President's Message In March 2000, I had the pleasure of tabling the Government of Canada's ne management frameor!, entitled Results for Canadians" It outlines ho e are moderni#ing management practices in order to ma!e the Government of Canada more citi#en$focused and better prepared to meet Canadians'changing needs and priorities" This Integrated Risk Management Framework is an essential part of these moderni#ation efforts" In an increasingl% comple& public polic% environment, it is important that 'ublic (ervice emplo%ees are encouraged to approach their or! ith creativit% and a desire to innovate" )t the same time, hoever, e must recogni#e and respect the need to be prudent in protecting the public interest and maintaining public trust" )chieving this balance is hat this Integrated Risk Management Framework is all about" This frameor! is a practical guide to assist public service emplo%ees in their decision$ ma!ing" )t the organi#ational level, it ill help departments and agencies to thin! more strategicall% and improve their abilit% to set common priorities" )t the individual level, it ill help all emplo%ees to develop ne s!ills and ill strengthen their abilit% to anticipate, assess and manage ris!" I invite %ou to read the frameor! and ma!e use of the concepts, guidelines and e&les that relate to %our particular needs" I am confident that this frameor! ill lead to the adoption of a more holistic approach to ris! management and foster a or!ing environment hich supports emplo%ees in pursuing ne and innovative a%s to better serve Canadians" The paper version as signed b% *ucienne Robillard 'resident of the Treasur% +oard Introduction The Integrated Ris! Management ,rameor! delivers on the commitment set out in Results for Canadians-A Management Framework for the Government of Canada -March 2000. to strengthen ris! management practices ithin the 'ublic (ervice" In doing so, the Integrated Ris! Management ,rameor! supports the four management commitments outlined in Results for Canadians/ citi#en focus, values, results and responsible spending" The Integrated Ris! Management ,rameor! advances a citi#en focus b% strengthening decision$ma!ing in the public interest and placing more emphasis on consultation and communication" (imilarl%, it respects core public service values such as honest%, integrit% and probit% at all levels, and contributes to improved results b% managing ris! proactivel%" Integrated ris! management also supports a hole$of$ government vie grounded in rational priorit% setting and principles of responsible spending" The need for more affordable and effective government combined ith trends toards revitali#ing human resources capacit% and redesigning service deliver% are dramaticall% affecting the structure and culture of public organi#ations" The faster pace and need for innovation, combined ith significant ris!$based events from computer failures to natural disasters, has focused attention on ris! management as essential in sound decision$ ma!ing and accountabilit%" Responding to the need to strengthen ris! management as a priorit% on the government management agenda, the Treasur% +oard of Canada (ecretariat -the (ecretariat. led research and consultations on ris! management in collaboration ith federal organi#ations, academics and private interests" The results highlighted the need for a common understanding of ris! management and a more corporate, s%stematic approach" Informed b% !noledge and e&perience from the public and private sectors in Canada and internationall%, the (ecretariat and its partners collaborated on the development of an Integrated Ris! Management ,rameor!" This ,rameor! is designed to advance the development and implementation of modern management practices and to support innovation throughout the federal 'ublic (ervice" It provides a comprehensive approach to better integrate ris! management into strategic decision$ma!ing" The ,rameor! provides an organi#ation ith a mechanism to develop an overall approach to manage strategic ris!s b% creating the means to discuss, compare and evaluate substantiall% different ris!s on the same page" It applies to an entire organi#ation and covers all t%pes of ris!s faced b% that organi#ation -e"g", polic%, operational, human resources, financial, legal, health and safet%, environment, reputational." The purpose of the Integrated Ris! Management ,rameor! is to/ provide guidance to advance the use of a more corporate and s%stematic approach to ris! management0 contribute to building a ris!$smart or!force and environment that allos for innovation and responsible ris!$ta!ing hile ensuring legitimate precautions are ta!en to protect the public interest, maintain public trust, and ensure due diligence0 and propose a set of ris! management practices that departments can adopt, or adapt, to their specific circumstances and mandate" )pplication of the ,rameor! is designed to strengthen management practices, decision$ ma!ing and priorit% setting to better respond to citi#ens'needs" Moreover, practising integrated ris! management is e&pected to support the desired cultural shift to a ris!$ smart or!force and environment" More specificall%, it is anticipated that implementation of the ,rameor! ill/ support the government's governance responsibilities b% ensuring that significant ris! areas associated ith policies, plans, programs and operations are identified and assessed, and that appropriate measures are in place to address unfavourable impacts and to benefit from opportunities0 improve results through more informed decision$ma!ing, b% ensuring that values, competencies, tools and a supportive environment form the foundation for innovation and responsible ris!$ta!ing, and b% encouraging learning from e&perience hile respecting parliamentar% controls0 strengthen accountability b% demonstrating that levels of ris! associated ith policies, plans, programs and operations are e&plicitl% understood, and that investment in ris! management measures and sta!eholder interests are optimall% balanced0 and enhance stewardship b% strengthening public service capacit% to safeguard people, government propert% and interests" Integrated ris! management respects and builds on core public service values" 1utcomes of applied integrated ris! management must be ethical, honest and fair0 respect las, government authorities and departmental policies0 and result in prudent use of resources" The Integrated Ris! Management ,rameor! responds to the recommendations contained in the Report of the Independent Review Panel on Modernization of Comptrollership in the Government of Canada -2334., hich ere approved b% Treasur% +oard ministers" The report highlights a ne guiding philosoph% for comptrollership" This ne philosoph% combines a strong commitment to four !e% elements/ performance reporting -financial and non$financial.0 sound ris! management0 the application of an appropriate s%stem of control and reporting0 and values and ethics" In identif%ing as a priorit% the strengthening of ris! management across the 'ublic (ervice, the report stressed the need for/ 5""" e&ecutives and emplo%ees 6to be7 ris! attuned$not onl% identif%ing but also managing ris!s """50 5""" matching more creative and client$driven decision ma!ing and business approaches ith solid ris! management"""50 and 5""" creating an environment in hich ta!ing ris!s and the conse8uences of doing so are handled ithin a mature frameor! of delegation, reards and sanctions"5 The ,rameor! builds on e&isting ris! management practices, reflects current thin!ing, best practices and the value of ell$recogni#ed principles for ris! management" It is lin!ed ith other federal ris! management initiatives across government, including recent efforts to strengthen internal audit and increase focus on monitoring" Ris! management frameor!s are also being developed in areas such as legal ris! management and the precautionar% approach" In addition, the Integrated Ris! Management ,rameor! complements the concepts and approach described in the 'riv% Council 1ffice report$Risk Management for Canada and Canadians: Report of the AM !orking Group on Risk Management -2000." Collectivel%, these individual initiatives are contributing to strengthening ris! management across the federal government in line ith modern comptrollership and to improving practices in managing ris! from a hole$of$government perspective" Management Challenges In toda%'s orld, change and uncertaint% are constants" 9ith increased demand b% parliamentarians for greater transparenc% in decision$ma!ing, better educated and discerning citi#ens, globali#ation, technological advances, and numerous other factors, adapting to change and uncertaint% hile striving for operating efficienc% is a fundamental part of the 'ublic (ervice" (uch an environment re8uires a stronger focus on integrated ris! management practices ithin organi#ations in order to strategicall% deal ith uncertaint%, capitali#e upon opportunities, and inform and increase involvement of sta!eholders -including parliamentarians., to ensure better decisions in the future" The challenge for the 'ublic (ervice of Canada is to approach ris! management in a more integrated and s%stematic a% that includes greater emphasis on consultation and communication ith sta!eholders and the public at large" In meeting this challenge, the 'ublic (ervice can fulfill its increased responsibilit% to demonstrate sound decision$ ma!ing, in line ith increasing e&pectations of due diligence, more intense public and media scrutin%, and initiatives for transparenc% and open government" Ris! management is no seen as an organi#ation$ide issue that, as one of several co$ordinated initiatives, ill improve decision$ma!ing, enabling the shift to results$based management" Integrated ris! management re8uires loo!ing across all aspects of an organi#ation to better manage ris!" 1rgani#ations that manage ris! organi#ation$ide have a greater li!elihood of achieving their ob:ectives and desired results" ;ffective ris! management minimi#es losses and negative outcomes and identifies opportunities to improve services to sta!eholders and the public at large" ) s%stematic, integrated but adaptable approach to ris! management re8uires an organi#ation to build capacit% to address ris! e&plicitl%, to increase the organi#ation's and sta!eholders'confidence in its abilit% to achieve its goals" It contributes to better use of time and resources, improved teamor! and strengthened trust through sharing anal%ses and actions ith partners" In emphasi#ing the need for more active and fre8uent consultation and ris! communication, an integrated approach to ris! management leads to shared responsibilit% for managing ris!" It also increases confidence in the organi#ation's process, and improves public and sta!eholder understanding of trade$offs" Developing a Risk-mart !ork"orce and #nvironment )pplication of the Integrated Ris! Management ,rameor!, in con:unction ith related ris! management activities, ill support a cultural shift to a ris!$smart or!force and environment in the 'ublic (ervice" (uch an environment is one that supports responsible ris! management, here ris! management is built into e&isting governance and organi#ational structures, and planning and operational processes" )n essential element of a ris!$smart environment is to ensure that the or!place has the capacit% and tools to be innovative hile recogni#ing and respecting the need to be prudent in protecting the public interest and maintaining public trust" <epartments hose core mandate focuses directl% on public health and safet% have traditionall% been ver% proactive in practising s%stematic ris! management" These departments have a long histor% of addressing the public's lo ris! tolerance in the areas of health and safet% and have, as a result, developed an effective ris! management culture" The emerging trends in the public sector environment and challenges associated ith the need to adapt to change and uncertaint% are contributing to the increased interest in ris! management in other public polic% areas" This higher level of aareness around ris! management and the need to better understand and manage different t%pes of ris!s in addition to health and safet% ris!s re8uires a cultural shift" The aim of this cultural shift is to develop a ris!$smart or!force throughout the 'ublic (ervice b% ensuring that public servants at all levels are more ris! aare and ris! attentive, that mitigation measures are proportionate to the issue at hand, and that the necessar% tools and processes are in place to support them" )chieving this cultural change ill re8uire sustained commitment throughout the 'ublic (ervice over a number of %ears as practices evolve" $ey Concepts There are three critical concepts that are cornerstones of the Integrated Ris! Management ,rameor!/ ris!, ris! management and integrated ris! management" These concepts are elaborated on belo" Risk Ris! is unavoidable and present in virtuall% ever% human situation" It is present in our dail% lives, public and private sector organi#ations" <epending on the conte&t, there are man% accepted definitions of ris! 627 in use" The common concept in all definitions is uncertaint% of outcomes" 9here the% differ is in ho the% characteri#e outcomes" (ome describe ris! as having onl% adverse conse8uences, hile others are neutral" 9hile this ,rameor! recogni#es the importance of the negative connotation of outcomes associated ith the description of ris! -i"e", ris! is adverse., it is ac!noledged that definitions are evolving" Indeed, there is considerable debate and discussion on hat ould be an acceptable generic definition of ris! that ould recogni#e the fact that, hen assessed and managed properl%, ris! can lead to innovation and opportunit%" This situation appears more prevalent hen dealing ith operational ris!s and in the conte&t of technological ris!s" ,or e&le, Government 1n$*ine -G1*. represents an opportunit% to significantl% increase the efficienc% of public access to government services" It is ac!noledged in advance that the benefits of pursuing G1* ould outeigh, in the long term, potential negative outcomes, hich are foreseen to be manageable" To date, no consensus has emerged, but after much research and discussion, the folloing description of ris! has been developed for the federal 'ublic (ervice in the conte&t of the Integrated Ris! Management ,rameor!/ Risk re"ers to the uncertainty that surrounds "uture events and outcomes% It is the e&pression o" the likelihood and impact o" an event with the potential to in"luence the achievement o" an organi'ation's ob(ectives% The phrase 5the e&pression of the li!elihood and impact of an event5 implies that, as a minimum, some form of 8uantitative or 8ualitative anal%sis is re8uired for ma!ing decisions concerning ma:or ris!s or threats to the achievement of an organi#ation's ob:ectives" ,or each ris!, to calculations are re8uired/ its li!elihood or probabilit%0 and the e&tent of the impact or conse8uences" ,inall%, it is recogni#ed that for some organi#ations, ris! management is applied to issues predetermined to result in adverse or unanted conse8uences" ,or these organi#ations, the definition of ris! in the 'riv% Council 1ffice report 627 , hich refers to ris! as 5a function of the probabilit% -chance, li!elihood. of an adverse or unanted event, and the severit% or magnitude of the conse8uences of that event5 ill be more relevant to their particular public decision$ma!ing conte&ts" )lthough this definition of ris! refers to the negative impact of the issue, the report ac!noledges that there are also positive opportunities arising from responsible ris!$ta!ing, and that innovation and ris! co$e&ist fre8uentl%" Risk Management Ris! management is not ne in the federal public sector" It is an integral component of good management and decision$ma!ing at all levels" )ll departments manage ris! continuousl% hether the% reali#e it or not$sometimes more rigorousl% and s%stematicall%, sometimes less so" More rigorous ris! management occurs most visibl% in departments hose core mandate is to protect the environment and public health and safet%" )s ith the definition of ris!, there are e8uall% man% accepted definitions of ris! management in use" (ome describe ris! management as the decision $ma!ing process, e&cluding the identification and assessment of ris!, hereas others describe ris! management as the complete process, including ris! identification, assessment and decisions around ris! issues" ,or e&le, the 'riv% Council 1ffice's report refers to ris! management as 5the process for dealing ith uncertaint% ithin a public polic% environment5 6=7 ,or the purposes of the Integrated Ris! Management ,rameor!/ Risk management is a systematic approach to setting the best course o" action under uncertainty by identi"ying) assessing) understanding) acting on and communicating risk issues% In order to appl% ris! management effectivel%, it is vital that a ris! management culture be developed" The ris! management culture supports the overall vision, mission and ob:ectives of an organi#ation" *imits and boundaries are established and communicated concerning hat are acceptable ris! practices and outcomes" (ince ris! management is directed at uncertaint% related to future events and outcomes, it is implied that all planning e&ercises encompass some form of ris! management" There is also a clear implication that ris! management is ever%one's business, since people at all levels can provide some insight into the nature, li!elihood and impacts of ris!" Ris! management is about ma!ing decisions that contribute to the achievement of an organi#ation's ob:ectives b% appl%ing it both at the individual activit% level and in functional areas" It assists ith decisions such as the reconciliation of science$based evidence and other factors0 costs ith benefits and e&pectations in investing limited public resources0 and the governance and control structures needed to support due diligence, responsible ris!$ta!ing, innovation and accountabilit%" Integrated Risk Management The current operating environment is demanding a more integrated ris! management approach" It is no longer sufficient to manage ris! at the individual activit% level or in functional silos" 1rgani#ations around the orld are benefiting from a more comprehensive approach to dealing ith all their ris!s" Toda%, organi#ations are faced ith man% different t%pes of ris! -e"g", polic%, program, operational, pro:ect, financial, human resources, technological, health, safet%, political." Ris!s that present themselves on a number of fronts as ell as high level, high $impact ris!s demand a co$ordinated, s%stematic corporate response" Integrated Ris! Management 59hatever name the% put on it$business """ holistic """ strategic """ enterprise$leading organi#ations around the orld are brea!ing out of the 'silo mentalit%'and ta!ing a comprehensive approach to dealing ith all the ris!s the% face"5 $Toers 'errin ,or the purposes of the Integrated Ris! Management ,rameor!/ Integrated risk management is a continuous) proactive and systematic process to understand) manage and communicate risk "rom an organi'ation-wide perspective% It is about making strategic decisions that contribute to the achievement o" an organi'ation's overall corporate ob(ectives% Integrated ris! management re8uires an ongoing assessment of potential ris!s for an organi#ation at ever% level and then aggregating the results at the corporate level to facilitate priorit% setting and improved decision$ma!ing" Integrated ris! management should become embedded in the organi#ation's corporate strateg% and shape the organi#ation's ris! management culture" The identification, assessment and management of ris! across an organi#ation helps reveal the importance of the hole, the sum of the ris!s and the interdependence of the parts" Integrated ris! management does not focus onl% on the minimi#ation or mitigation of ris!s, but also supports activities that foster innovation, so that the greatest returns can be achieved ith acceptable results, costs and ris!s" Integrated ris! management strives for the optimal balance at the corporate level" The Government of Canada has alread% used an integrated ris! management approach to manage ris! related to >2? and is currentl% appl%ing the approach to other ma:or initiatives such as Government 1n$*ine and 'rogram Integrit%" *n Integrated Risk Management Framework The Integrated Ris! Management ,rameor! provides guidance to adopt a more holistic approach to managing ris!" The application of the ,rameor! is e&pected to enable emplo%ees and organi#ations to better understand the nature of ris!, and to manage it more s%stematicall%" Four #lements and +heir #&pected Results The Integrated Ris! Management ,rameor! is comprised of four related elements" The elements, and a s%nopsis of the e&pected results for each, are presented belo" ,urther details on the conceptual and functional aspects of the ,rameor! are provided in subse8uent sections of this document" #lement ,- Developing the Corporate Risk Pro"ile the organi#ation's ris!s are identified through environmental scanning0 current status of ris! management ithin the organi#ation is assessed0 and the organi#ation's ris! profile is identified" #lement .- #stablishing an Integrated Risk Management Function management direction on ris! management is communicated, understood and applied0 approach to operationali#e integrated ris! management is implemented through e&isting decision$ma!ing and reporting structures0 and capacit% is built through development of learning plans and tools" #lement /- Practising Integrated Risk Management a common ris! management process is consistentl% applied at all levels0 results of ris! management practices at all levels are integrated into informed decision$ma!ing and priorit% setting0 tools and methods are applied0 and consultation and communication ith sta!eholders is ongoing" #lement 0- #nsuring Continuous Risk Management 1earning a supportive or! environment is established here learning from e&perience is valued, lessons are shared0 learning plans are built into an organi#ation's ris! management practices0 results of ris! management are evaluated to support innovation, learning and continuous improvement0 and e&perience and best practices are shared, internall% and across government" The four elements of the Integrated Ris! Management ,rameor! are presented as the% might be applied/ loo!ing outard and across the organi#ation as ell as at individual activities" This comprehensive approach to managing ris! is intended to establish the relationship beteen the organi#ation and its operating environment, revealing the interdependencies of individual activities and the hori#ontal lin!ages" 9hile it is ac!noledged that some departments are more advanced than others in moving toards the implementation of an integrated ris! management approach, there is groing appreciation across the 'ublic (ervice of the need to strengthen ris! management practices and develop a more strategic and corporate$ide focus" Implementing integrated ris! management ill depend largel% on an organi#ation's state of readiness, overall priorities and the level of effort necessar% to implement the various elements" )s a result, developing a more mature ris! management environment ill re8uire sustained commitment and ill evolve over time" This ,rameor! is a step in establishing the foundation for integrated ris! management in the public sector" It is ac!noledged that to support and facilitate implementation, the development of specific tools and guidelines as ell as sharing of best practices and lessons learned ill be re8uired" #lement ,- Developing the Corporate Risk Pro"ile ) broad understanding of the operating environment is an important first step in developing the corporate ris! profile" <eveloping the ris! profile at the corporate level is intended to e&amine both threats and opportunities in the conte&t of an organi#ation's mandate, ob:ectives and available resources" In building the corporate ris! profile, information and !noledge at both the corporate and operational levels is collected to assist departments in understanding the range of ris!s the% face, both internall% and e&ternall%, their li!elihood and their potential impacts" In addition, identif%ing and assessing the e&isting departmental ris! management capacit% and capabilit% is another critical component of developing the corporate ris! profile" )n organi#ation can e&pect three !e% outcomes as a result of developing the corporate ris! profile/ Threats and opportunities are identified through ongoing internal and e&ternal environmental scans, anal%sis and ad:ustment" Current status of ris! management ithin the organi#ation is assessed$ challenges@opportunities, capacit%, practices, culture$ and recogni#ed in planning organi#ation$ide management of ris! strategies" The organi#ation's ris! profile is identified$!e% ris! areas, ris! tolerance, abilit% and capacit% to mitigate, learning needs" #&ternal and Internal #nvironment Through the environmental scan, !e% e&ternal and internal factors and ris!s influencing an organi#ation's polic% and management agenda are identified" Identif%ing ma:or trends and their variation over time is particularl% relevant in providing potential earl% arnings" (ome e&ternal factors to be considered for potential ris!s include/ Political- the influence of international governments and other governing bodies0 #conomic- international and national mar!ets, globali#ation0 ocial- ma:or demographic and social trends, level of citi#en engagement0 and +echnological- ne technologies" Internall%, the folloing factors are considered relevant to the development of an organi#ation's ris! profile/ the overall management frameor!0 governance and accountabilit% structures0 values and ethics0 operational or! environment0 individual and corporate ris! management culture and tolerances0 e&isting ris! management e&pertise and practices0 human resources capacit%0 level of transparenc% re8uired0 and local and corporate policies, procedures and processes" The environmental scan increases the organi#ation's aareness of the !e% characteristics and attributes of the ris!s it faces" These include/ type o" risk- technological, financial, human resources -capacit%, intellectual propert%., health, safet%0 source o" risk- e&ternal -political, economic, natural disasters.0 internal -reputation, securit%, !noledge management, information for decision ma!ing.0 what is at risk- area of impact@t%pe of e&posure -people, reputation, program results, materiel, real propert%.0 and level o" ability to control the risk- high -operational.0 moderate -reputation.0 lo -natural disasters." )n organi#ation's ris! profile identifies !e% ris! areas that cut across the organi#ation -functions, programs, s%stems. as ell as individual events, activities or pro:ects that could significantl% influence the overall management priorities, performance, and reali#ation of organi#ational ob:ectives" The environmental scan assists the department in establishing a strategic direction for managing ris!, ma!ing appropriate ad:ustments in decisions and actions" It is an ongoing process that reinforces e&isting management practices and supports the attainment of overall management e&cellence" *ssessing Current Risk Management Capacity In assessing internal ris! management capacit%, the mandate, governance and decision$ ma!ing structures, planning processes, infrastructure, and human and financial resources are e&amined from the perspective of ris!" The assessment re8uires an e&amination of the prevailing ris! management culture, ris! management processes and practices to determine if ad:ustments are necessar% to deal ith the evolving ris! environment" ,urthermore, the folloing factors are considered !e% in assessing an organi#ation's current ris! management capacit%/ individual factors -!noledge, s!ills, e&perience, ris! tolerance, propensit% to ta!e ris!.0 group factors -the impact of individual ris! tolerances and illingness to manage ris!.0 organi#ational factors -strategic direction, stated or implied ris! tolerance.0 as ell as e&ternal factors -elements that affect particular ris! decisions or ho ris! is managed in general." Risk +olerance )n aareness and understanding of the current ris! tolerances of various sta!eholders is a !e% ingredient in establishing the corporate ris! profile" The environmental scan ill identif% sta!eholders affected b% an organi#ation's decisions and actions, and their degree of comfort ith various levels of ris!" Anderstanding the current state of ris! tolerance of citi#ens, parliamentarians, interest groups, suppliers, as ell as other government departments ill assist in developing a ris! profile and ma!ing decisions on hat ris!s must be managed, ho, and to hat e&tent" It ill also help identif% the challenges associated ith ris! consultations and communication" In the 'ublic (ervice, citi#ens'needs and e&pectations are paramount" ,or e&le, most citi#ens ould li!el% have a lo ris! tolerance for public health and safet% issues -in:uries, fatalities., or the loss of Canada's international reputation" 1ther ris! tolerances for issues such as pro:ect dela%s and sloer service deliver% ma% be less obvious and ma% re8uire more consultation" In general, there is loer ris! tolerance for the un!non, here impacts are ne, unobservable or dela%ed" There are higher ris! tolerances here people feel more in control -for e&le, there is usuall% a higher ris! tolerance for automobile travel than for air travel." Ris! tolerance can be determined through consultation ith affected parties, or b% assessing sta!eholders'response or reaction to var%ing levels of ris! e&posure" Ris! tolerances ma% change over time as ne information and outcomes become available, as societal e&pectations evolve and as a result of sta!eholder engagement on trade$offs" +efore developing management strategies, a common approach to the assessment of ris! tolerance needs to be understood organi#ation$ide" <etermining and communicating an organi#ation's on ris! tolerance is also an essential part of managing ris!" This process identifies areas here minimal levels of ris! are permissible, as ell as those that should be managed to higher, %et reasonable levels of ris!" #lement .- #stablishing an Integrated Risk Management Function ;stablishing an integrated ris! management function means setting up the corporate 5infrastructure5 for ris! management that is designed to enhance understanding and communication of ris! issues internall%, to provide clear direction and demonstrate senior management support" The corporate ris! profile provides the necessar% input to establish corporate ris! management ob:ectives and strategies" To be effective, ris! management needs to be aligned ith an organi#ation's overall ob:ectives, corporate focus, strategic direction, operating practices and internal culture" In order to ensure ris! management is a consideration in priorit% setting and revenue allocation, it needs to be integrated ithin e&isting governance and decision$ma!ing structures at the operational and strategic levels" To ensure that ris! management is integrated in a rational, s%stematic and proactive manner, an organi#ation should see! to achieve three related outcomes/ Management dire"tion on risk management is "ommuni"ated# understood and applied-vision# poli"ies# operating prin"iples$ Approa"h to operationalize integrated risk management is implemented through e%isting de"ision-making stru"tures: governan"e# "lear roles and responsi&ilities# and performan"e reporting$ 'uilding "apa"it(-learning plans and tools are developed for use throughout the organization$ trategic Risk Management Direction The establishment and communication of the organi#ation's ris! management vision, ob:ectives and operating principles are vital to providing overall direction, and ensure the successful integration of the ris! management function into the organi#ation" Asing these instruments can reinforce the notion that ris! management is ever%one's business" It is essential that management provides a clear statement of its commitment to ris! management and determines the best a% to implement ris! management in its organi#ation" This includes establishing a corporate focus and communicating internal parameters, priorities, and practices for the implementation of ris! management" To reinforce the corporate focus on ris! management, organi#ations ma% dedicate a small number of resources to provide both advisor% and challenge functions, and to specificall% integrate these responsibilities into an e&isting unit -for e&le, Corporate 'lanning and 'olic%, Comptrollership (ecretariat, Internal )udit." In establishing the strategic ris! management direction, internal and e&ternal concerns, perceptions and ris! tolerances are ta!en into account" It is also imperative to identif% acceptable ris! tolerance levels so those unfavourable outcomes can be remedied promptl% and effectivel%" Clear communication of the organi#ation's strategic direction ill help foster the creation and promotion of a supportive corporate ris! management culture" 1b:ectives and strategies for ris! management are designed to complement the organi#ation's e&isting vision and goals" In establishing an overall ris! management direction, a clear vision for ris! management is articulated and supported b% policies and operating principles" The polic% ould guide emplo%ees b% describing the ris! management process, establishing roles and responsibilities, providing methods for managing ris!, as ell as providing for the evaluation of both the ob:ectives and results of ris! management practices" Integrating Risk Management into Decision Making ;ffective ris! management cannot be practised in isolation, but needs to be built into e&isting decision$ma!ing structures and processes" )s ris! management is an essential component of good management, integrating the ris! management function into e&isting strategic management and operational processes ill ensure that ris! management is an integral part of da%$to$da% activities" In addition, organi#ations can capitali#e on e&isting capacit% and capabilities -e"g", communications, committee structures, e&isting roles and responsibilities, etc". 9hile each organi#ation ill find its on a% to integrate ris! management into e&isting decision$ma!ing structures, the folloing are factors that ma% be considered/ aligning ris! management ith ob:ectives at all levels of the organi#ation0 introducing ris! management components into e&isting strategic planning and operational processes0 communicating corporate directions on acceptable level of ris!0 and improving control and accountabilit% s%stems and processes to ta!e into account ris! management and results" The integration of ris! management into decision$ma!ing is supported b% a corporate philosoph% and culture that encourages ever%one to manage ris!s" This can be accomplished in a number of a%s, such as/ see!ing e&cellence in management practices, including ris! management0 having senior managers champion ris! management0 encouraging innovation, hile providing guidance and assistance in situations that do not turn out favourabl%0 encouraging managers to develop !noledge and s!ills in ris! management0 including ris! management as part of emplo%ees'performance appraisals0 introducing incentives and reards0 and recruiting on ris! management abilit% as ell as e&perience" Reporting on Per"ormance The development of evaluation and reporting mechanisms for ris! management activities provides feedbac! to management and other interested parties in the organi#ation and government$ide" The results of these activities ensure that integrated ris! management is effective in the long term" (ome of these activities could fall to functional groups in the organi#ation responsible for revie and audit" Responsibilit% ma% also be assigned to operational managers and emplo%ees to ensure that information affecting ris! that is collected as part of local reporting or practices is incorporated into the environmental scanning process" Reporting could ta!e place through normal management channels -performance reporting, ongoing monitoring, appraisal. as part of the advisor% and challenge functions associated ith ris! management" Reporting facilitates learning and improved decision$ma!ing b% assessing both successes and failures, monitoring the use of resources, and disseminating information on best practices and lessons learned" 1rgani#ations should evaluate the effectiveness of their integrated ris! management processes on a periodic basis" In collaboration ith departments, the Treasur% +oard of Canada (ecretariat ill revie the effectiveness of the Integrated Ris! Management ,rameor! and ma!e the necessar% ad:ustments to ensure sustained progress in building a ris!$smart or!force and environment" 2uilding 3rgani'ational Capacity +uilding ris! management capacit% is an ongoing challenge even after integrated ris! management has become firml% entrenched" ;nvironmental scanning ill continue to identif% ne areas and activities that re8uire attention, as ell as the ris! management s!ills, processes, and practices that need to be developed and strengthened" 1rgani#ations need to develop their on capacit% strategies based on their specific situation and ris! e&posure" The implementation of the Integrated Ris! Management ,rameor! ill be further supported b% the Treasur% +oard of Canada (ecretariat, hich, through a centre of e&pertise, ill provide overall guidance, advice and share best practices" To build capacit% for ris! management, there needs to be a focus on to !e% areas/ human resources, and tools and processes at both the corporate and local levels" The ris! profile ill identif% the organi#ation's e&isting strengths and ea!nesses vis$B$vis capacit%" )reas that ma% re8uire attention include/ 4uman Resources building aareness of ris! management initiatives and culture0 broadening s!ills base through formal training including appropriate applications and tools0 increasing !noledge base b% sharing best practices and e&periences0 and building capacit%, capabilities and s!ills to or! in teams" +ools and Processes developing and adopting corporate ris! management tools, techni8ues, practices and processes0 providing guidance on the application of tools and techni8ues0 alloing for development and@or the use of alternative tools and techni8ues that ma% be better suited to managing ris! in speciali#ed applications0 and adopting processes to ensure integration of ris! management across the organi#ation" #lement /- Practising Integrated Risk Management Implementing an integrated ris! management approach re8uires a management decision and sustained commitment, and is designed to contribute to the reali#ation of organi#ational ob:ectives" Integrated ris! management builds on the results of an environmental scan and is supported b% appropriate corporate infrastructure" The folloing outcomes are e&pected for practising integrated ris! management/ A departmental risk management pro"ess is "onsistentl( applied at all levels# where risks are understood# managed and "ommuni"ated$ Results of risk management pra"ti"es at all levels are integrated into informed de"ision-making and priorit( setting-strategi"# operational# management and performan"e reporting$ )ools and methods are applied as aids to make de"isions$ Consultation and "ommuni"ation with stakeholders is ongoing-internal and e%ternal$ * Common Process ) common, continuous ris! management process assists an organi#ation in understanding, managing and communicating ris!" Continuous ris! management has several steps" ;mphasis on various points in the process ma% var%, as ma% the t%pe, rigour or e&tent of actions considered, but the basic steps are similar" In the e&hibits that follo, ;&hibit 2 illustrates an e&le of a continuous ris! management process that focuses on an integrated approach to ris! management, hile ;&hibit 2 presents a ris! management decision$ma!ing process in the conte&t of public polic%" #&hibit ,- * Common Risk Management Process <ispla% full si#e graphic Internal and e&ternal communication and continuous learning improve understanding and s!ills for ris! management practice at all levels of an organi#ation, from corporate through to front$line operations" The process provides common language, guides decision$ma!ing at all levels, and allos organi#ations to tailor their activities at the local level" <ocumenting the rationale for arriving at decisions strengthens accountabilit% and demonstrates due diligence" The common ris! management process and related activities are/ Risk Identi"ication ,% Identi"ying Issues) etting Conte&t <efining the problems or opportunities, scope, conte&t -social, cultural, scientific evidence, etc". and associated ris! issues" <eciding on necessar% people, e&pertise, tools and techni8ues -e"g", scenarios, brainstorming, chec!lists." 'erforming a sta!eholder anal%sis -determining ris! tolerances, sta!eholder position, attitudes." Risk *ssessment .% *ssessing $ey Risk *reas )nal%#ing conte&t@results of environmental scan and determining t%pes@categories of ris! to be addressed, significant organi#ation$ide issues, and vital local issues" /% Measuring 1ikelihood and Impact <etermining degree of e&posure, e&pressed as li!elihood and impact, of assessed ris!s, choosing tools" Considering both the empirical@scientific evidence and public conte&t" 0% Ranking Risks Ran!ing ris!s, considering ris! tolerance, using e&isting or developing ne criteria and tools" Responding to Risk 5% etting Desired Results <efining ob:ectives and e&pected outcomes for ran!ed ris!s, short@long term" 6% Developing 3ptions Identif%ing and anal%#ing options$a%s to minimi#e threats and ma&imi#e opportunities$approaches, tools" 7% electing a trategy Choosing a strateg%, appl%ing decision criteria$results$oriented, problem@opportunit% driven" )ppl%ing, here appropriate, the precautionar% approach@principle as a means of managing ris!s of serious or irreversible harm in situations of scientific uncertaint%" 8% Implementing the trategy <eveloping and implementing a plan" Monitoring and #valuation 9% Monitoring) #valuating and *d(usting *earning, improving the decision$ma!ing@ris! management process locall% and organi#ation$ide, using effectiveness criteria, reporting on performance and results" 1rgani#ations ma% var% the basic steps and supporting tas!s most suited to achieving common understanding and implementing consistent, efficient and effective ris! management" ) focused, s%stematic and integrated approach recogni#es that all decisions involve management of ris!, hether in routine operations or for ma:or initiatives involving significant resources" It is important that the ris! management process be applied at all levels, from the corporate level to programs and ma:or pro:ects to local s%stems and operations" 9hile the process allos tailoring for different uses, having a consistent approach ithin an organi#ation assists in aggregating information to deal ith ris! issues at the corporate level" #&hibit .- Risk Management in Public Policy- * Decision-Making Process <ispla% full si#e graphic ;&hibit 2 presents the model, developed b% the 'C1$led )<M 9or!ing Group on Ris! Management, hich addresses the issue of ris! management in the conte&t of public polic% development" This model presents a basis for e&ploring issues of interest to government polic%$ma!ers, and provides a conte&t in hich to discuss, e&amine, and see! out interrelationships beteen issues associated ith public polic% decisions in an environment of uncertaint% and ris! -i"e", a model of public ris! management." )s in ;&hibit 2, this model recogni#es si& basic steps/ identification of the issue0 anal%sis or assessment of the issue0 development of options0 decision0 implementation of the decision0 and evaluation and revie of the decision" 6C7 In this model, several !e% elements ere identified as influencing the public polic% environment surrounding ris! management/ There is a pu&li" element to virtuall% all government decision$ma!ing, and it is a central and legitimate input to the process" Ancertaint% in science, together ith competing polic% interests -including international obligations. has led to increased focus on the pre"autionar( approa"h" ) decision$ma!ing process does not o""ur in isolation$the public nature and comple&it% of man% government polic% issues means that certain factors, such as communications and consultation activities, legal considerations, and ongoing operational activities, re8uire active consideration at each stage of the process" Integrating Results "or Risk Management into Practices at all 1evels The results of ris! management are to be integrated both hori#ontall% and verticall% into organi#ational policies, plans and practices" Dori#ontall%, it is important that results be considered in developing organi#ation$ide policies, plans and priorities" Eerticall%, functional units, such as branches and divisions, need to incorporate these results into programs and ma:or initiatives" In practice, the ris! assessment and response to ris! ould be considered in developing local business plans at the activit%, division or regional level" These plans ould then be considered at the corporate level, and significant ris!s -hori#ontal or high$impact ris!s. ould be incorporated into the appropriate corporate business, functional or operational plan" The responsibilit% centre providing the advisor% and 5corporate challenge5 functions can add value to this process, since ne ris!s might be identified and ne ris! management strategies re8uired after the roll$up" There needs to be a s%nerg% beteen the overall ris! management strateg% and the local ris! management practices of the organi#ation" ;ach function or activit% ould have to be e&amined from three standpoints/ its purpose- ris! management ould loo! at decision$ma!ing, planning, and accountabilit% processes as ell as opportunities for innovation0 its level- different approaches are re8uired based on hether a function or activit% is strategic, management or operational0 and the relevant discipline- the ris!s involved ith technolog%, finance, human resources, and those regarding legal, scientific, regulator%, and@or health and safet% issues" +ools and Methods )t a technical level, various tools and techni8ues can be used for managing ris!" The folloing are some e&les/ risk maps- summar% charts and diagrams that help organi#ations identif%, discuss, understand and address ris!s b% portra%ing sources and t%pes of ris!s and disciplines involved@needed0 modelling tools- such as scenario anal%sis and forecasting models to sho the range of possibilities and to build scenarios into contingenc% plans0 "ramework on the precautionary approach- a principle$based frameor! that provides guidance on the precautionar% approach in order to improve the predictabilit%, credibilit% and consistenc% of its application across the federal government0 :ualitative techni:ues- such as or!shops, 8uestionnaires, and self $assessment to identif% and assess ris!s0 and Internet and organi'ational Intranets- promote ris! aareness and management b% sharing information internall% and e&ternall%" ;&hibit = provides an e&le of a ris! management model" In this model, one can assess here a particular ris! falls in terms of li!elihood and impact and establish the organi#ational strateg%@response to manage the ris!" #&hibit /- * Risk Management Model <ispla% full si#e graphic In developing methods to provide guidance on ris! management, the different levels of readiness and e&perience in a department, as ell as variations in available resources need to be recogni#ed" Therefore, methods need to be fle&ible and simple using clear language to ensure open channels of communication" (everal practical methods that could be used to provide guidance are/ a managers'"orum- here ris!s are identified, proposed actions are discussed and best practices are shared0 an internal risk management advisory "unction- dedicated to ris! management, either as a special unit or associated ith an e&isting functional unit0 and tool kits- a collection of effective ris! management tools such as chec!lists, 8uestionnaires, best practices" Communication and Consultation Communication of ris! and consultation ith interested parties are essential to supporting sound ris! management decisions" In fact, communication and consultation must be considered at ever% stage of the ris! management process" ) fundamental re8uirement for practising integrated ris! management is the development of plans, processes and products through ongoing consultation and communication ith sta!eholders -both internal and e&ternal. ho ma% be involved in or affected b% an organi#ation's decisions and actions" Consultation and proactive citi#en engagement ill assist in bridging gaps beteen statistical evidence and perceptions of ris!" It is also important that ris! communication practices anticipate and respond effectivel% to public concerns and e&pectations" ) citi#en's re8uest for information presents an opportunit% to communicate about ris! and the management of ris!" In the public sector conte&t, some high$profile ris! issues ould benefit from proactivel% involving parliamentarians in particular forums of discussion thus creating opportunities for e&changing different perspectives" In developing public polic%, input from both the empirical and public conte&ts ensures that a more complete range of information is available, therefore, leading to the development of more relevant and effective public polic% options" Internall%, ris! communication promotes action, continuous learning, innovation and teamor!" It can demonstrate ho management of a locali#ed ris! contributes to the overall achievement of corporate ob:ectives" Ris! communication involves a range of activities, including issue identification and assessment, anal%sis of the public environment -including sta!eholder interests and concerns., development of consultation and communications strategies, message development, or!ing ith the media, and monitoring and evaluating the public dialogue" The public sector has the additional responsibilit% of reporting to and communicating ith 'arliament" 9ithin the federal 'ublic (ervice, it is e&pected that consultation activities, including those related to ris! management, ill be underta!en in a manner that is consistent ith the Government Communi"ations Poli"($ #lement 0- #nsuring Continuous Risk Management 1earning Continuous learning is fundamental to more informed and proactive decision$ma!ing" It contributes to better ris! management, strengthens organi#ational capacit% and facilitates integration of ris! management into an organi#ational structure" To ensure continuous ris! management learning, pursue the folloing outcomes/ *earning from e%perien"e is valued# lessons are shared-a supportive work environment$ *earning plans are &uilt into organization+s risk management pra"ti"es$ Results of risk management are evaluated to support innovation# "apa"it( &uilding and "ontinuous improvement-individual# team and organization$ ,%perien"e and &est pra"ti"es are shared-internall( and a"ross government$ Creating a upportive !ork #nvironment ) supportive or! environment is a !e% component of continuous learning" Ealuing learning from e&perience, sharing best practices and lessons learned, and embracing innovation and responsible ris!$ta!ing characteri#e an organi#ation ith a supportive or! environment" )n organi#ation ith a supportive or! environment ould be e&pected to/ Promote learning b% fostering an environment that motivates people to learn0 b% valuing !noledge, ne ideas and ne relationships as vital aspects of the creativit% that leads to innovation0 and b% including and emphasi#ing learning in strategic plans" 1earn "rom e&perience b% valuing e&perimentation, here opportunities are assessed for benefits and conse8uences0 b% sharing learning on past successes and failures0 and b% using 5lessons learned5 and 5best practices5 in planning e&ercises" Demonstrate management leadership b% selecting leaders ho are coaches, teachers and good steards0 b% demonstrating commitment and support to emplo%ees through the provision of opportunities, resources, and tools0 and b% ma!ing time, allotting resources and measuring success through periodic revies -e"g", learning audits." 2uilding 1earning Plans in Practices (ince continuous learning contributes significantl% to increasing capacit% to manage ris!, the integration of learning plans into all aspects of ris! management is fundamental to building capacit% and supporting the strategic direction for managing ris!" )s part of a unit's learning strateg%, learning plans provide for the identification of training and development needs of each emplo%ee" ;ffective learning plans, reflecting ris! management learning strategies, are lin!ed to both operational and corporate strategies, incorporate opportunities for managers to coach and mentor staff, and address competenc% gaps -!noledge and s!ills. for individuals and teams" The inclusion of ris! management learning ob:ectives in performance appraisals is a useful approach to support continuous ris! management learning" upporting Continuous 1earning and Innovation In implementing a continuous learning approach to ris! management, it is important to recogni#e that not all ris!s can be foreseen or totall% avoided" 'rocedures are paramount to ensure due diligence and to maintain public confidence" Goals ill not ala%s be met and innovations ill not ala%s lead to e&pected outcomes" Doever, if ris! management actions are informed and lessons are learned, promotion of a continuous learning approach ill create incentives for innovation hile still respecting organi#ational ris! tolerances" The critical challenge is to sho that ris! is being ell$managed and that accountabilit% is maintained hile recogni#ing that learning from e&perience is important for progress" In addition to demonstrating accountabilit%, transparenc% and due diligence, proper documentation ma% also be used as a learning tool" 'ractising integrated ris! management should support innovation, learning, and continuous improvement at the individual, team and organi#ation level" )n organi#ation demonstrates continuous learning ith respect to ris! management if/ an appropriate ris! management culture is fostered0 learning is lin!ed to ris! management strateg% at man% levels0 responsible ris!$ta!ing and learning from e&perience is encouraged and supported0 there is considerable information sharing as the basis for decision$ma!ing0 decision$ma!ing includes a range of perspectives including the vies of sta!eholders, emplo%ees and citi#ens0 and input and feedbac! are activel% sought and are the basis for further action" Conclusion The Integrated Ris! Management ,rameor! advances a more s%stematic and integrated approach for ris! management" +% focusing on the importance of ris! communication and ris! tolerance, it loo!s outside the organi#ation for the vies of Canadians" Internall%, it emphasi#es the importance of people and leadership and the need for departments and agencies to more clearl% define their roles" The ,rameor! provides a tool that helps organi#ations communicate a vision and ob:ectives for management of ris! based on government values and priorities, lessons learned, best practices and consultation ith sta!eholders" The ,rameor! is a fundamental part of the federal management agenda and Modern Comptrollership" It is designed to support the optimi#ation of resource allocation and responsible spending, paramount for achieving results" It also builds on public sector values, !noledge management and continuous learning for innovation" The Integrated Ris! Management ,rameor! is the first step in establishing the foundation for more strategic and corporate integrated ris! management in departments and in government" In the future, the ,rameor! ill be supported b% tools and guidance documents as ell as complemented b% other ris! management initiatives" The Treasur% +oard of Canada (ecretariat intends to or! closel% ith departments and agencies in implementing the Integrated Ris! Management ,rameor! and in trac!ing progress toard building a ris!$smart or!force and environment in the 'ublic (ervice" *ppendi&- hared 1eadership-uggested Roles and Responsibilities In moving toard an integrated ris! management function, ever%one has a role to pla%" Combining shared leadership ith a team approach ill help contribute to the success of integrated ris! management throughout the organi#ation" (uggested roles and responsibilities that could be considered b% the different parties involved in integrated ris! management are outlined belo" +reasury 2oard o" Canada ecretariat communicating and e&plaining the Integrated Ris! Management ,rameor!0 providing guidance, training and a centre of e&pertise in support of the Integrated Ris! Management ,rameor!0 providing Treasur% +oard, other central agencies and 'arliament ith ris! management information and advice appropriate to their responsibilities0 and periodicall% e&amining and evaluating the effectiveness of the Integrated Ris! Management ,rameor!, trac!ing progress and reporting on best practices" Deputy 4eads or #:uivalent setting the tone from the top that s%stematic and integrated ris! management is valuable for understanding uncertaint% in decision$ma!ing and for demonstrating accountabilit% to sta!eholders0 determining the best a% to implement the Integrated Ris! Management ,rameor! in their organi#ation0 ensuring that a supportive learning environment e&ists for ris! management, including sensible ris! ta!ing and learning from e&perience0 ensuring, from a corporate perspective, that ris!s are prioriti#ed, and that appropriate ris! management strategies are in place to respond to identified ris!s0 and ensuring the capacit% to report on the performance of the ris! management function -i"e", !noing ho ell the department or agenc% is managing ris!." enior Management integrating ris! management into overall departmental strateg% and management frameor!s0 providing managers and emplo%ees ith learning opportunities and training to build competencies0 and allocating resources for investment in more s%stematic ris! management" Managers considering ris! as a part of their decision$ma!ing process0 and ensuring there is appropriate ongoing operational and corporate$related ris! management action, planning, training, control, monitoring and documentation" Functional *dvisors and pecialists ensuring that polic% and related advice, guidance and assistance is in line ith central agenc% and departmental policies on ris! management and senior management's ob:ectives0 helping managers identif% and assess ris! and the effectiveness, efficienc% and econom% of e&isting measures to manage ris!0 and helping managers design and implement tools for more effective ris! management" Review) Internal *udit reporting to the <eput% Dead on the department's or agenc%'s performance under the Integrated Ris! Management ,rameor!" *ll Public ervants sta%ing aare of and attentive to ris! management issues0 ris!$smart behaviours and outcomes$considering limitations, !e% ris! areas and fundamental rules to understand ris!s the% can and cannot ta!e -i"e", understanding here there is alloance for honest mista!es and here prudence is paramount.0 and documenting decisions and supporting information"