Fisheries and Oceans Canada
Symbol of the Government of Canada

Corporate Risk Profile


July 2006

Table of Contents

1.0 Introduction

1.1 Background

1.2 Objective and Scope

1.3 DFO’s CRP Background

1.4 Methodology

1.5 Use of the CRP in 2006-2007

2.0 Risk Profile at a Glance

3.0 Detailed Risk Information

3.1 Human and Knowledge Capital

3.2 Alignment

3.3 Infrastructure

3.4 Environment

3.5 Conservation

3.6 Clients and Partners

3.7 Legal and Statutory

3.8 Public Communication


1.0  INTRODUCTION

1.1 Background

Government-wide expectations of good governance and modern comptrollership emphasize that organizational risks should be considered in all planning and delivery activities, both at the strategic and operational level. In April 2001, the Treasury Board Secretariat (TBS) developed the Integrated Risk Management (IRM) Framework to guide federal government departments in incorporating IRM into management practices, through a comprehensive organization-wide approach to managing risks.

IRM is an explicit and systematic approach to managing strategic, operational and project risk to organizational objectives, from an organization-wide perspective. Its main benefits can be felt in terms of enhanced performance and the achievement of objectives. TBS’s IRM Framework establishes the development and regular update of a Corporate Risk Profile (CRP) as a key step in IRM.

Complementing the IRM initiative, in June of 2003, the TBS introduced the Management Accountability Framework (MAF), which clearly states that corporate risks must be managed proactively. The MAF represents a key step forward in linking risk and performance, and embedding IRM into departmental planning and operational practices. A prime requisite within the Framework is the clear definition and incorporation of the organization’s Corporate Risk Profile into existing management and decision-making processes. The Corporate Risk Profile reflects the departmental view of high-level risks to the achievement of organizational objectives.

The following figure identifies the Risk Management indicators identified in the MAF

Figure 1: MAF Risk Mangement Indicators

1.2 Objective

The goal of developing the CRP is to provide a snapshot in time of DFO’s key risks, department-wide. The CRP is a key component of DFO’s broader IRM framework, which will incorporate risk profiles for all DFO programs, structured through the department’s Program Activity Architecture (PAA), and which, as the IRM framework within the department matures, will become a critical element of the department’s annual planning process. The CRP, along with the department’s IRM Policy reflects DFO’s leadership and commitment to the implementation of a proactive approach to the identification, assessment and management of potential risks.

1.3 DFO’s CRP Background

The Initial Corporate Risk Profile for DFO was developed in 2004. This document represents DFO’s updated CRP for 2006. The methodology used to update the CRP is described in the following section. While perhaps it may seem self-evident, it is important to note that the risks to which the department is exposed are fluid, as internal and external conditions change. As such, it is the intention that the department’s CRP will be updated on an annual basis. As IRM implementation continues to move forward at DFO, a broader set of inputs will be available, increasing the comprehensiveness and value of each subsequent updated CRP.

1.4 Methodology

A great deal of IRM work has been conducted at DFO since the development of the initial DFO CRP in 2004. The methodology used for the update of DFO’s CRP takes into account the work that has occurred: the CRP update involved the aggregation, analysis and review of the twelve risk profiles developed since the completion of the initial CRP.

Risk data was taken from the twelve risk profiles developed over the last fifteen months at DFO and aggregated into a risk database, where the risk events were analysed against the existing risk categories defined in DFO’s 2004 CRP. (Please see Table 1 below for the list of profiles used for the analysis.)

Risk Profiles

1. Conservation and Protection

IRM Pilot, Pacific Region

2. Conservation and Protection

IRM Pilot, Quebec Region

3. Provision of Scientific Advice

IRM Pilot, Pacific Region

4. Science in Support of Habitat

IRM Pilot, Central and Arctic Region

5. Marine Aids

IRM Pilot, Maritimes Region

6. Habitat and C&P

IRM Pilot, Newfoundland and Labrador

7. Introductions and Transfers

IRM Pilot, Maritimes

8. Gulf Region Management

IRM Pilot, Gulf Region

9. Aquaculture Risk Profile

National

10. Coast Guard Risk Profile

National

11. Climate Change Risk Assessment

National

12. Science Sector Integrated Risk and Performance Framework

National

Table 1: Sources of Risk Information

The risks identified in these profiles were grouped according to the corporate risk profile categories developed as part of the 2004 CRP. By grouping all of the risks into similar categories, the existing CRP risk categories underwent validation. As a result of the validation activity, the CRP risk categories were refreshed for the 2006 CRP: some categories have been removed or redefined, and new CRP risk categories have been developed to reflect the types of risks that have been identified in the risk profiles conducted since the completion of the initial CRP.

Once the data from the risk profiles were grouped by risk category, the impact and likelihood of each CRP risk category was assessed. The risks were assessed through a combination of analysing the existing risk information (i.e. the specific ratings of each risk grouped within the CRP risk category) and management judgement.

This document presents the results of these activities.

1.5 Use of the CRP in 2006-2007

The department is in the process of fully implementing IRM across all sectors and regions. The defined approach within the department is to develop national risk profiles for programs and sectors (risk profiles based on function, or "functional risk profiles") that support the Program Activity Architecture, which also provide meaningful results for management in the department’s regions. As identified in the Figure 1 below, many of these functional risk profiles have been completed to date, and DMC has endorsed the completion of the remaining risk profiles in the current fiscal year, as identified in Figure 2.

Program Activity Architecture

Program Activity Architecture

The risk profiles that have been developed to date will be used in the integrated planning process for the 2007-2008 fiscal year. In those areas where functional risk profiles are available, these will be used for the planning process. In those areas where the functional risk profiles are not available, the department-wide corporate risk profile will be used.

2.0 RISK PROFILE AT A GLANCE

The following risk map provides the results of DFO’s updated Corporate Risk Profile.

isk map provides the results of DFO’s updated Corporate Risk Profile

3.0 DETAILED RISK INFORMATION

This section provides a detailed overview of each corporate risk category identified. For each category, the risk description and key risk events are presented. Risks are presented in the order of severity.

3.1 Human and Knowledge Capital

1. Human and Knowledge Capital

Human and Knowledge Capital

Risk Description

Human and Knowledge Capital risks are those associated with maintaining a sufficient and representative workforce with the appropriate skill-mix, and the timely access to complete and appropriate information for effective operations and decision-making. From a human resource perspective, this risk encompasses the dual challenges of reduced HR capacity (i.e., insufficient numbers of resources that can be effectively deployed for key tasks), as well as insufficient HR capability (i.e., skills and experience). It also involves the risk of ineffective decision-making and resource allocation due to a lack of timely, adequate, complete or appropriate information.

Risks associated with Human and Knowledge Capital are spread broadly across the regions and affects all of the identified sectors including the Coast Guard, Fisheries and Aquaculture Management, and Science.

Risk Events

The risk events within Human and Knowledge Capital fall within the following core themes:

  1. Inability to develop and sustain sufficient human resource capacity with appropriate knowledge and experience
  2. Inability to harness knowledge for the conduct of activities.
  3. Adequacy of timely and appropriate information for decision-making.

Risk Drivers

Drivers of Human and Knowledge Capital risks are closely aligned with drivers of Infrastructure and Alignment risks, namely, funding pressures and the capital intensive nature of operations, e.g., for ships and science equipment. The key sources of risk identified are as follows:

  • Due to the increasing complexity of work done by DFO, there is a greater knowledge requirement for resources, and this knowledge requirement is expected to grow over time. The complexity of DFO’s mandate also has an implication for workload and capacity.
  • Demographic changes (i.e. ageing workforce and impending retirements) are a key driver of risk, as the necessary succession planning and strategies for transfer and/or retention of knowledge are missing or incomplete. The demographic changes paired with the lack of a sufficient supply of resources in the labour market are two key drivers of this risk category.
  • Funding pressures arise as a driver in this risk category as funding reductions have not been accompanied by reductions in responsibilities of resources. Although it is not clear, it appears that the time required to staff vacant positions is resulting in key positions remaining vacant and in an overall loss in capacity.
  • Closely related to Legal and Statutory risk, the expanding legislative and regulatory regime is leading to strains on DFO’s resource base.

Examples of Current Risk Mitigation

  • Succession planning with recommencement of the Coast Guard College Cadet Program for the Canadian Coast Guard
  • Alternate methods of hiring, e.g. casual, term hiring to deal with staffing shortages
  • Public Service Modernization Act intended to reduce staffing challenges
  • Emeritus program – retirees come back voluntarily to mentor

3.2 Alignment

2. Alignment

Alignment

Risk Description

Alignment risks are those associated with organizational misalignment of activities, priorities and financial resources to meet service expectations. This category includes risks associated with the organization’s inability to adapt to, influence, or efficiently meet organizational changes due to limited resources, insufficient priority-setting, lack of internal communications, and unclear roles, responsibilities and accountabilities.

As with the Human and Knowledge Capital risk, Alignment risks were identified broadly across the regions and affect all of the identified sectors including the Coast Guard, Fisheries and Aquaculture Management, and Science.

Risk Events

The risk events within Alignment fall within the four core themes:

  1. Insufficient funding to support attainment of objectives.
  2. Ineffective management of change, including adapting to emerging directions and priorities.
  3. Imbalanced prioritization (examples: national vs. sectoral, existing vs. emerging, short-term vs. long term, strategic vs. operational) and the associated allocation of resources.
  4. Insufficiency or ineffectiveness of internal communications.

Risk Drivers

The drivers of Alignment risk can be grouped into two categories; internal and external sources of risk. Internal sources of include the following:

  • Complexity in the structure of DFO programs including the use of area models with matrix reporting relationships;
  • Lack of formal internal communication processes to facilitate discussion of priorities, needs and technical advice;
  • Funding pressures;
  • Legislation, policies and regional reviews resulting in organizational and operational changes; and
  • Large degree of policy changes.

External sources of Alignment risk include:

  • Treaty obligations requiring different approaches across regions and areas;
  • Diversity of the region, habitat and players resulting in a multitude of needs;
  • Changes to the Provincial or Federal agendas;
  • Third party interests such as special interest groups, media, First Nations, ENGOs and NGOs, and DFO clients and partners; and
  • The use of alternative sources of funding, which may be less stable and may be perceived as a conflict of interest.

Examples of Current Risk Mitigation

  • Executive Boards for Fleet, Technical Services and Marine Programs at the CCG
  • Service Level Agreements are in place between the Fisheries and Aquaculture Management ADM and the Regional Directors General for RACOs.
  • Science Renewal, which is realigning Science to address the core priorities

3.3 Infrastructure

3. Infrastructure

Infrastructure

Risk Description

Infrastructure risks relate to hard assets and physical infrastructure such as ships, buildings, and IT infrastructure. This category encompasses the risk that organizational objectives and programs will not be adequately supported by existing infrastructure, or that infrastructure requirements will not be identified accurately or completely.

Infrastructure risks are most severe within the Coast Guard and Science sector.

Risk Events

The risk events within this category relate to having the necessary infrastructure in place to support the achievement of objectives. Key risk events include the inability to invest in or maintain infrastructure, and, the risk that appropriate assets will not be in place to meet program needs.

Risk Drivers

The drivers of Infrastructure risk also drive Alignment risk. The key sources of risk are as follows:

  • As DFO’s operations are capital intensive, there is a high degree of dependency on infrastructure. The key drivers of risk are the absence of redundancy, the ageing of infrastructure, and the actions of others, including vandalism.
  • Infrastructure risk is compounded by funding pressures. Funding for infrastructure investment must come from within existing budgets. Additionally, the level of specialization of some vessels and equipment means greater amount of funds are necessary to purchase and maintain the equipment.
  • A third area identified as driving Infrastructure risk is the apparent uncertainty in priority-setting mechanisms used for the allocation of resources towards infrastructure investments.

Examples of Current Risk Mitigation

  • Partnering with other agencies
  • Inter-sector working groups (e.g., Science and CCG) to plan future vessel requirements
  • Rental of vehicles
  • Leveraging of other funding opportunities from 3rd parties (B-base funds)

3.4 Environment

4. Environment

Environment

Risk Description

Environmental conditions resulting from natural causes or human actions that impact DFO’s ability to meet strategic and policy objectives, including sustainable resource use.

Risk Events

The risk events identified within this category relate to the environmental risks associated with climate change and the sustainability of aquaculture.

Note that the scope of environmental risk events to which DFO may be exposed is likely broader than what was captured in this CRP update. The CRP update was based on the 12 risk profiles that have been conducted within the last fifteen months, and did not capture information on such matters as environmental compliance.

Risk Drivers

The key drivers of Environment risk are human actions resulting from the competitive global environment, and environmental conditions such the makeup of Canada’s resource base (i.e. reliance on a few key resources such as salmon), climate change, and the increasing severity and frequency of weather events.

Risks associated with Environment are all related to the National region. Three of the five risk areas identified were in Climate Change with multiple sectors affected, while the remaining two were in Aquaculture.

Examples of Current Risk Mitigation

  • The aquaculture industry is making efforts to diversify use of species, e.g., rainbow trout
  • Canadian Environmental Assessment Act provisions to ensure environmental risks are identified and mitigated
  • Codes of containment in some regions
  • Provincial Health Management plans
  • Licensing of aquaculture sites
  • Regional monitoring programs
  • DFO Environmental monitoring plans

3.5 Conservation

5. Conservation

Conservation

Risk Description

Conservation risk relates to DFO’s ability to meet its conservation objectives for living marine resources. Conservation risk encompasses stock risk and the sustainability of fish habitat.

Risk Events

The risk events within Conservation relate to human actions such as voluntary compliance, and environmental conditions such as climate change.

Note that the scope of risk events related to fish habitat (including change induced by climate and human activity) is likely broader that what was captured in this CRP update. The CRP update was based on those 12 risk profiles that have been conducted within the last fifteen months.

Risk Drivers

The drivers of Conservation risk are closely related to Legal and Statutory and Environment risks, and are compounded by Clients and Partners risk.

Client and partner needs and interests, which may not be in line with DFO’s conservation and sustainability objectives, as well as public perception, drive much of conservation risk due to the resulting effect on voluntary compliance levels.

Another key driver is resource pressure (funding and human), which limits DFO’s physical presence, resulting in diminished deterrence and voluntary compliance.

Lastly, environmental changes such as those resulting from climate change drive Conservation risk.

Examples of Current Risk Mitigation

  • The Aquaculture Policy Framework has been implemented to foster the sustainable development of aquaculture in Canada
  • National Aquatic Animal Health Program (NAAHP) was put in place to protect aquatic animals from the harmful effects of diseases and to maintain the seafood industry’s competitiveness in international markets
  • Numerous initiatives with provincial agencies describing requirements for protecting fish habitat

3.6 Clients and Partners

6. Clients and Partners

Clients and Partners

Risk Description

Where DFO is reliant upon, and/or shares responsibility with external parties, risks may stem from actions or failures on the part of clients and partners, organizational misalignment with clients and partners, and inadequate or ineffective communications between DFO and its clients and partners. DFO relies on a broad range of third-parties for its programs; examples include contractors who place aids-to-navigation, shipbuilders, provincial inspectors for aquaculture sites, catch-monitors, etc.

Science and the Canadian Coast Guard are the primary areas affected by risks associated with Clients and Partners. All regions have risks related to this category.

Risk Events

The risk events within Clients and Partners fall within four core themes:

  1. Inability to create and sustain long-term partnerships in support of DFO’s objectives.
  2. Lack of capacity or other failures on the part of third parties.
  3. Ineffective communications with clients and partners.
  4. Misalignment with needs and capacity of clients and partners.

Risk Drivers

The drivers of Clients and Partners risk are closely linked with Alignment, Infrastructure and Legal and Statutory risks. This risk area is driven by potential weaknesses in partners’ capacity to fulfill obligations. The key risk sources include:

  • DFO is heavily reliant on suppliers, contractors and third-arties, e.g., for setting aids to navigation, shipbuilding, monitoring of catch. For example, in Pacific region, there are 30,000 volunteers working annually in such areas as habitat and salmon production activities, the Coast Guard Auxiliary and as volunteers for the Boards of Directors of the Harbour Authorities within the Small Craft Harbours program.
  • When priorities regarding partnerships and third party relationships change, partners who have invested in arrangements which are terminated early become frustrated and unwilling to enter into such agreements again, and this affects DFO’s ability to form and sustain long-term partnerships.
  • Resource constraints (financial and human) drive DFO’s ability to sustain partnerships and serve clients.
  • Dependency on suppliers, other departments and agencies and jurisdictions is a driver of potential risk events.

Examples of Current Risk Mitigation

  • Formalizing relationships through joint project agreements
  • Educational activities for contractors to support self-monitoring, particularly in remote areas where DFO presence is limited
  • Formal agreements/accountability accords with partners, e.g., SOA (with TC) and between Maritime Services and ITS
  • CCFAM (Canadian Committee of Fisheries and Aquaculture ministers): provincial ministers bring concerns to the federal government

3.7 Legal and Statutory

7. Legal and Statutory

Legal and Statutory

Risk Description

Legal and Statutory risk includes risk events relating to agreements, court decisions, major policy initiatives and legislative frameworks and international treaties or conventions that affect DFO activities. Risk events also include the risk of loss or damage due to misrepresentation or premeditated or malicious actions by an employee, partner or the public.

The Fisheries and Aquaculture Management sector was the primary area where Legal and Statutory risks were identified, spread broadly across the regions.

Risk Events

The risk events identified within this category span four themes:

  1. Actions of others including civil disobedience, fraud, collusion, or non-compliance.
  2. Actions of members of DFO including under-enforcement of acts and provisions, and the inability to meet service levels and agreements.
  3. Increased litigation.
  4. Adequacy of the legislative and regulatory framework to support organizational/sectoral mandates.

Risk Drivers

The two key drivers of this risk are (1) the continual expansion of legislative and regulatory requirements for DFO including the obligation to conduct consultations, and (2) the increasing environment of litigation and private prosecution, resulting from better informed and more engaged public interest groups.

This risk is compounded by the Public Communication risk.

Examples of Current Risk Mitigation

  • Regulations for Aquaculture were updated. Guidelines also exist to assist with the implementation of these regulations.
  • Issue reports and briefing notes to keep senior management aware of emerging issues
  • Increasing transparency of decision-making with user groups, to help prevent legal problems from occurring
  • The department works with First Nations Bands regarding treaty processes.

3.8 Public Communication

8. Public Communication

Public Communication

Risk Description

Negative public opinion that either directly or indirectly influences the reputation of the organization, and the execution of the organization’s mandate.

Risks associated with Public Communication were identified primarily within Fisheries and Aquaculture Management.

Risk Events

The risk events within "Reputation and Public Opinion" fall within the following core themes:

  1. Inability to manage the public’s expectations.
  2. Political pressures resulting from negative public opinion.
  3. Loss of public reputation.

Risk Drivers

Public Communication risk is compounded by Alignment risk and Clients and Partners risk.

The key driver of Public Communication risk is change. This is compounded by the existence of a better informed and engaged public (including interest groups, ENGOs, the mariner community and general public), and resistance to change where clients perceive that services are being reduced or taken away.

A second driver is funding, which limits DFO’s ability to communicate with and engage the public through outreach activities.

Examples of Current Risk Mitigation

  • "Aquaculture 101" sessions conducted in Pacific and Central and Arctic regions
  • DFO engages Canadians and environmental groups, where possible, in discussions about aquaculture and related issues.
  • Pacific Region has a strategic communications person in place to manage messaging and communication mechanisms.
  • AAROM Aboriginal Aquatic Resource and Oceans Management Program
  • Publishing key information, e.g., from Science, on the department’s web site