strateg%@response to manage the ris!"

    #&hibit / * Risk Management Model

  • 8/12/2019 Integrated Risk Management Framework


    Communication of ris! and consultation ith interested parties are essential to supportingsound ris! management decisions" In fact, communication and consultation must beconsidered at ever% stage of the ris! management process"

    ) fundamental re8uirement for practising integrated ris! management is the developmentof plans, processes and products through ongoing consultation and communication ith

    sta!eholders -both internal and e ternal. ho ma% be involved in or affected b% anorgani#ation's decisions and actions"

    Consultation and proactive citi#en engagement ill assist in bridging gaps bet eenstatistical evidence and perceptions of ris!" It is also important that ris! communicationpractices anticipate and respond effectivel% to public concerns and e pectations" )citi#en's re8uest for information presents an opportunit% to communicate about ris! andthe management of ris!"

    In the public sector conte t, some high$profile ris! issues ould benefit from proactivel%involving parliamentarians in particular forums of discussion thus creating opportunitiesfor e changing different perspectives" In developing public polic%, input from both theempirical and public conte ts ensures that a more complete range of information is

    available, therefore, leading to the development of more relevant and effective publicpolic% options" Internall%, ris! communication promotes action, continuous learning,innovation and team or!" It can demonstrate ho management of a locali#ed ris!contributes to the overall achievement of corporate ob:ectives"

    Ris! communication involves a range of activities, including issue identification andassessment, anal%sis of the public environment -including sta!eholder interests andconcerns., development of consultation and communications strategies, messagedevelopment, or!ing ith the media, and monitoring and evaluating the public dialogue"The public sector has the additional responsibilit% of reporting to and communicating itharliament"

    9ithin the federal ublic (ervice, it is e pected that consultation activities, includingthose related to ris! management, ill be underta!en in a manner that is consistent iththe Government Communi"ations Poli"($

    #lement 0 #nsuring Continuous Risk Management1earning

    Continuous learning is fundamental to more informed and proactive decision$ma!ing" Itcontributes to better ris! management, strengthens organi#ational capacit% and facilitatesintegration of ris! management into an organi#ational structure" To ensure continuousris! management learning, pursue the follo ing outcomes/

    *earning from e%perien"e is valued# lessons are shared-a supportive workenvironment$

    *earning plans are &uilt into organization+s risk management pra"ti"es$

    Results of risk management are evaluated to support innovation# "apa"it(&uilding and "ontinuous improvement-individual# team and organization$

    ,%perien"e and &est pra"ti"es are shared-internall( and a"ross government$

    Creating a upportive !ork #nvironment

  • 8/12/2019 Integrated Risk Management Framework


    ) supportive or! environment is a !e% component of continuous learning" Ealuinglearning from e perience, sharing best practices and lessons learned, and embracinginnovation and responsible ris!$ta!ing characteri#e an organi#ation ith a supportiveor! environment" )n organi#ation ith a supportive or! environment ould bee pected to/

    Promote learningb% fostering an environment that motivates people to learn

    b% valuing !no ledge, ne ideas and ne relationships as vital aspects of thecreativit% that leads to innovation and

    b% including and emphasi#ing learning in strategic plans"

    1earn "rom e&perience

    b% valuing e perimentation, here opportunities are assessed for benefits andconse8uences

    b% sharing learning on past successes and failures and

    b% using 5lessons learned5 and 5best practices5 in planning e ercises"

    Demonstrate management leadership

    b% selecting leaders ho are coaches, teachers and good ste ards

    b% demonstrating commitment and support to emplo%ees through the provision ofopportunities, resources, and tools and

    b% ma!ing time, allotting resources and measuring success through periodicrevie s -e"g", learning audits."

    2uilding 1earning Plans in Practices

    (ince continuous learning contributes significantl% to increasing capacit% to manage ris!,

    the integration of learning plans into all aspects of ris! management is fundamental tobuilding capacit% and supporting the strategic direction for managing ris!"

    )s part of a unit's learning strateg%, learning plans provide for the identification oftraining and development needs of each emplo%ee" ;ffective learning plans, reflecting ris!management learning strategies, are lin!ed to both operational and corporate strategies,incorporate opportunities for managers to coach and mentor staff, and addresscompetenc% gaps -!no ledge and s!ills. for individuals and teams" The inclusion of ris!management learning ob:ectives in performance appraisals is a useful approach tosupport continuous ris! management learning"

    upporting Continuous 1earning and Innovation

    In implementing a continuous learning approach to ris! management, it is important torecogni#e that not all ris!s can be foreseen or totall% avoided" rocedures are paramountto ensure due diligence and to maintain public confidence" Goals ill not al a%s be metand innovations ill not al a%s lead to e pected outcomes" Do ever, if ris! managementactions are informed and lessons are learned, promotion of a continuous learningapproach ill create incentives for innovation hile still respecting organi#ational ris!tolerances" The critical challenge is to sho that ris! is being ell$managed and thataccountabilit% is maintained hile recogni#ing that learning from e perience is importantfor progress"

  • 8/12/2019 Integrated Risk Management Framework


    In addition to demonstrating accountabilit%, transparenc% and due diligence, properdocumentation ma% also be used as a learning tool" ractising integrated ris!management should support innovation, learning, and continuous improvement at theindividual, team and organi#ation level"

    )n organi#ation demonstrates continuous learning ith respect to ris! management if/

    an appropriate ris! management culture is fostered

    learning is lin!ed to ris! management strateg% at man% levels

    responsible ris!$ta!ing and learning from e perience is encouraged andsupported

    there is considerable information sharing as the basis for decision$ma!ing

    decision$ma!ing includes a range of perspectives including the vie s ofsta!eholders, emplo%ees and citi#ens and

    input and feedbac! are activel% sought and are the basis for further action"


    The Integrated Ris! Management rame or! advances a more s%stematic and integratedapproach for ris! management" +% focusing on the importance of ris! communication andris! tolerance, it loo!s outside the organi#ation for the vie s of Canadians" Internall%, itemphasi#es the importance of people and leadership and the need for departments andagencies to more clearl% define their roles" The rame or! provides a tool that helpsorgani#ations communicate a vision and ob:ectives for management of ris! based ongovernment values and priorities, lessons learned, best practices and consultation ithsta!eholders"

    The rame or! is a fundamental part of the federal management agenda and ModernComptrollership" It is designed to support the optimi#ation of resource allocation andresponsible spending, paramount for achieving results" It also builds on public sectorvalues, !no ledge management and continuous learning for innovation" The IntegratedRis! Management rame or! is the first step in establishing the foundation for morestrategic and corporate integrated ris! management in departments and in government"In the future, the rame or! ill be supported b% tools and guidance documents as ellas complemented b% other ris! management initiatives"

    The Treasur% +oard of Canada (ecretariat intends to or! closel% ith departments andagencies in implementing the Integrated Ris! Management rame or! and in trac!ingprogress to ard building a ris!$smart or!force and environment in the ublic (ervice"

    *ppendi& hared 1eadership- uggested Roles andResponsibilities

    In moving to ard an integrated ris! management function, ever%one has a role to pla%"Combining shared leadership ith a team approach ill help contribute to the success ofintegrated ris! management throughout the organi#ation" (uggested roles andresponsibilities that could be considered b% the different parties involved in integratedris! management are outlined belo "

  • 8/12/2019 Integrated Risk Management Framework


    +reasury 2oard o" Canada ecretariat

    communicating and e plaining the Integrated Ris! Management rame or!

    providing guidance, training and a centre of e pertise in support of the IntegratedRis! Management rame or!

    providing Treasur% +oard, other central agencies and arliament ith ris!management information and advice appropriate to their responsibilities and

    periodicall% e amining and evaluating the effectiveness of the Integrated Ris!Management rame or!, trac!ing progress and reporting on best practices"

    Deputy 4eads or #:uivalent

    setting the tone from the top that s%stematic and integrated ris! management isvaluable for understanding uncertaint% in decision$ma!ing and for demonstratingaccountabilit% to sta!eholders

    determining the best a% to implement the Integrated Ris! Managementrame or! in their organi#ation

    ensuring that a supportive learning environment e ists for ris! management,including sensible ris! ta!ing and learning from e perience

    ensuring, from a corporate perspective, that ris!s are prioriti#ed, and thatappropriate ris! management strategies are in place to respond to identified ris!sand

    ensuring the capacit% to report on the performance of the ris! managementfunction -i"e", !no ing ho ell the department or agenc% is managing ris!."

    enior Management

    integrating ris! management into overall departmental strateg% and managementframe or!s

    providing managers and emplo%ees ith learning opportunities and training tobuild competencies and

    allocating resources for investment in more s%stematic ris! management"


    considering ris! as a part of their decision$ma!ing process and

    ensuring there is appropriate ongoing operational and corporate$related ris!management action, planning, training, control, monitoring and documentation"

    Functional *dvisors and pecialists

    ensuring that polic% and related advice, guidance and assistance is in line ithcentral agenc% and departmental policies on ris! management and seniormanagement's ob:ectives

    helping managers identif% and assess ris! and the effectiveness, efficienc% andeconom% of e isting measures to manage ris! and

    helping managers design and implement tools for more effective ris!management"

  • 8/12/2019 Integrated Risk Management Framework


    Review) Internal *udit

    reporting to the