The Framework for the Management of Risk (the Framework) is effective as of August 27, 2010.
The Framework will be supported by learning resources, which will replace the Treasury Board Integrated Risk Management Framework (2001) and the Integrated Risk Management Implementation Guide (2004).
In a dynamic and complex public sector context, risk management plays a significant role in strengthening government capacity to recognize, understand, accommodate and capitalize on new challenges and opportunities. Effective risk management equips federal government organizations to respond actively to change and uncertainty by using risk-based information to enable more effective decision-making. In turn, increased capacity and demonstrated ability to assess, communicate and manage risk builds trust and confidence, both within the government and with the public.
For the Government of Canada to continually improve the way it delivers services to Canadians, it is important that its management regime fosters flexibility, seeks opportunity and focuses on results. Integral to such a regime is effective risk management. The principles-based approach to risk management articulated in this Framework provides the flexibility to departments and agencies to tailor management solutions to their mandate and objectives. In addition, it enables strategic, risk-informed oversight and less transactional involvement of the Treasury Board and Treasury Board Secretariat in supporting department and agency management initiatives.
In order to foster this type of risk-informed culture and capacity to fully realize performance improvements within federal organizations, strengthened risk management approaches must be reflected across all business practices. Failure to effectively manage risks can result in increased program costs and missed opportunities, which can compromise program outcomes, and ultimately public trust. In contrast, sound risk management is fundamental to effective public administration as it can lead to a more effective, results-based, and high performance government. Key terminology related to risk management is defined in Appendix A.
As one of the three core frameworks guiding Treasury Board policies and management instruments, the Framework for the Management of Risk provides Deputy Heads with principles to embed risk management as a critical element in all areas of work, at all levels of their organization. The risk management principles outlined in this Framework complement the conceptual model for policy renewal set out in the Foundation Framework for Treasury Board Policies as well as the considerations for managing compliance identified in the Framework for the Management of Compliance.
The Framework for the Management of Risk outlines the risk management principles to guide Deputy Heads in the effective management of their organizations in all areas of work, including policy and program implementation. These principles apply to all Treasury Board policies, including the individual policies of the renewed Treasury Board Policy Suite, and guide the Treasury Board Secretariat in its policy development, enabling and oversight roles. These three core Frameworks are put in place to enable more effective management of federal organizations by promoting accountability, transparency and supporting risk-informed decision-making, which is recognized as a leading management practice.
Specifically, the principles contained in the Framework for the Management of Risk have shaped the design and choice of implementation approaches for particular Treasury Board policies (e.g. Policy on Internal Audit, Policy on Internal Control, Policy on Transfer Payments, Policy on Investment Planning), and will continue to be refined and adjusted based on emerging trends and lessons learned from their implementation.
Key linkages with other Treasury Board instruments are outlined in Appendix B. The current list of Treasury Board policies can be found on the Secretariat's web site.
The purpose of this Framework is to provide guidance to Deputy Heads on the implementation of effective risk management practices at all levels of their organization. This will support strategic priority setting and resource allocation, informed decisions with respect to risk tolerance, and improved results.
To achieve this purpose, the Framework provides principles and guidance for Deputy Heads to consider in their role as leaders of sound risk management practices and risk management integration within their organizations. For the purposes of the Framework, departments and agencies are those defined in section 2 of the Financial Administration Act.
Effective risk management, supported by this Framework, and associated learning resources, will enable Deputy Heads to:
The following risk management principles inform the development of, and apply to, all Treasury Board policy instruments, some of which have embedded risk management requirements specific to their policy coverage. These principles are grounded in federal public service values and ethics, and guide and underpin effective risk management across the federal government. The principles support Deputy Heads, and their departments and agencies, in taking risk-informed approaches to management decisions and in demonstrating and verifying that risks are successfully identified, assessed and managed within their respective organizations.
To that end, effective risk management in the federal government should:
In addition, Treasury Board policy instruments and associated oversight activities are aligned with the above and also guided by the following principles:
Learning resources to support the practical application of these principles by departments and agencies, including the 2010 Guide to Integrated Risk Management, are available on the Treasury Board Secretariat's web site.
Deputy Heads are responsible for managing their organization's risks by leading the implementation of effective risk management practices, both formal and informal. In doing so, Deputy Heads are encouraged to apply the principles outlined above in section 5.
A key role of the Deputy Head is to ensure that risk management principles and practices are understood and integrated into the various activities of their organization. Deputy Heads are also responsible for monitoring risk management practices in their organizations, as well as considering risks that arise when partnering with organizations within and external to the federal public service. This includes ensuring that issues affecting the organization's risk management approach, whether identified through assessments or internal and external monitoring, are examined, reviewed and addressed effectively.
In addition, Deputy Heads play an important role in creating a learning environment that promotes continuous improvement in risk management competencies and capacity within their organization. Through their leadership, Deputy Heads foster a risk-informed organizational culture that supports risk-informed decision-making, enables dialogue on risk tolerance, focuses on results and enables the consideration of both opportunity and innovation.
A key element of the Treasury Board's role, as well as the role of its Secretariat, is to encourage management excellence in government through leadership, guidance, monitoring, review and oversight, pursuant to the authority given in the Financial Administration Act.
To fulfill this role in the domain of risk management, the Treasury Board and the Secretariat provide guidance, tools and expertise to support departments and agencies in implementing a risk-informed approach to management. This also includes performing a leadership role by sharing information and fostering good practices on risk management and risk-informed approaches.
The Secretariat also monitors and assesses departmental and agency performance on risk management through such means as the Management Accountability Framework, and reviews of internal and external audits. These assessments may be used to inform discussions between the Secretary of the Treasury Board and Deputy Heads.
Evidence that a federal department or agency has effective risk management practices in place may lead to Treasury Board and Secretariat oversight being adjusted to an organization's capacity for managing risk, where circumstances permit. Conversely, ineffective risk management may lead to additional controls and oversight. Where necessary, the Secretariat may encourage deputy heads to undertake appropriate remedial measures in support of their responsibilities for the monitoring of risk management within their organization.
All enquiries regarding this Framework, as well as its supporting guides and tools, should be directed to:
Centre of Excellence on Risk Management
Priorities and Planning Sector
Treasury Board of Canada Secretariat
140 O'Connor Street
Ottawa, Ontario K1A 0G5
The 2010 TBS Guide to Integrated Risk Management and other risk management guides and tools, will be available on the Treasury Board Secretariat's web site.
The Framework for the Management of Risk is a core element of the Treasury Board Policy Suite. As such, it needs to be considered along with the two other core frameworks:
While the Framework for the Management of Risk does not have directly associated policies, the principles contained herein take form through embedded risk management requirements across the renewed Policy Suite. Key examples are provided below, as they relate to the areas of management responsibility covered by the Policy Suite.