HomeMy WebLinkAboutFCS-16-090 - Risk Management Update
REPORT TO: Audit Committee
DATE OF MEETING: June 27, 2016
SUBMITTED BY: Corina Tasker, Internal Auditor, 519-741-2200 ext 7361
PREPARED BY: Corina Tasker, Internal Auditor, 519-741-2200 ext 7361
WARD(S) INVOLVED: All
DATE OF REPORT: June 15, 2016
REPORT NO.: FCS-16-090
SUBJECT: Risk Management Update
___________________________________________________________________________
RECOMMENDATION:
No recommendation required. The following information is being provided as an
update and assurance on risk management matters, in accordance with the Audit
Committee Terms of Reference.
EXECUTIVE SUMMARY:
This report provides information on the following topics:
1) Service review prioritization refresh
2) Risk management training update
3) Risk management of compliance topics
BACKGROUND:
an update of the existing and planned activities related specifically to risk management
to give the Audit Committee assurance that management has fulfilled its duties in this
regard.
REPORT:
1) Service Review Prioritization Refresh
In 2012 Audit Committee approved a risk based framework to prioritize services across
the corporation for the purposes of performing service reviews. All 95 services were
ranked based on three factors:
1. Total risk score (60% weighting)
2. Operating expense budget (30% weighting)
*** This information is available in accessible formats upon request. ***
Please call 519-741-2345 or TTY 1-866-969-9994 for assistance.
3. Date of last review (10% weighting)
This framework allowed focus to be placed on reviewing the higher risk services first,
while adjusting the ranking for services which had recently been reviewed or did not
generate high operating expenses. The annual integrated service review work plan was
then constructed each year by choosing the next services on the prioritized list.
The list is now outdated and needs to be refreshed. A process to gather refreshed risk
data from divisions has begun and will continue through the summer months. The
outcomes of this process will include:
A refreshed prioritized list of services from which the service review work plan will
be based each year. Note that there will now be 44 services on this list (instead
of 95) to align with the service groupings / nomenclature found in the business
plans.
Summarized corporate and department risk profiles. Senior management will use
the risk profiles to align strategies and resources to address common high risk
areas or opportunities in a coordinated fashion in order to meet strategic and
business plan objectives.
A process to refresh the risk scores more frequently (bi-annually).
Audit Committee will get the opportunity to review and comment on the refreshed
prioritized list of services at the September 26 Audit Committee meeting. They will also
then approve the annual work plan as usual at the December meeting.
2) Risk Management Training Update
One of the ongoing goals related to risk management is to embed risk management
practices and thinking into the
when divisions undergo a comprehensive audit or service review and participate in a
risk assessment for their division.
This year 15 staff and management from CSD requested and attended the Risky
Business course. In addition, 12 staff from Accounting, 30 staff from Community
Centres, and 57 staff from Information Technology divisions participated in risk
assessments for their divisions.
Anecdotal evidence indicates that more staff are aware of the benefits of risk
management and are incorporating it into the management of their lines of business and
into the management of their projects.
3) Risk Management of Compliance
Compliance with legislation is one area that internal audit is responsible for monitoring.
However, due to the complexity of all of the legislation the City must comply with and
with an internal audit staff of only one person ensuring compliance across all areas of
the City is not feasible. This section describes a decentralized approach to handling
compliance monitoring by providing supervisors with the tools they need to monitor
rd
compliance in their areas and with the assistance of external 3 party auditors.
Commercial Vehicle Operator Registration
One significant area of legislation which the City must comply with is related to the
operation of city vehicles and equipment. Commercial vehicle operators in Ontario must
have a valid Commercial Vehicle Operator's Registration (CVOR) certificate. The CVOR
system monitors commercial carrier safety to improve road safety for all road users.
Operators are responsible for all the drivers and vehicles in their operation, including:
The conduct of the driver
employing qualified and licensed drivers
o
monitoring the safety performance of drivers, including hours of service
o
resolving driver safety issues when they are identified
o
The mechanical safety condition of the vehicle
keeping vehicles in good, safe condition at all times
o
ensuring that daily and annual/semi-annual inspections are completed
o
The shipping of goods or passengers in the vehicle, ensuring load security
Keeping records on file (e.g. vehicle repairs, kilometres travelled per year, annual
inspection reports, etc.)
Notifying the Ministry of Transportation of changes to names, addresses,
telephone numbers, fleet data, kilometric travel, changes in corporate officers,
etc.
Renewing the CVOR certificate and not allowing it to expire
The CVOR system evaluates an operator based on the events on its CVOR record. An
operator's on-road performance is evaluated based on three safety indicators:
1. collisions
2. convictions
3. roadside inspection for any of the responsibilities listed above
Operators receive a CVOR rating which is a mark out of 100. It is desirable to have as
low a CVOR rating as possible. If an operator reaches a rating of 35% or above they will
receive a warning letter. A rating of 50% or above prompts a facility audit, 80% an
interview with the Ministry of Transportation (MTO), and 100% leads to possible
sanctions including revoking the CVOR license to operate.
CVOR History
Starting in 2007 the City saw a marked increase in its CVOR score due to a change by
the MTO in the way the calculation was made. This led to a warning letter by the MTO.
A series of collisions and convictions led to the score reaching its highest point in 2009
at 120.55%. While sanctions were not imposed, this did lead to an interview with the
MTO and the requirement for an action plan to reduce the score. Subsequently a task
force was created to examine the issue and several training and communication efforts
were made to try to reduce the score. In addition, they began working on a checklist that
supervisors could use to monitor compliance with the non-driving aspects of the score.
The score did decrease to a low of 33.2% in 2011 which is in the acceptable range. As
the score contains infractions from the past two years, it will always continue to fluctuate
up and down as items fall off the record and new ones appear.
due to a number of collisions and other roadside infractions. At this time the task force
was almost ready to launch the checklist but needed a larger group of stakeholders to
enable implementation.
Compliance and Conformance Evaluation Committee
In early 2012 the Compliance and Conformance Evaluation (CCE) committee was
created and consisted of staff and management from across several divisions
responsible for vehicles or equipment and was chaired by the Internal Auditor. The
purpose of the committee was to roll-out and refine the framework created by the task
force for proactively reviewing and monitoring with
legislation, standards, and work procedures in order to reduce risk in this area.
The initial focus was pertaining to the operation and maintenance of City vehicles and
equipment which was put in place to safe guard staff from injury, avoid property
damage, comply with regulatory requirements and ultimately reduce the CVOR rating.
The intent though was that this committee structure could then expand to other
compliance topics over time.
In 2016 the original CCE committee was dissolved after accomplishing its mandate to
establish a framework and checklists for management and staff to monitor and action
risks related to vehicle and equipment compliance. All committee members are
commended for their dedication to completing the work and reducing risk in this area.
A summary of accomplishments is included below.
Several new sub-committees have now been created, including new members, to tackle
other compliance topics such as:
Contractor safety program
Personal use of vehicles
Legislative compliance including wastewater, materials handling and
contaminated soil
Standard operating procedures for Operations
These sub-committees will report back to the Internal Auditor with progress at
scheduled intervals. In addition, the original CCE committee will convene annually for
the purposes of receiving a report from the Supervisor of Vehicle and Equipment
Compliance to ensure continued diligence and accountability with regards to the CVOR
rating and related actions.
CCE Accomplishments to Date:
Daily Vehicle Inspection Audits
The initial focus of the CCE committee was to develop a method of spot checking
employees who drove City vehicles or equipment to ensure they had adequately
completed their daily vehicle inspections. This was a pre-emptive check to ensure staff
were ready should they ever be pulled over during a roadside Ministry of Transportation
(MTO) blitz. Infractions found by the MTO would result in additional points against the
CVOR rating and possible sanctions.
An audit checklist was created and rolled out in January 2013 which examined sixteen
different requirements related to the daily vehicle inspection process. Since that time
the audits have been expanded to cover not only daily vehicle inspections, but also load
security, transportation of dangerous goods, WHMIS, fire safety, and personal
protection equipment requirements. The audits are conducted monthly by an external
auditor and the Supervisor of Vehicle and Equipment Compliance.
During 2015 231 vehicles were audited. The compliance rates have improved greatly
this year, with more staff informed of their responsibilities and taking proactive action to
remain compliant. The overall compliance rate (i.e. percentage of internal audits that
had perfect scores and zero non-compliance issues) has gone from a low of 25%
compliant at the beginning of the year to 84% compliant in December 2015. Another
performance indicator that is tracked is the average number of non-compliances found
per vehicle in the fleet. Ideally the number should be zero but the committee set a
realistic target of 1.0 non-compliance per vehicle. The number at the end of 2015 was
down to 0.78, compared to 1.5 in 2014 which is a great improvement. The majority of
the non-compliances were related to staff not filling out the daily vehicle inspection book
correctly. Additional training has been given to staff to try to remedy this.
Defect Reporting Audits
The internal auditor conducted four semi-annual defect reporting audits. These audits
trace the path of vehicle defects which are reported in the vehicle inspection to ensure
the white copy is filed in fleet, it is reported in the fleet system and the repair is signed
off by the mechanic in the book in order to prove due diligence to the MTO related to
defects. The majority of errors found during the audits related to the mechanic not
physically signing off on the repair in the log book (although the repair was completed
and closed within the online system). Fleet management responded by training staff on
what is expected. No further audits will be done.
Collision Review
The collision review committee is responsible for reviewing all collisions involving City-
owned vehicles or equipment and determining whether the incident was preventable or
not. Management is then responsible for following through with appropriate corrective
actions to avoid future preventable occurrences.
The CCE committee discussed the underlying issues in the collision review process.
Improvements have been made including more communications and training of staff.
There were 60% less collisions involving summer students in 2015 vs. 2014 due to the
training efforts.
Responsibility for monitoring corrective actions for collision review has moved from
Human Resources to the Vehicle and Equipment Compliance section which has
allowed more focus in this area. Outstanding actions have gone from 87 down to zero.
Hours of Service Audit
Hours of service non-compliance was looked at in detail. Under legislation employees
who drive vehicles are required to track their hours of service and stay within acceptable
limits. service compliance as part of
a facility audit in November 2014.
The root cause of about half of the infractions found were due to limitations of the
tracking software at the time of the audit. Software upgrades have since been made to
allow the correct address and vehicle/plate number to easily be part of the record.
Other non-compliances related to driver actions and incorrect data input will be
monitored by Vehicle and Equipment Compliance staff with corrective actions taken by
management. As a pre-emptive measure the City continues to retain an external
auditor (the same one used for the daily vehicle inspections) to perform an annual audit
of hours of service to identify areas for improvement.
Driving Behaviour Monitoring
All fleet vehicles are equipped with GPS monitoring devices. In addition to location of
the vehicle they also track driving behaviours such as speeding, harsh braking,
acceleration, idling and seat belt use. Communication around driving behaviour
expectations has been delivered to staff as management starts to monitor and action
poor driving habits. Budget has been approved to install key fobs which link the vehicle
to specific drivers which will make reporting and follow-up easier.
This activity is outside the responsibility of the CCE committee and is administered
directly by the Fleet division and actioned by management. However success in this
area will have a direct impact on the CVOR rating.
CVOR Rating
At the end of 2015 the average rating for Ontario municipalities with populations greater
than 40,000 people was 41.3%, which is in the warning letter range but below the facility
audit range.
The CVOR rating decreased to 39.3% in April 2016, the lowest is has been since
July 2014. However, it has jumped back up to 43.4% in May as the record begins to
reflect preventable events experienced in the winter months (there is a time delay
between the time of the collisions and when they appear on the driver abstract and
CVOR rating). This is just slightly above the municipal average.
The Vehicle Safety and Compliance section has provided training to drivers for
defensive winter driving which is when the majority of the collisions occur which has
helped reduce the amount of collisions compared to previous years. This training
coupled with the monitoring of driving behaviours and auditing the daily vehicle
inspections has helped to bring this rating into a more acceptable range, although
continued diligence is required to further improve the rating below the
level.
Traffic Protection and Construction Site Safety Audits
The traffic protection and construction site safety audits procedure was created by the
CCE committee and will be rolled out to staff in early summer 2016. Although the
responsibility to audit work sites will be in the hands of supervisors. The templates
include a checklist of safety procedures that should be present at construction sites. It is
regulations and procedures related to the risks inherent in that particular job site.
Although most supervisors check for safety hazards already, this template allows them
to record their observations and recommendations, providing evidence of due diligence
by the supervisor. It also will act as a memory aid relating to some of the more obscure
or rarely used safety measures that are required for unique circumstances. The CCE
committee will receive a copy of audits for the purpose of keeping metrics about the
process but will otherwise not be involved.
CONCLUSION:
The internal auditor is satisfied that the corporation continues to identify, monitor and
action risks and opportunities that could prevent them from achieving their goals and
objectives.
ALIGNMENT WITH CITY OF KITCHENER STRATEGIC PLAN:
T
core service.
FINANCIAL IMPLICATIONS:
There are no financial implications related to this report.
COMMUNITY ENGAGEMENT:
INFORM
advance of the council / committee meeting.
ACKNOWLEDGED BY:
Dan Chapman, Deputy CAO, Finance and Corporate Services