Library and Archives Canada
Symbol of the Government of Canada

Institutional links


Archived Content

This archived Web page remains online for reference, research or recordkeeping purposes. This page will not be altered or updated. Web pages that are archived on the Internet are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats of this page on the Contact Us page.

Risk Management

Audit Report
November 2009

Audits and Evaluations

Appendix A - Audit Criteria

Risk Management Area Criteria
1. Governance & Strategic Direction
  • There is senior management direction on the vision for integrated risk management (principles, framework, and processes) that is tailored and responsive to the organization's external and internal context , and that supports government-wide management of risk
  • Risk is managed horizontally (across all programs), vertically (across all levels of the organization), and functionally ensuring appropriate integration into all key planning, policy-making, delivery, and decision-making processes.
  • There is ongoing Senior-level Oversight of: the management of risks at all levels, effectiveness of risk management arrangements, and adherence to risk management policy
  • Guidance is provided on risk tolerance and risk mitigation strategies
2. Public Service Values
  • Departmental culture recognizes the presence of risk in all activities and the need to explicitly manage risk through mitigation, avoidance, transfer, or sharing

Departmental culture values good risk management as a key component of managerial excellence

3. Policy & Programs
  • Risk Management Policy defining principles, roles, responsibilities, processes, and terms is a key part of the department's risk management arrangements

Annual risk management planning (including environmental scanning) is conducted to refine key risks, their management approaches, and to refine the department's risk management arrangements covering Risk Universe, risk tolerance, stakeholders, competencies, etc.

4. Results & Performance
  • Relevant information on risk is gathered and used to make decisions
  • Performance of the risk management arrangements toward Risk Maturity is reported annually to senior management
  • Reporting and disclosure to senior management, central agencies, Parliament, and the public is balanced, transparent and easy to understand.
5. Accountability
  • Risk management roles and responsibilities are integrated into the departmental accountability mechanisms (job descriptions, performance reviews, Terms of Reference, etc.)
6. Risk Management
  • An effective balance established between informal (intuitive) and formal (systematic, structured) risk management is established and maintained based on context, urgency and significance of risk exposure (within the Risk Universe)
  • Risk is not mitigated to absolute minimum as a general rule which can stifle creativity and innovation. Rather, it is reduced to a tolerable or acceptable level.
7. Citizen-focused Service
  • External risk communications and stakeholder engagement is carried out on an ongoing basis to ensure needs, issues and concerns, risk perceptions and misperceptions (Government of Canada or stakeholders) are included in risk analysis and decision making
8. Stewardship
  • Risk-related requirements of relevant control-related authorities are incorporated: Financial Administration Act, Federal Accountability Act, TBS policies
  • Indicators for results, risk and accountability managed in an integrated manner
9. People
  • Risk management competency and resource needs are determined and developed covering risk assessment, risk management, and risk communications
  • Information on risk is communicated in a timely manner
10. Learning, Innovation & Change Management
  • Ongoing risk management learning is developed and implemented
  • Change management principles and practices are applied, including planning for appropriate resources (i.e., people, systems, finances, etc.)

Previous | Table of Contents | Next