This archived Web page remains online for reference, research or recordkeeping purposes. This page will not be altered or updated. Web pages that are archived on the Internet are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats of this page on the Contact Us page.
Audits and Evaluations
Appendix B - MAF-Based Integrated Risk Management Framework
Governance & Strategic Directions
- There is senior management direction on the Vision for IRM (principles, framework, and processes) that is tailored and responsive to the organization's external and internal context , and that supports government-wide management of risk
- Risk is managed horizontally (across all Programs), vertically (across all levels of the organization), and functionally ensuring appropriate integration into all key planning, policy-making, delivery, and decision-making processes.
- There is ongoing senior-level oversight of: the management of risks at all levels, effectiveness of risk management arrangements, and adherence toirisk management Policy
- Guidance is provided on Risk Tolerance and risk mitigation strategies
Public Service Values
- Departmental culture recognizes the presence of risk in all activities and the need to explicitly manage risk through mitigation, or avoidance, transfer, or sharing
- Departmental culture values good risk management as a key component of managerial excellence
Results & Performance
- Relevant information on risk is gathered and used to make decisions
- Performance of the risk management arrangements toward Maturity is reported annually to senior management
- Reporting and Disclosure to Senior Management, Central Agencies, Parliament, and the Public is balanced, transparent and easy to understand.
Learning, Innovation and Change management
- Ongoing risk management learning is developed and implemented
- Change management principles and practices are applied, including planning for appropriate resources (i.e. people, systems, finances, etc.)
Policy & Programs
- Risk Management Policy defining principles, roles & responsibilities, processes, and terms is a key feature the department's risk management arrangements
- Annual risk management planning (including environmental scanning) is conducted to refine key risks, their management approaches, and to refine the departments risk management arrangements covering tolerance, stakeholders, competencies, etc
- Risk management competency needs are determined and developed covering risk assessment, risk management , and risk communications
- Information on risk is communicated timely
- External risk Communications and stakeholder engagement is carried out on an ongoing basis to ensure needs, issues and concerns, risk perceptions and mis-perceptions (GoC or stakeholders) are included in risk analysis and decision-making
- An effective balance is established between informal (intuitive) and formal (systematic, structured) risk management is established and maintained based on context, urgency and significance of risk exposure
- Risk is not mitigated to absolute minimum as a general rule which can stifle creativity and innovation. Rather, it is reduced to a tolerable or acceptable level.
- Risk-related requirements of relevant control-related authorities are incorporated: FAA, Fed AA, TBS Policies
- Indicators for results, risk and accountability managed in an integrated manner
- Risk management roles and responsibilities are integrated into the departmental accountability mechanisms (job descriptions, performance reviews, Terms of Reference, etc)