Internal Audit Report

Audit of Occupational Health and Safety

Project 6B289

Date: December 7, 2017


Executive Summary

The objective of the audit was to assess the adequacy of the Department’s Occupational Health and Safety (OHS) Program. The scope included an assessment of the adequacy and effectiveness of the management framework in place to support OHS within the Department and the adequacy and effectiveness of the controls and measures in place to support the implementation and compliance of the OHS Program.

The audit focused on the areas of governance, risk management and control processes and was carried out in the National Headquarters region but also included site visits to the Pacific, Maritimes and Central and Arctic regions. Other regions were also included through telephone interviews. The audit did not involve a comprehensive technical review of the Department of Fisheries and Oceans’ (DFO) OHS program to determine compliance with the Canada Labour Code (CLC) Part II and related regulations.

Why This is Important

The CLC - Part II Occupational Health and Safety, its body of Regulations and all applicable Treasury Board Secretariat Directives, Standards, Procedures, Guides and Advisory Notices set out requirements intended to safeguard the health and safety of every employee. An established OHS program that helps ensure compliance with these regulations is essential to establishing and maintaining a healthy and safe working environment for all employees.

The Department of Fisheries and Oceans and the Canadian Coast Guard (CCG) employ approximately 10,100 individuals operating coast to coast to coast. Close to 85% of employees are located regionally in more than 2,100 buildings and over 1,300 worksites scattered across Canada.Footnote 1 The DFO and the CCG are committed to providing a safe and healthy work environment for all their employees. As such, ensuring the health and safety of DFO and CCG employees requires a comprehensive, integrated OHS program that is actively monitored and reported on.

Key Findings

An adequate DFO and CCG OHS program requires an established OHS governance framework, operational planning and management processes which ensure appropriate resource allocations and a monitoring and reporting framework that helps ensure compliance with legal requirements, responds to issues in a timely manner and enables decision-making. The audit found some weaknesses in each of these areas.

Specifically, the audit found that while there is an OHS governance framework in place, roles, responsibilities and accountabilities are not well understood or consistent.

Additionally, opportunities exist to enhance the operational planning and management process by ensuring decisions are risk-based and that the Program is integrated.

Finally, the monitoring and reporting framework requires a central database or repository to ensure access to complete and accurate information for decision making, monitoring and reporting.

Conclusion

The Department has recently undertaken specific projects to improve OHS across the Department. These have included the comprehensive review and risk assessment undertaken by the Safety, Security and Emergency Services Directorate and increased coordination between DFO and CCG at National Headquarters. The audit, however, found that there are still opportunities for improvement to ensure the adequacy of the Occupational Health and Safety Program, in particular in the area of integration of all parts of the Program.

Management Response

Management is in agreement with the audit findings, has accepted the recommendations included in this report, and has developed a management action plan to address them. The management action plan has been integrated in this report.

Approvals

The Internal Audit Report “Audit of Occupational Health and Safety” was presented at the Departmental Audit Committee on December 7, 2017. Following the integration of the Management Action Plan (MAP), the report was formally approved on March 22, 2018, by the Deputy Minister, at the recommendation of the Departmental Audit Committee.

Background

Promoting safe working conditions is a key component of health and safety in the work place. The Canada Labour Code (CLC) - Part II Occupational Health and Safety, its body of Regulations and all applicable Treasury Board Secretariat Directives, Standards, Procedures, Guides and Advisory Notices set out requirements intended to ensure the health and safety of every employee is protected. Establishing and maintaining a comprehensive Occupational Health and Safety program is essential for the Department’s compliance with these regulations. As such, the Department has identified OHS as a priority through the Occupational Health and Safety General Policy Statement that states the Department “will provide and maintain a safe, healthy and violence-free workplace that complies with and at times exceeds regulatory health and safety requirements.”Footnote 2 This includes the protection of “employees from any known or foreseeable hazards by dedicating sufficient resources to prevent and protect against hazards and behaviours which could result in personal injury or illness.”Footnote 3

The Department of Fisheries and Oceans (DFO) and the Canadian Coast Guard (CCG) employ approximately 10,100 individuals operating coast to coast to coast with the majority of DFO work conducted outside national headquarters. Close to 85% of employees are located regionally in more than 2,100 buildings and over 1,300 worksites scattered across Canada.Footnote 4 In 2015-16, 693 employees were on Workers Compensation and that number rose to 924 in 2016-17.

Although elements of OHS were covered in the Internal Audit of the Management of Occupation Health and Safety and Physical Security in Laboratories in 2015, the overall Departmental Occupational Health and Safety program has not been audited since 2005. As such the Audit of Occupational Health and Safety was initiated in accordance with the Internal Audit Directorate’s 2016-2017 to 2018-2019 Risk-based Audit Plan.

The DFO OHS program is a component of DFO’s Safety Security and Emergency Management (SSEM) program whose requirements, defined in part by the CLC Part II, encompass all sectors, regional organizations and the Canadian Coast Guard (CCG). The SSEM program is managed in the Safety, Security, and Emergency Services (SSES) branch of the Human Resources and Corporate Services (HRCS) Sector and is considered the centre of expertise for OHS, departmental security, emergency and business continuity management.

While there are department-wide health and safety requirements common to all federal government departments, there are health and safety requirements unique to DFO associated with certain sector and CCG programs. For example, there are specific safety requirements related to the CCG fleet operations and maritime security. As a result the CCG has two different safety management systems, one for their fleet, the CCG Fleet Safety and Security Management System, and one for the shore-based operations, the CCG Shore-based Safety and Environmental Compliance Management System. Another example is Ecosystems and Oceans Science staff in labs that handle radioactive materials. In these labs they must follow the General Nuclear Safety and Control Regulations which have unique requirements that don’t apply to other programs.

Also, while both DFO and CCG follow the Department’s Matrix Management Model, there are some differences. Specifically, DFO’s governance structure includes 6 Regional Directors General (RDGs) and a DFO OHS manager and Senior Director of SSES at the National Level while the CCG governance structure is comprised of 3 Assistant Commissioners (ACs) in the regions and a CCG Director of Safety and Security at the National Level. For both these, National Program Management has functional authority providing direction, tools and processes to the regions. Supported by a regional OHS office, the RDGs and ACs are responsible for implementation of policies and processes.

Recognizing the importance of safety and security, senior management of the Department mandated a comprehensive review of the departmental occupational health and safety, security and emergency management programs in 2014. The audit recognizes and considered the work completed as a result of this comprehensive review and the subsequent 2016 Departmental Safety, Security and Emergency Management Plan and compliance risk assessment.

The DFO OHS Program is based on the Det Norske Veritas system. This Safety Management System (SMS) is based on the International Safety Rating System developed by Det Norske Veritas, an internationally recognized authority on OHS. DFO used this SMS to facilitate the development of DFO’s OHS training modules and provide criteria frameworks as guidance for OHS audits.Footnote 5 Alternatively, CCG uses the International Safety Management System to manage OHS, security and environmental compliance. It is comprised of the CCG Fleet, Safety and Security Management System and Shore-based Safety and Environmental Compliance Management System. These mechanisms help the CCG ensure compliance with the spirit, intent and mandated requirements of the Canada Labour Code (CLC) - Part II, its body of Regulations and all related legislative requirements, regulations and codes.

Audit Objective

The purpose of this audit was to assess the adequacy of the Department’s Occupational Health and Safety (OHS) program.

The audit assessed whether:

  • An adequate OHS governance framework has been established;
  • Adequate operational planning and management processes are in place to ensure appropriate resource allocations, access to OHS services and the discharge of responsibilities; and
  • An adequate monitoring and reporting framework has been established to ensure that the OHS program is administered in compliance with legal requirements, appropriately responds to issues, and enables decision making.

Audit Scope

The audit focused on the areas of governance, risk management and control processes

Specific areas of audit examination included:

  • The adequacy and effectiveness of the management framework in place to support OHS within the Department; and
  • The adequacy and effectiveness of the controls and measures in place to support the implementation and compliance of the OHS Program.

The audit was not a comprehensive technical review of DFO’s OHS program to determine compliance with the Canada Labour Code (CLC) Part II and related regulations.

The audit was carried out in the National Headquarters but also included site visits to the Pacific, Maritimes and Central and Arctic regions. Other regions were also included through telephone interviews.

Audit Approach

The audit team carried out its mandate in accordance with Treasury Board’s Policy on Internal Audit and the Directive on Internal Audit and the Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing. The audit employed various techniques including a risk assessment of the audit entity, interviews, as well as reviews and analysis of documentation and information.

Audit Findings

This section provides the observations and recommendations resulting from the audit work carried out. While the audit was conducted based on the lines of enquiry and audit criteria identified in the planning phase, this report is structured along the following main themes:

  • Program integration and coordination;
  • Roles, responsibilities, accountabilities and authorities; and
  • Information to support decision-making, oversight and governance.

Based on the audit work performed and our professional judgment, the risk associated with each observation was rated using a three-point scale. The risk ranking (high, moderate, low) is based on the level of potential risk exposure we feel may have an impact on the achievement of Fisheries and Oceans Canada objectives, and is indicative of the priority Management should give to the recommendations associated with that observation. The following criteria were used in determining the risk exposure level:

High Controls are not in place or are inadequate.
Compliance with legislation and regulations is inadequate.
Important issues are identified that could negatively impact the achievement of program/operational objectives.
Moderate Controls are in place but are not being sufficiently complied with.
Compliance with central agency/departmental policies and established procedures is inadequate.
Issues are identified that could negatively impact the efficiency and effectiveness of operations.
Low Controls are in place but the level of compliance varies.
Compliance with central agency/departmental policies and established procedures varies.
Issues identified are less significant but opportunities that could enhance operations exist.

Program Integration and Coordination (Moderate Risk)

Program integration and coordination involves a national strategy to support the integration and prioritization of resources across the whole of the Department. It helps improve the overall consistency of practice and the efficiency and effectiveness of the program.

Strategic Direction and Integration of Program Practices

While communication channels and training exist, both have opportunities for improvement in ensuring integration and consistency across the Department. Further, inconsistencies between regions, DFO and CCG are reducing the ability of the program to ensure goals and objectives are achieved.

It was expected that open and effective channels for communications and feedback would be in place and that employees would receive the necessary training to support the discharge of their responsibilities. It was also expected that the OHS program would be integrated across regions and between DFO and CCG to ensure a coordinated approach to achieving goals and objectives.

We found that the Department has communication channels in place that are well defined and use a variety of methods to communicate OHS information. We also found that the current governance structure supports open and effective channels of communication between OHS and employees and that employees are aware of the ways to raise concerns and provide feedback. Despite this, we found that communications between DFO and CCG are not integrated and communications between regions and national are not always effective. Specifically, in site visits, we found that some managers and OHS personnel were not aware of recent memorandum of decisions that had been made over the last couple of years, indicating some weakness in the effectiveness of some of the communication channels. Similarly, we found that National OHS was not always aware of what the regions were doing, especially in terms of training.

Also, while the Department has training material available at the national level, we found that the manager/supervisor training has not been rolled out consistently across regions. The Department has recently moved to online training for employees which allows for consistent and on-demand training across the Department, though, the manager/supervisor training varies depending on the region where it is being delivered with the course ranging in length from half a day to three days. Further, one region has not offered manager/supervisor training since May 2016. We also found that differences between the DFO and CCG processes make it difficult to offer training to mixed groups of managers. For example, DFO uses Hazardous Occurrence Investigation Reports (HOIRs) to report hazardous occurrences while CCG uses Incident Investigation Reports (IIR) and both, while having many similarities, also have different processes.

Finally, inconsistencies and a lack of integration were also found in other areas of the OHS Program. For example, the method of collecting results and the level of effort required to obtain data for external reporting is inconsistent across regions with no evidence of consistency or coordination between DFO and CCG found. This results in each area having to develop their own methods of collecting information which can result in duplication and a lack of confidence in the completeness and accuracy of the data. Further, CCG and DFO sometimes use different terminology and definitions which makes it difficult to ensure that all data collected is comparable and useable for assessing overall performance or issue identification.

This is important because inconsistent approaches and prioritization in the areas of development, communication, measurement and monitoring of strategic priorities could affect the ability of the Program to meet its objectives efficiently and effectively. Further, increased consistency of OHS practice is even more important in the decentralized environment with the complex accountability structures that exist within the Department to ensure that all parts of the OHS Program are working together towards the achievement of consistent goals and objectives. Finally, without adequate coordination, there is an increased risk of duplication, inefficiencies and incomplete or inaccurate information which could affect the ability of the program to achieve its objectives.

Recommendation 1: It is recommended that the Assistant Deputy Minister (ADM), HRCS, RDGs, Deputy Commissioner of Operations (DC Ops) and ACs develop and communicate a plan to integrate key OHS processes and practices throughout DFO and CCG, including consideration of whether a central coordination function would help improve consistency and integration.

Management Response:

The ADM HRCS will work with RDGs, DC Ops and ACs to develop an Action Plan, with milestones, to:

  • Align DFO and CCG OHS policies;
  • Address inconsistencies with the current OHS service delivery model (including a review of service provision to the three CCG regions);
  • Improve communications between DFO, CCG and Regions; and
  • Provide clearly articulated roles, responsibilities, accountabilities and authorities that facilitate program coordination and monitoring.

Proposed Due Date: September 2018 for development of the action plan

The ADM, HRCS, RDGs, DC Ops and ACs will implement the Action Plan, including the delivery of targeted communication tools.

Proposed Due Date: November 2018 to start the implementation of the action plan with full implementation by September 2019

Governance

The OHS program’s governance structure provides some oversight and support to the program, however, opportunity for improvement exists with regards to monitoring activities.

It was expected that the OHS program would have in place a governance structure that provides oversight and support towards delivering the program consistently, effectively and efficiently in accordance with OHS laws, regulations and policies.

Overall, we found that OHS and Senior Management Committees review and approve OHS information on a regular basis. In particular, we found that the Safety, Security and Emergency Management Oversight Committee (SSEMOC), the senior committee responsible for providing direction and collective management of SSEM, which includes OHS, was active in reviewing and approving OHS documents as well as providing monitoring or performance, such as training and Task Hazard Analysis (THA) stats until early 2016. However, while the committee continues to review and approve OHS documents secretarially, SSEMOC has not formally met since June 2016. As such, no evidence of their continued monitoring and addressing of non-compliance since that date was found.

Similarly, in terms of monitoring practices within the OHS Program, we found that they are not being done in a consistent manner. Specifically, in interviews, only 1 out of 18 Department Managers mentioned their responsibility for following-up on OHS incidents and none mentioned monitoring the implementation of recommendations or documenting any monitoring that they were carrying out. Also, only 3 of the 13 OHS committee members interviewed mentioned any responsibility for following up on outstanding actions from previous work, which suggests a lack of awareness of their roles and responsibilities related to monitoring. This lack of follow-up on remedial actions can also be seen in the same issues being found in subsequent compliance, monitoring or audit work.

Finally, we found that while the OHS group collects OHS information for various reports, there was no evidence of coordination of these various reporting and compliance activities to help ensure adequate monitoring of the overall OHS program. Specifically, we found that most of these reporting activities were being carried out to meet external reporting requirements and were not being consistently used to monitor performance of the OHS Program.

Without strong governance and monitoring systems in place, there is increased risk that issues identified will not be fully addressed. This could result in goals and objectives not being met, especially in the case of OHS preventable injuries to employees or other stakeholders.

Recommendation 2: It is recommended that the ADM, HRCS, RDGs, DC Ops and ACs implement consistent and timely monitoring practices, including follow-up on remedial actions that identify roles and are supported by reliable and complete information for decision making.

Management Response:

The ADM, HRCS and RDGs as supported by the DC Ops and ACs will implement consistent and timely monitoring practices through:

  • The completion of the existing Annual Hazard Prevention Program (HPP) report cycle for 2017 (including NPHSC review of implementation plan and corrective actions) and review the frequency of future reporting cycles based on results (legislative requirement is every three years) as well as CCG’s SMS requirements (i.e. risk registers).

Proposed Due Date: December 2019, noting the following timelines:

  • June 2017 - regional report completed;
  • September 2017 - presentation to Regional Health and Safety Committees for review and recommendation of an HPP Action plan to regional management;
  • December 2017 - presentation to the National Policy Health and Safety Committee for review and recommendation of an HPP Action Plan for Executive Table; and
  • Review of the results of the plan, one year after regional approval (September 2019) and national approval (December 2019)
  • Clear RDG, DC Ops and AC oversight to ensure that RHSCs abide by their mandates to monitor and report on remedial actions as required.

Proposed Due Date: April 1, 2018

Risk Management

In 2014/15, SSEM prepared a detailed risk assessment to be used to identify priorities and resource allocation; however, no evidence was found to demonstrate that this risk work was ever used in oversight, operational, and resource allocation decisions within OHS.

It was expected that risk work would be considered in oversight, operational and resource allocation decisions. In particular, it was expected that resource allocations would be based on risk information in line with the Treasury Board OHS Policy which states that “departments must assign departmental OSH personnel according to the size, complexity and operating risks of the department.”

In 2014, senior management mandated the Departmental Security Officer (DSO) to conduct a comprehensive review of the departmental occupational health and safety, security and emergency management programs. As part of this review, in 2014/15, SSEM prepared a detailed risk assessment to be used to identify priorities and resource allocation. This risk work was presented to the Executive Table and later fed into the 2016 Departmental Safety Security Emergency Management Plan; however no evidence of it being used for resource allocation or priority setting was found. This is consistent with the results of interviews with DFO and CCG OHS management where none of them felt that resource allocations were based on risks. While one OHS interviewee was able to provide information on how resource allocations were made in 1998 or 1999, none of the interviewees were sure of how the current resource allocations were made. Further, since the 1998 resource allocation, no evidence was found to demonstrate that any changes to resource allocation have occurred in response to changes to the number of employees or roles and responsibilities to help facilitate the achievement of objectives.

Similarly, in the area of oversight, while there is significant reporting and compliance work being done, most of it did not have evidence to demonstrate that it is based on an assessment of risks or that priorities in this area are established to address the areas of greatest risk. While the audit schedule for DFO OHS was determined by SSEMOC after a review of the comprehensive review and the related risk assessment, most of the reporting and compliance work is being carried out on a cyclical basis rather than a risk basis. Also, no evidence was found to show that what is included within each of the compliance or reporting work is based on risks.

This is also consistent with what was found in the area of operations. During the audit, several OHS advisors mentioned that they did not have time to complete all of their core tasks. However, no evidence was found of the consideration of risks in identifying priorities for advisors to ensure goals and objectives would be met.

The use of risks in determining resource allocations, priorities and oversight is essential within any area that has limited resources to help ensure that those resources are focused on areas that will have the greatest likelihood of helping to achieve goals and objectives. Without the consideration of risk information, resources may be diverted to areas of less importance resulting in goals and objectives not being met.

Recommendation 3: It is recommended that the ADM, HRCS, RDGs, DC Ops and ACs consider integrating risks and risk management principles with other key OHS practices, including: Resource Allocation/Reallocation, Oversight, Operational Planning, and Project Planning.

Management Response:

The ADM HRCS, RDGs, ADMs, DC Ops and ACs will undertake a review of the current OHS organizational structure to ensure it meets the TBS Occupational Safety and Health Policy requirement to “assign departmental OHS personnel according to the size, complexity and operating risks of the department”. This will include the integration of risks and the application of risk management principles to ensure proper resource allocations, oversight, operational and project planning.

Proposed Due Date: Review and recommendations by March 2019

Roles, Responsibilities and Accountabilities (Moderate Risk)

According to the Treasury Board Secretariat (TBS), “accountability is the means of explaining and enforcing responsibility. It involves rendering an account of how responsibilities have been carried out; taking corrective action and fixing any problems that have been identified; and, depending on the circumstances, accepting personal consequences if the matter is attributable to the office holder’s own action or inaction.”Footnote 6 Additionally, roles and responsibilities need to be clearly defined and communicated to those who are responsible for the achievement of the program’s objectives. When roles and responsibilities are clear, employees are aware of their limits and know where to seek the expertise required when making decisions. Lack of clarity in roles and responsibilities can lead to uninformed decisions, ineffective use of resources, and inadequate control.

Roles and Responsibilities are defined, documented and communicated; however, they are generally not well understood or consistent. Further, while accountabilities for the Department as a whole are outlined in the CLC Part II, internal accountabilities are not well defined, documented or understood.

It was expected that roles, responsibilities and accountabilities would be defined, documented, communicated and understood. It was also expected that roles, responsibilities and accountabilities across DFO and CCG would be consistent and integrated to help ensure efficient and effective operations and achievement of OHS goals and objectives.

Roles, responsibilities and accountabilities: Defined, documented, communicated and understood

We found that the Department has defined and documented roles and responsibilities for OHS and Violence in the Workplace within OHS policies, procedures, manuals and related documents. In particular, the Hazard Prevention Program (HPP) Implementation Plan stood out as one of the best documents in this regard, with a chart showing different categories of stakeholders and what responsibilities each had for each OHS area under the HPP. Similarly, most interviewees felt that their roles and responsibilities were clear and communicated, although some interviewees stated that the volume and length of documentation available impedes the clarity and accessibility of these documented roles and responsibilities.

The roles and responsibilities for mental health however, are not well defined or documented within the OHS Program. While the majority of interviewees stated that mental health was part of OHS, none of the OHS documents identified mental health roles, responsibilities or accountabilities. While this is due to mental health not being currently integrated into OHS at DFO, integration is considered a best practice as outlined in the CSA Psychological Health and Safety Standard which states that “the psychological health and safety system should be consistent with integration into the existing, and future, organizational policies and processes, including occupational health and safety, across the organizational structure.”Footnote 7

Also, while there are clear accountabilities for the Department in the CLC Part II, accountability within the Department is not as clear with weakness found in the area of authority to enforce OHS accountability across the Department. This has resulted in a lack of understanding of accountabilities with some interviewees expressing that the OHS group has accountability and authority on OHS matters despite DFO OHS being only an advisory group with no authority to enforce responses or actions related to OHS. Further, where accountability is defined, it is complicated by the Program’s structure which is comprised of 6 RDGs, 3 ACs, a DFO National OHS manager, a CCG Director of Safety and Security and a Senior Director of National SSES. While the RDGs and ACs provide line direction and are responsible for the delivery of the regional OHS programs, they are not accountable to the national program. Challenges in maintaining a consistent approach to program delivery and enforcing accountabilities resulting from this complex matrix management model were observed. For instance, while the DSO can, and does, advise RDGs and ACs as to OHS program delivery, authority to implement and enforce remains the RDG’s responsibilities. Also, when RDGs or ACs decide to reallocate OHS resources to other priorities, or to not follow the advice of the DSO, there is no requirement to report this back to the National OHS office.

Finally, based on a comparison of roles, responsibilities and accountabilities identified by interviewees and those documented within the OHS Manual and HPP Implementation Plan, we found that most groups, with the exception of employees, did not have a good understanding of their roles and responsibilities. This was particularly evident with departmental managers and supervisors who, as a group, identified less than half of their OHS roles and responsibilities. An example of this lack of understanding was found in many site visits where we observed weaknesses in regular management inspections of hazardous materials. The responsibility for regularly inspecting hazardous materials is documented within the manager’s training manual; however many managers were not aware of this responsibility. Related to this, some sites that are also covered by the National Environmental Compliance Audit Program (NECAP) may be relying on NECAP to cover all OHS related issues regarding hazardous materials. NECAP though is focused on environmental issues related to hazardous materials and specify that they do not cover health and safety aspects, even where there is overlap. The OHS program at DFO relies heavily on Departmental managers and supervisors completing their roles and responsibilities to achieve its objectives. If this group is not aware of their roles and responsibilities or those of others, there is a risk that the program will not operate efficiently and effectively which could impact its ability to achieve its goals and objectives.

Consistency and Integration of Roles, Responsibilities and Accountabilities

Also, we found that despite the roles and responsibilities being documented and defined, they are not always consistent across DFO regions and between DFO and CCG. For example, some DFO regions are using out-dated tools and documentation or have developed area specific tools, procedures or guidance, that require different roles and responsibilities.

Further, while much of the regional differences found are the result of the complicated management matrix structure mentioned earlier, the most significant differences were found to be between DFO and CCG, as both functions operate with minimal integration. Although DFO and CCG have been working together on some integration at the national level, regional interviews revealed that inconsistencies remain significant, resulting in confusion and duplication of work.

While many of these inconsistencies are a consequence of having two separate programs, others are the result of the current organizational structure; specifically, DFO’s 6 regions versus CCG’s 3. As a result, especially in the Atlantic, where DFO has 3 regions versus 1 for CCG, there is often confusion over which OSH office is responsible for which CCG employees or sites. Some CCG interviewees stated that this can result in them not being able to get sufficient or timely OHS information.

Without integration of the DFO and CCG programs, confusion over roles and responsibilities may result in work being duplicated, or critical components of the program not being completed. It will also make it difficult for the Department to ensure consistent protection of employee’s OHS, especially in areas where DFO and CCG functions overlap.

Recommendation 4: It is recommended that the ADM, HRCS, RDGs, DC Ops and ACs ensure roles, responsibilities, accountabilities and authority are better understood through additional clarification, simplification and education, and that opportunities for further alignment within and between DFO and CCG be considered.

Management Response:

The Action Plan developed in response to Recommendation 1 will include the clear definition of roles, responsibilities, accountabilities and authorities.

Proposed Due Date: September 2018 for development of the action plan

The ADM, HRCS in consultation with Regions and CCG will develop a toolkit to facilitate easy access to existing OHS policies and documented roles and responsibilities.

Proposed Due Date: September 2018

The ADM HRCS will develop and implement an updated mandatory manager/supervisor OHS refresher training course (classroom and online), with required completion every 5 years to ensure roles and responsibilities are well understood.

Proposed Due Date: May 2019 noting this work has already started with the following anticipated timelines:

  • April 2018 - launch of classroom training pilot and consultation with the regions;
  • September 2018 - distribution of the final training package;
  • October 2018 - launch of the contracting process for the online training; and
  • May 2019 - launch of the online refresher training

Information to Support Decision-making, Oversight and Governance (Moderate Risk)

According to TBS, “information is an essential component of effective management across departments. The availability of high-quality, authoritative information to decision makers supports the delivery of programs and services, thus enabling departments to be more responsive and accountable”Footnote 8.

The audit found that the OHS program lacks the necessary accurate, complete and timely information to support decision making, oversight and governance.

It was expected that there would be accurate, complete and timely information available to support decision making, oversight and governance. It was also expected that there would be tools in place to support access to this information.

Tools to Support Decision-Making, Oversight and Governance

We found that the OHS Program has the policies, procedures and guiding documents needed for users to be able to carry out their responsibilities; however, the Program lacks a management information system capable of gathering, compiling and presenting information in useful readable formats to support decision-making. Also, the lack of a management information system, such as a DFO central repository or database, makes it difficult to track cases of non-compliance and monitor implementation of subsequent action plans. Specifically, every interviewee asked stated that they were dissatisfied with the current reporting system’s ability to provide information needed to support decision-making.

Reporting and Monitoring

Also, for some OHS processes, such as the HOIR, each region is expected to have in place its own system for reporting, tracking and trend analysis. This results in a duplication of effort, incompatible tracking systems, increased risk of incomplete information and difficulty in identifying national trends or issues. This was also observed in the area of tracking and monitoring, where both OHS committees and regional OHS groups are expected to implement a tracking and monitoring process resulting in duplication and inconsistent information.

Further, based on interviews and document review, we found that in most cases, with the exception of the CCG FS3 database, OHS is not leveraging technology to reduce duplication and level of effort or to improve reporting and monitoring information. This makes trending and monitoring of macro issues difficult and time-consuming. The only national system in use (except the CCG FS3) is PeopleSoft which currently is used for inputting OHS training. Managers and OHS employees interviewed said that it is difficult to extract reports from PeopleSoft and the data contained therein is incomplete or inaccurate. Instead, each region (and several sites) enters data into systems they have created using applications such as Excel and MS Access. As a result, Regional OHS offices are challenged with trying to obtain consistent, accurate and complete OHS information and reports.

Accuracy, Completeness and Timeliness

DFO OHS Managers also indicated that the information they receive to manage OHS is not sufficient, timely, complete or accurate, especially with regards to the Hazard Prevention Program, Hazardous Occurrence Incident Reports, training and Workers Compensation Board (WCB) Information. This is consistent with our experience where significant time and effort were required before we could obtain WCB numbers for the Department.

Further, while there are guidelines and templates in place to facilitate the process of reporting, completion and submission of these is inconsistent across regions. Some regions, when asked to provide specific reports or information were unable to do so, while many others that did were found to have incomplete information. As well, a review of a sample of HOIRs found inconsistency in the template being used with some being incomplete or completed a significant time after the incidents occurred. This demonstrates a lack of accurate and complete information being available for decision making.

Finally, during site visits, some OHS groups stated that they did not always receive the information or documents they would need from sites or sectors to be able to provide complete and accurate information.

Without accurate and complete information, decision-makers will have difficulty making informed decisions. This could put the ability of the program to achieve goals and objectives at risk and could also result in additional, preventable injuries of employees or stakeholders.

Recommendation 5: It is recommended that the ADM, HRCS, RDGs, DC Ops and ACs obtain or develop an information database with monitoring and reporting tools and standard information requirements to support information for decision-making, monitoring and reporting to help ensure that appropriate information is available to support the program accountabilities.

Management Response:

In consultation with the RDGs, DC Ops and ACs, the ADM, HRCS will:

  • Complete a requirements and options analysis for an information database to meet departmental requirements (including assessing the MAXIMO system, the pilot system developed by the Quebec region and systems used by other Departments).

Proposed Due Date: Business Analysis to begin in April 2018 and Options Analysis to be completed by the end of FY 2018-19

  • Implementation to be determined based on requirements analysis.

Proposed Due Date: TBD (dependent on option adopted)

Audit Opinion

The audit found that there are opportunities for improvement to ensure the adequacy of the Occupational Health and Safety program, in particular in terms of program integration. While there is an OHS governance framework in place, it could benefit from better understood, roles, responsibilities and accountabilities. Opportunities also exist to enhance the operational planning and management process by ensuring decisions are risk-based. Finally, the monitoring and reporting framework requires a central database or repository to ensure access to complete and accurate information for decision making and trend analysis.

Statement of Conformance

In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The extent of the examination was planned to provide a reasonable level of assurance with respect to the audit criteria. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed on with Management. The opinion is applicable only to the entity examined and within the scope described herein. The evidence was gathered in compliance with the Treasury Board Policy and Directive on Internal Audit. The audit conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the Quality Assurance and Improvement Program (QAIP). The procedures used meet the professional standards of the Institute of Internal Auditors. The evidence gathered was sufficient to provide Senior Management with proof of the opinion derived from the internal audit.

 

Appendix A: Lines of Enquiry and Audit Criteria

The audit criteria are presented in the table below, by audit line of enquiry.

Audit Criteria
Line of Enquiry 1 - Governance
Criterion 1.1: Management demonstrates leadership over OHS through communications to all staff and enforcement of legal requirements.
Criterion 1.2: Roles, responsibilities, and accountabilities are clear, consistent, documented and understood (for OHS committees, representatives and advisors, management and employees).
Criterion 1.3: Effective channels exist for internal communications and feedback.
Criterion 1.4: Internal communications and feedback are considered and responded to.
Line of Enquiry 2 - Risk Management
Criterion 2.1: Management allocates resources based on risks to facilitate the achievement of objectives.
Line of Enquiry 3 - Control Processes
Criterion 3.1: Employees are provided with the necessary training, tools, resources and information to support the discharge of their responsibilities.
Criterion 3.2: OHS has in place a rigorous system to identify and address cases of non-compliance with acts, regulations, policies and directives.
Criterion 3.3: Hazardous material, including chemicals, is stored in a manner consistent with laws, regulations, policies and directives.
Criterion 3.4: OHS leverages technology or best practices to ensure reporting and processes are streamlined to minimize administrative burden and non-value added activities.
Criterion 3.5: Management receives accurate, complete and timely information to manage OHS.
Criterion 3.6: Reporting is complete, accurate and used for decision-making.

 

Appendix B: Acronym Listing


ACs Assistant Commissioners
ADM Assistant Deputy Minister
CCG Canadian Coast Guard 
CLC Canadian Labour Code
DC Ops Deputy Commissioner of Operations
DFO Department of Fisheries and Oceans
DSO Departmental Security Officer
HOIRs Hazardous Occurrence Investigation Reports
HPP Hazard Prevention Program
HRCS Human Resources and Corporate Services
IIRs Incident Investigation Reports
NECAP National Environmental Compliance Audit Program
OHS Occupational Health and Safety
RDGs Regional Director Generals
SMS Safety Management System
SSEM Safety Security and Emergency Management
SSEMOC Safety, Security and Emergency Management Oversight Committee
SSES Safety, Security, and Emergency Services
TBS Treasury Board Secretariat
The Department Fisheries and Oceans Canada
The Program Occupational Health and Safety Program
WCB Workers’ Compensation Board

 

Footnotes