Loading...
HomeMy WebLinkAboutFCS-15-092 - Risk Management UpdateStaff Report rR finance and Corporate Services Department www.kitchener.ca REPORT TO: Audit Committee DATE OF MEETING: June 29, 2015 SUBMITTED BY: Corina Tasker, Internal Auditor, 519 - 741 -2200 ext 7361 PREPARED BY: Corina Tasker, Internal Auditor, 519 - 741 -2200 ext 7361 WARD(S) INVOLVED: ALL DATE OF REPORT: June 20, 2015 REPORT NO.: FCS -15 -092 SUBJECT: Risk Management Update RECOMMENDATION: No recommendation required. The following information is being provided as an update and assurance on risk management matters, in accordance with the Audit Committee Terms of Reference. BACKGROUND: One of the responsibilities of the Audit Committee is to ensure that "management has established and is maintaining a comprehensive risk framework ". This report provides an update of the existing and planned activities related specifically to risk management to give the Audit Committee assurance that management has fulfilled its duties in this regard. REPORT: What is risk management? Risk management is a method or process used by an organization to manage risks and seize opportunities related to the achievement of their objectives. It is a process to identify and proactively address risks and opportunities across the corporation. At its core is the ability to identify potential risks to the business and then treat the risk by accepting it, transferring it, mitigating it, or eliminating it. Benefits of Risk Management By being aware of the many types of risk that could impact the obtainment of our goals, our organization is in a better position to proactively mitigate or capitalize on risks * ** This information is available in accessible formats upon request. * ** Please call 519- 741 -2345 or TTY 1- 866 - 969 -9994 for assistance. 3 -1 before they emerge. This helps reduce costs, mitigate losses, protect City assets, and ensure project or divisional success. It allows us to be proactive, not reactive. Embedding Risk Management into the Culture In the 2014 risk management update (report FCS -14 -109, June 5, 2014) it was stated that in order to embed risk management so that it becomes a standard business practice there were three levels which must be addressed: 1. Governance 2. Processes and tools 3. Staff training The following activities continue to occur or have been completed since that report to address those three areas. Governance The City continues to have a risk management policy (1 -16 Corporate Risk Management policy) which outline's the corporation's position with regard to risk management including roles and responsibilities related to risk management, risk register standards and risk tolerance level. This is the second year that this annual report on risk management has been presented to Audit Committee in order to provide the committee with assurance that the corporation is managing risk effectively. Processes and Tools Several risk management templates and instructions have been posted on a shared drive for all staff to download. Risk assessments are now a standard component in service reviews and comprehensive audits. Staff Training and Experience Two sessions of the CapaCity course titled "Risky Business" have been completed. This '/2 day course was delivered by the Internal Auditor to participants of the Project Management course. In total 25 staff that have project manager responsibilities have received this education. Feedback on the course was very positive. Three divisions have participated in a risk assessment exercise as part of a comprehensive audit and now continue to monitor the resulting risk register for their division. These include Purchasing, Community Resource Centres, and Arenas. The risk assessments helped the division identify things that could stop them from achieving their goals and then prioritize the risks for action. Other initiatives have employed risk management techniques to help prioritize work based on relative risk. For example, asset management is working on prioritizing water 3 -2 and sewer main reconstruction / repairs based on the likelihood and impact of water or sewer main breaks. Another example is legislated services who are working on prioritizing policy changes based on the relative impact to citizens and the corporation of not changing the policy and the frequency of application of the policy. Future Work It is recognized that divisions should be considering the main risks to their objectives, at least at a high level, when creating their business plans. In other words, what are the main factors that could cause the objectives not to be met? The manager of integrated planning will be working with internal audit in the future to determine how risk management can be integrated into the planning cycle. The templates will be posted on the intranet and their existence will be promoted corporately. The CapaCity course will continue to be offered on an as- needed basis for any groups of individuals or teams who would like training on this topic. As more comprehensive audits and service reviews are completed, more staff will have an opportunity to participate in risk assessments and begin to understand the benefits of risk management. ALIGNMENT WITH CITY OF KITCHENER STRATEGIC PLAN: Work relating to risk management falls under the Efficient and Effective Government foundation within the Strategic Plan. Specifically the plan states that we will support [service] delivery through a robust governance and management approach, including a close eye on risk management and legislative compliance. FINANCIAL IMPLICATIONS: There are no financial implications related to this report. COMMUNITY ENGAGEMENT: Members of the community have been informed of the results of this risk management update through the posting of this report on the internet on June 24, 2015. ACKNOWLEDGED BY: Dan Chapman, Deputy CAO, Finance and Corporate Services 3 -3 r"N1,06C Jr (D E CDc� c� in ry � U Z i rn CD Z i rn 0) C� N .0 E ui r"N1,06C Jr LIM -*--a C� 0 E 0 m C� m In N,,0C m , Jr E E U O U O •- C= CU O O O L O CU 0. C: 4) m L E c � Q 0 0 T-J M N,,0C m , J C: (� O A--+ cn -*--a C= C: •— O E C= cn m cn cn O O O .� cn � cn CU m CZ • • cn E O --`c O C , to O O� • • cn C: C� C� c O O cn M� > O O C- a) O U L E O O cn U N M L- O O C/) O Q. Q. C: (� O A--+ cn -*--a C= C: •— O E C= cn m cn cn O O O .� cn � cn CU m CZ • • cn E O --`c O C , to O O� • • cn C: C� C� c O O cn M� > O O C- a) O U L E O O cn U N M mold � C� C6 N,,0C Jr 0 W C/) O O v V M 4--j � ._ C ._ e C: U a) •� O C� C: L U Q. p a) C: C/) cu C/) C/) O m � cn E cn a O cv E • > a� C � 0 cn C/) CU E .� .. U) '> � O O - }' to A.-i C/) C/) x C/) to C: O . S CL O U a) cu QL L. (1) -1--j to a- O U c6 O •� N to '— Q 3: 4--1 I�� I D V 0 I I V 1 M N,,0C Jr 0) L •C: o 44� C C: C: }, o C p a) cn C: E o cn C c p � � cn p •� p .� p U to c • > p Cu � L cn p cn O o • to 'MID . C: CU V L E a) �--� C: to -1--a (j ._ 0 0 CU a) cn o �� o -a cm E a) M--j a) . . Ll Ll 1 M