HomeMy WebLinkAboutFCS-15-092 - Risk Management UpdateStaff Report
rR finance and Corporate Services Department www.kitchener.ca
REPORT TO: Audit Committee
DATE OF MEETING: June 29, 2015
SUBMITTED BY: Corina Tasker, Internal Auditor, 519 - 741 -2200 ext 7361
PREPARED BY: Corina Tasker, Internal Auditor, 519 - 741 -2200 ext 7361
WARD(S) INVOLVED: ALL
DATE OF REPORT: June 20, 2015
REPORT NO.: FCS -15 -092
SUBJECT: Risk Management Update
RECOMMENDATION:
No recommendation required. The following information is being provided as an
update and assurance on risk management matters, in accordance with the Audit
Committee Terms of Reference.
BACKGROUND:
One of the responsibilities of the Audit Committee is to ensure that "management has
established and is maintaining a comprehensive risk framework ". This report provides
an update of the existing and planned activities related specifically to risk management
to give the Audit Committee assurance that management has fulfilled its duties in this
regard.
REPORT:
What is risk management?
Risk management is a method or process used by an organization to manage risks and
seize opportunities related to the achievement of their objectives. It is a process to
identify and proactively address risks and opportunities across the corporation. At its
core is the ability to identify potential risks to the business and then treat the risk by
accepting it, transferring it, mitigating it, or eliminating it.
Benefits of Risk Management
By being aware of the many types of risk that could impact the obtainment of our goals,
our organization is in a better position to proactively mitigate or capitalize on risks
* ** This information is available in accessible formats upon request. * **
Please call 519- 741 -2345 or TTY 1- 866 - 969 -9994 for assistance.
3 -1
before they emerge. This helps reduce costs, mitigate losses, protect City assets, and
ensure project or divisional success. It allows us to be proactive, not reactive.
Embedding Risk Management into the Culture
In the 2014 risk management update (report FCS -14 -109, June 5, 2014) it was stated
that in order to embed risk management so that it becomes a standard business
practice there were three levels which must be addressed:
1. Governance
2. Processes and tools
3. Staff training
The following activities continue to occur or have been completed since that report to
address those three areas.
Governance
The City continues to have a risk management policy (1 -16 Corporate Risk Management
policy) which outline's the corporation's position with regard to risk management
including roles and responsibilities related to risk management, risk register standards
and risk tolerance level.
This is the second year that this annual report on risk management has been presented
to Audit Committee in order to provide the committee with assurance that the
corporation is managing risk effectively.
Processes and Tools
Several risk management templates and instructions have been posted on a shared
drive for all staff to download.
Risk assessments are now a standard component in service reviews and
comprehensive audits.
Staff Training and Experience
Two sessions of the CapaCity course titled "Risky Business" have been completed.
This '/2 day course was delivered by the Internal Auditor to participants of the Project
Management course. In total 25 staff that have project manager responsibilities have
received this education. Feedback on the course was very positive.
Three divisions have participated in a risk assessment exercise as part of a
comprehensive audit and now continue to monitor the resulting risk register for their
division. These include Purchasing, Community Resource Centres, and Arenas. The
risk assessments helped the division identify things that could stop them from achieving
their goals and then prioritize the risks for action.
Other initiatives have employed risk management techniques to help prioritize work
based on relative risk. For example, asset management is working on prioritizing water
3 -2
and sewer main reconstruction / repairs based on the likelihood and impact of water or
sewer main breaks. Another example is legislated services who are working on
prioritizing policy changes based on the relative impact to citizens and the corporation of
not changing the policy and the frequency of application of the policy.
Future Work
It is recognized that divisions should be considering the main risks to their objectives, at
least at a high level, when creating their business plans. In other words, what are the
main factors that could cause the objectives not to be met? The manager of integrated
planning will be working with internal audit in the future to determine how risk
management can be integrated into the planning cycle.
The templates will be posted on the intranet and their existence will be promoted
corporately.
The CapaCity course will continue to be offered on an as- needed basis for any groups
of individuals or teams who would like training on this topic.
As more comprehensive audits and service reviews are completed, more staff will have
an opportunity to participate in risk assessments and begin to understand the benefits of
risk management.
ALIGNMENT WITH CITY OF KITCHENER STRATEGIC PLAN:
Work relating to risk management falls under the Efficient and Effective Government
foundation within the Strategic Plan. Specifically the plan states that we will support
[service] delivery through a robust governance and management approach, including a
close eye on risk management and legislative compliance.
FINANCIAL IMPLICATIONS:
There are no financial implications related to this report.
COMMUNITY ENGAGEMENT:
Members of the community have been informed of the results of this risk management
update through the posting of this report on the internet on June 24, 2015.
ACKNOWLEDGED BY: Dan Chapman, Deputy CAO, Finance and Corporate Services
3 -3
r"N1,06C
Jr
(D
E
CDc�
c�
in
ry
� U
Z i
rn
CD
Z i
rn
0)
C�
N
.0
E
ui
r"N1,06C
Jr
LIM
-*--a
C�
0
E
0
m
C�
m
In
N,,0C
m ,
Jr
E
E
U O
U
O •-
C= CU
O O
O L
O
CU 0.
C: 4)
m L
E
c
� Q
0 0
T-J
M
N,,0C
m ,
J
C: (�
O
A--+
cn -*--a
C= C:
•— O
E
C= cn
m cn
cn O O
O .� cn
� cn
CU m
CZ • • cn
E O --`c
O C , to
O O�
• •
cn
C:
C� C�
c O
O cn
M�
> O
O C-
a) O
U L
E
O O
cn U
N
M
L-
O
O
C/)
O
Q.
Q.
C: (�
O
A--+
cn -*--a
C= C:
•— O
E
C= cn
m cn
cn O O
O .� cn
� cn
CU m
CZ • • cn
E O --`c
O C , to
O O�
• •
cn
C:
C� C�
c O
O cn
M�
> O
O C-
a) O
U L
E
O O
cn U
N
M
mold
�
C�
C6
N,,0C
Jr
0
W
C/)
O
O v
V M
4--j
�
._ C
._ e C: U a) •� O C� C: L U
Q. p a)
C:
C/)
cu C/) C/)
O m � cn E
cn a
O cv E • > a�
C � 0
cn C/) CU E .� .. U) '>
� O O - }' to A.-i
C/) C/) x C/) to C: O . S CL O U
a) cu QL L. (1) -1--j
to a- O U c6 O
•� N to '— Q 3:
4--1
I�� I D V 0
I I
V
1
M
N,,0C
Jr
0) L
•C: o 44�
C C: C:
}, o C p
a)
cn C: E o
cn C c
p � � cn p
•� p
.� p U
to c • >
p Cu
� L
cn p
cn
O o • to 'MID .
C: CU
V L
E a)
�--� C: to
-1--a (j ._ 0
0 CU a) cn
o �� o -a
cm E a) M--j
a)
. .
Ll
Ll
1
M