Review of Integrated Risk Management

November 2017

1850-3-012 (ADM(RS))

Reviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED

Acronyms and Abbreviations

ADM(Mat)

Assistant Deputy Minister (Materiel)

ADM(RS)

Assistant Deputy Minister (Review Services)

CAF

Canadian Armed Forces

DND

Department of National Defence

FY

Fiscal Year

IRM

Integrated Risk Management

MALA

Mission Acceptance and Launch Authorization

MSVS

Medium Support Vehicle System

OPI

Office of Primary Interest

RCAF

Royal Canadian Air Force

RCN

Royal Canadian Navy

RM

Risk Management

SUBSAFE

Submarine Safety

TB

Treasury Board

Statement of Conformance

The review findings and conclusions contained in this report are based on sufficient and appropriate evidence gathered in accordance with procedures that meet the Institute of Internal Auditors’ International Professional Practices Framework, for a review level of assurance. The review thus conforms to the International Standards for the Professional Practice of Internal Auditing as supported by the results of the quality assurance and improvement program. The opinions expressed in this report are based on conditions as they existed at the time of the review and apply only to the entity examined.

Back to Table of Contents

Purpose of Review

The purpose of this review was to do the following:

  • assess how the Department develops, communicates and implements Integrated Risk Management (IRM); and
  • generate discussion and engage with senior managers as the Department establishes the way forward for IRM.

Back to Table of Contents

Review Rationale, Objective and Scope

Rationale

  • Previous audits have observed shortcomings in the integration of risk management (RM) information in departmental processes.
  • IRM review engagement was included in the Assistant Deputy Minister (Review Services) (ADM(RS)) Risk-Based Internal Audit Plan for fiscal years (FY) 2015/16 to 2017/18.
  • Mature integration of RM ensures any organization considers risks in its priorities, plans and decision making.

Objective

  • To assess the status of IRM practices that are in place in the Department of National Defence and the Canadian Armed Forces (DND/CAF); more specifically, their alignment with central agency guidance and opportunities for improvement in the DND/CAF context.

Scope

  • The primary focus of this review was on the Vice Chief of the Defence Staff team’s coordination of IRM with regard to corporate risk mitigation, and how risk information is communicated within the DND/CAF.
  • The scope included project/initiative success stories and their alignment to the Treasury Board (TB) RM Capability Model.
  • The conduct phase of the review was performed in two stages. The corporate IRM practices were reviewed during the period from February 2016 to August 2016. The project/initiative case studies were reviewed from September 2016 to January 2017.

Back to Table of Contents

Review Criteria and Methodology

Criteria

  • IRM policy takes a principles-based approach. The TB RM Capability Model provides a diagnostic tool that allows departments to benchmark their current risk capability, and it has been used as the basis for establishing the following criteria:
    • Governance, accountability, communication and dedicated resources1 are in place to integrate RM.
    • Risk information is integrated into priority setting and decision making.
    • Risk responses are monitored for improved outcomes.
    • RM training is promoted for all staff with informal best-practices networks for continuous improvement.
    • External and internal stakeholders are consulted across the Department to enhance the organization’s risk culture.

Methodology

  • Analyzed applicable IRM policies, guidance and other key documents.
  • Interviewed and surveyed Level 12 representatives.
  • Assessed DND/CAF IRM status against the TB RM Capability Model.
  • Benchmarked IRM practices with four other government departments.
  • Interviewed staff of two other government departments that are implementing leading IRM practices.
  • Consulted with five Level 1s on potential RM case studies and analysed three cases.

Back to Table of Contents

Review Approach

The TB RM Capability Model was used to assess current DND/CAF practice at the corporate level and to understand DND/CAF practices at the project and operational level.

Back to Table of Contents

Figure 1. Review Approach. This figure shows the three aspects of the review

Figure 1. Review Approach.

This figure shows the three aspects of the review. It consists of three ovals placed next to each other. The middle oval is smaller and overlaps the other two ovals. The left-most oval has a solid line around it. It is titled IRM Practice and states: “Review current state of IRM practice in the DND/CAF at the corporate level.” The middle oval has a dotted line around it. It is titled Criteria: RM Capability Model. The right-most oval also has a solid line around it. It is titled Case Studies in DND/CAF (operational/project level) and lists Description, Top Success Factors and Benefits/Observations.

This review engagement used the criteria derived from the TB RM Capability Model. However, it is recognized that TB IRM policy takes a principle-based approach, and that departments have flexibility in how they adapt TB policy and guidance to their operating context and strategy. Additionally, evolving corporate culture plays an important role in risk-informed decision making. A summary assessment of the current state of IRM practice in the DND/CAF at the corporate level can be found in Annex B.

Case Studies in the DND/CAF

  • Initiatives/projects were analyzed as case studies that portray good RM practices with the intent to share those examples across the organization.
  • Five Level 1s identified a total of 12 initiatives/projects. Three of those initiatives/projects were selected.
  • The subject matter experts of the selected initiatives/projects identified the factors that contribute to effective RM within their initiatives/projects.
  • Detailed information on the case studies reviewed can be found in Annex C.

Back to Table of Contents

Figure 2. Case Study Selection. This figure shows the three case studies chosen for assessment and illustrates the type of information that was gathered.3 4 5

Figure 2. Case Study Selection.

This figure shows a triangle subdivided into four smaller triangles: three exterior triangles and one reversed inner triangle. The three exterior triangles identify the three selected case studies. The top exterior triangle is titled Royal Canadian Navy: Submarine Safe (SUBSAFE) Program. The bottom left exterior triangle is titled Royal Canadian Air Force: Mission Acceptance and Launch Authorization (MALA). The bottom right triangle is titled Assistant Deputy Minister (Materiel): Medium Support Vehicle System (MSVS) Project. The inner triangle specifies the gathered information from each of the selected case studies: Description, Top Success Factors, and Benefits and Observations.

Background─Definitions

Risk: The effect of uncertainty on objectives. It is the expression of the likelihood and impact of an event with the potential to affect the achievement of an organization's objectives.

Risk Management: A systematic approach to setting the best course of action under uncertainty by identifying, assessing, understanding, making decisions on and communicating risk issues.

Integrated Risk Management: A continuous, proactive and systematic process to understand, manage and communicate risk from an organization-wide perspective. It is about supporting strategic decision-making that contributes to the achievement of an organization's overall objectives.

Source: TB Secretariat. The Framework for the Management of Risk, August 2010.

Back to Table of Contents

Background─RM Guidance

The DND/CAF IRM policy has not been updated since 2007 to align with the current TB framework and the standards from the International Organization for Standardization.

Figure 3. RM Guidance. This figure shows the evolution of IRM guidance and policies since 2001.

Back to Table of Contents

Figure 3. RM Guidance.

This figure consists of a timeline that shows the evolution of IRM guidance and policies since 2001. The timeline is a long blue horizontal line that stretches from left to right. A year is indicated above each marker. Underneath each marker, the stage of IRM guidance and policy evolution is indicated. The first marker indicates 2001 when the TB IRM Framework was established, followed by the TB IRM Implementation Guide in 2004. Next, the DND/CAF IRM Policy and Guidelines were created in 2007. Then, in 2009, the International Organization for Standardization were developed Standards 31000: RM – Principles and Guidelines. Finally, 2010 is the final marker and shows the development of the TB Framework for the Management of Risk.

Context─Overview of IRM in the DND/CAF

  • The Defence Plan considers bottom-up risk when assigning top-down mitigation tasks that ensure DND/CAF priorities are achieved.
  • At the strategic level, eight corporate risks (including one opportunity) have been identified.
  • At the operational level, Level 1s are tracking and mitigating business plan risks and capitalizing on opportunities.

Back to Table of Contents

Figure 4. Risk Identification and Response. This figure illustrates linkages between the Defence Plan priorities, the strategic level risks and the operational level risks.

Figure 4. Risk Identification and Response.

This figure illustrates linkages between the Defence Plan priorities, the strategic-level risks and the operational-level risks. The figure is a hierarchal triangle segmented into three levels with arrows on both sides. The bottom level of the triangle’s hierarchy is the Operational Level (Level 1s), which states “Business Plan Risks and Opportunities.” The second level of the triangle is the Strategic Level, which states “Eight Corporate Risks.” The top level of the triangle is titled DM/CDS Defense Plan Four Priorities and states “Defence tasks – more than half are related to corporate risks.” The arrow on the left-side of the triangle begins at the bottom and points towards the top of the triangle and is labelled Bottom-Up – Environmental Scan. The arrow on the right-side of the triangle begins at the top and points towards the bottom of the triangle and is labelled Top-Down – Mitigation Direction.

Observations

Figure 5. Review of IRM Observations. This figure represents the five observation themes and the summarized overall observation.

Back to Table of Contents

Figure 5. Review of IRM Observations.

This figure represents the five observation themes and the summarized overall observation. There is a large oval in the centre with arrows pointing to five surrounding circles. The centre oval is labelled Overall Observation and states “There are significant opportunities for improvement in IRM in the DND/CAF. By leveraging the RM practices that are being successfully implemented in the reviewed case studies, corporate IRM practices can be enhanced.” The surrounding circles list the specific observations in a clockwise manner. The circle directly above the centre oval is labelled Governance, Leadership and Accountability, followed by circle 2: Priority Setting and Decision Making. Next, circle 3: Monitoring Performance and Outcomes. Circle 4 is labelled Training and Continuous Learning. Circle 5, the final circle, is labelled Stakeholder Engagement and Communications.

1. Governance, Leadership and Accountability

At the corporate level, some RM practices are in place, but DND/CAF IRM policy and guidelines need to be updated, and a shared vision for corporate IRM needs to be articulated.

Good Practices

  • Terms of reference for some senior management committees include IRM roles.
  • There are three formal risk awareness briefings per year. Briefings to Level 1s are available upon request.

Observations

  • DND/CAF IRM policy and guidelines (2007) do not completely reflect the 2010 TB Framework for the Management of Risk.
  • Benchmarking with four other departments noted that dedicated DND/CAF corporate IRM staff size was lower relative to other departments. In addition, at the time of review, only one out of four dedicated positions was filled.
  • The process for the Deputy Minister / Chief of the Defence Staff to set corporate risk tolerance levels is not included in IRM policy. Most departments are struggling with determining and communicating tolerance levels, as has the DND/CAF.
  • There has been no formal communication of risk tolerances since the last approved Corporate Risk Profile in 2014.

Lesson from Case Studies

  • Case studies revealed that governance and leadership play a key role in effective RM, both in terms of support and oversight as well as awareness of RM practices (e.g., board and town halls to impart direction).

Back to Table of Contents

2. Priority Setting and Decision Making

At the corporate level, consistent use of sound and proven risk analysis techniques and information is not visible in the departmental decision-making process.

Observations

  • Of the Defence Management Committee and Program Management Board briefings reviewed, only half included references to risks or challenges.
  • Most Level 1 business plan briefs to the Investment and Resource Management Committee did not include the level of risk.
  • More than half of the business plans reviewed made no explicit linkage to corporate risks.

Lesson from Case Studies

  • The case studies indicated that sound risk assessment techniques and tools play an important role in risk analysis and contribute to decision making.

Back to Table of Contents

3. Monitoring Performance and Outcomes

With some inconsistencies, corporate-level risk monitoring of risk responses6 used to take place. However, there are no indications that monitoring is still taking place.

Observations

  • The audit team reviewed the monitoring efforts, which were in place from FY 2014/15 to FY 2015/16, and noted that the staff within Chief of Programme were tracking the action plans linked to corporate risks at that time.
  • In the Annual Performance Report 2014-15, more than half of corporate risk mitigation plans were not on target.
  • More than half of the initiatives in the Level 1 business plans for FY 2016/17 were missing performance indicators, targets or thresholds.
  • Turnover of staff and a pending revision of the Defence Plan has since negatively impacted corporate monitoring activities.

Lesson from Case Studies

  • In some cases, monitoring through tracking of risk responses was identified as a key success factor.

Back to Table of Contents

4. Training and Continuous Learning

Best practices are exchanged at the IRM Interdepartmental Working Group. However, the review found no evidence of sharing best practices within the Department.

Good Practices

Best practices are exchanged with other government departments.

Observations

  • The review found no evidence that best practices were shared between Level 1 organizations at the monthly continuous improvement meetings organized by Chief of Programme personnel and attended by Level 1 risk points of contact.
  • RM training, when mandatory, is not being tracked.
    • The Defence Learning Network website states that all managers and supervisors should take a specific IRM training course. However, only 4.1 percent of all DND/CAF personnel were identified as having recently received the specified IRM training course. It is possible that many staff have received alternative IRM training

Lesson from Case Studies

  • The case studies indicated that strong reporting mechanisms contributed to effective communications of RM lessons learned, which support improvements in RM.

Back to Table of Contents

5. Stakeholder Engagement and Communications

The DND/CAF would benefit from discussions and inclusion of comprehensive risk information in Level 1 business plans and in briefings to senior stakeholders.

Good Practices

Corporate risk owners and the Deputy Minister are engaged with other government departments.

Observations

  • Most Level 1 business plans did not document the probability of risk or distinguish between inherent or residual risk.
  • There is no evidence of risk tolerance levels in Level 1 business plans for FY 2016/17.
  • Some of the interviewees suggested that there is insufficient horizontal discussion of risks among Level 1 organizations.

Lesson from Case Studies

  • The case studies showed that documentation and communication are considered crucial for successfully managing risks.

Back to Table of Contents

Recommendation

ADM(RS) Recommendation

  1. It is recommended that the Vice Chief of the Defence Staff, in consultation with Level 1s, develop a robust DND/CAF IRM strategy that includes the following:
    • monitoring processes that use performance indicators, targets and thresholds to determine the extent of corporate risk reduction success;
    • improving the extent and consistency of Level 1 business plan risk information to better support decision making;
    • considering standardizing risk information in corporate documents;
    • holding strategic-level discussion and consultation with senior management at corporate governance bodies;
    • updating the policy/guideline such that it aligns with current guidance from TB and an assessment of required corporate-level resources; and
    • sharing of best practices and tracking mandatory training completion rates.

OPI: Vice Chief of the Defence Staff / Chief of Programme

Conclusion

There are notable opportunities for improvement in the development and implementation of the DND/CAF IRM framework. There are also opportunities for fostering a risk-aware culture, which would facilitate risk-informed decision making. Several key RM success factors were identified at the project/initiative level. Leveraging these success factors at the corporate level could significantly strengthen corporate IRM capabilities. It would also bring the DND/CAF in closer alignment with central agency guidance.

Back to Table of Contents

Annex A─Management Action Plan

ADM(RS) Recommendation

  1. It is recommended that the Vice Chief of the Defence Staff, in consultation with Level 1s, develop a robust DND/CAF IRM strategy that includes the following:
    • monitoring processes that use performance indicators, targets and thresholds to determine the extent of corporate risk reduction success;
    • improving the extent and consistency of Level 1 business plan risk information to better support decision making;
    • considering standardizing risk information in corporate documents;
    • holding strategic-level discussion and consultation with senior management at corporate governance bodies;
    • updating the policy/guideline such that it aligns with current guidance from TB and an assessment of required corporate-level resources;
    • sharing best practices and tracking mandatory training completion rates.

Management Action Plan Target Completion Date

Vice Chief of the Defence Staff accepts ADM(RS)’s recommendation.

The DND/CAF IRM policy and guidelines will be written in consultation with Level 1 principals. This policy will reflect the current TB Framework for the management of risk. It will provide direction and guidance to Level 1s regarding the methodology for establishing and communicating risk tolerance levels, risk metrics and reporting and IRM training. The policy will reinforce the requirement that Level 1 business plans and presentations to governance committees (Programme Management Board, Investment and Resource Management Committee) contain information on RM. The policy will also contain the results of a review of the Level 0 resources available to implement it. This will take the form of personnel requirements. Lastly, the policy will provide guidance on mandatory training and the mechanism with which to deliver and monitor results. The draft policy document will be refined in June 2017. It will be promulgated to Level 1s for comments in July 2017 and submitted to the Deputy Minister / Chief of the Defence Staff for approval in September 2017.

Consultation with Level 1 IRM staff was reinvigorated on May 29, 2017 with the reintroduction of the monthly IRM coordination meeting. This meeting will ensure Level 1 IRM staff share best practices and develop a robust IRM community within the DND/CAF.

The DND/CAF Departmental Results Framework will be presented for approval in October 2017. The Departmental Results Framework will facilitate measuring and reporting on IRM along programs within the Department using the Risk Chapter of the Performance Information Profile. The programme official will review the Performance Information Profile annually, at a minimum, and Chief of Programme will collect the data. Part of the data in the Performance Information Profile is the official’s assessment of the risk(s) to their program. This will form the basis of the Corporate Risk Survey, which will inform the Corporate Risk Profile. This will be briefed annually to the Deputy Minister / Chief of the Defence Staff, who in turn will issue direction and guidance on risk tolerance and risk mitigation to program officials. Program officials will implement this direction and guidance with a view towards reducing the risk to their program and in turn to the Department.

The Defence Plan will be written once Defence Policy Review is released and analyzed. The Defence Plan will articulate the way ahead for IRM. The latest iteration of the Defence Plan is expected to be completed to inform the final stages of the FY 2018/19 business planning process.

The end state is that IRM within DND/CAF will have measureable targets that are monitored and reported to the Programme Management Board bi-annually and to the Defence Strategic Executive Committee annually to better support decision making at all levels. The first brief to Defence Strategic Executive Committee will occur in March 2018. The DND/CAF IRM Policy and Guidelines document will be issued in September 2017. The draft plan will be briefed to Level 1 staff on May 29, 2017, and they will have the opportunity to contribute to its development while sharing current and past best practices.

OPI: Vice Chief of the Defence Staff / Chief of Programme

March 2018

Annex B─TB RM Capability Model Assessment

Areas of RM Excellence Initiated Developing Systematic
Governance, Leadership and Accountability RM is a result of necessity and not continuous. A RM is encouraged A RM is a priority for the organization. NI
Roles and accountabilities for RM are clear. NI
Tolerance at individual level. A Some accountability for RM on projects and governance processes include risk information. A Dedicated RM personnel is available, and risk awareness is promoted. NI
Some staff are risk aware, while remaining staff may regard RM as a process burden. A Senior management communicates risk tolerance levels. NI
Priority Setting and Decision Making Risk information is informally noted and occasionally considered. A Risk information occasionally considered for corporate and operational processes. A Consistent and coherent risk information integrated in operational and corporate processes. NI
Decisions may be based on inconsistent understanding of risk. A Consistent understanding of risk to support decision-making. NI Corporate Risk Profile or a similar risk tool enables decisions and priority setting and the seizing of opportunities. NI
Monitoring, Performance and Outcomes Limited monitoring of risk responses. A Some risk response monitoring. A Routine monitoring of risk responses with clear evidence demonstrates improved outcomes due to RM. NI
Informal monitoring of RM practice as a result of individual inquiry. A Occasional RM reviews occur to improve the process; reviews not always communicated. A Routine RM performance assessment to incorporate improvements and lessons learned - reviews communicated across organization; performance indicators embedded in RM activities. NI
RM practice may need tailoring in order to reflect the size and mandate of the organization. A Developing indicators to measure performance of risk responses which shows RM is improving outcomes. A
Training and Continuous Learning Training based on individual interest and self directed learning. A RM training targeted to some staff with limited learning resources. A RM training is promoted to all staff and in Personal Learning Plans, including senior management. NI
Informal networks in place to support best practices and continuous learning. NI
Stakeholder Engagement and Communication Limited department wide risk communication and rare external stakeholders engagement. A Occasional department-wide risk communication. A Proactive engagement on cross-sector risks internally and with external partners on interdepartmental risks. NI
Engage external partners on interdepartmental risks; Developing risk communication plan. A Communication to develop risk culture. NI

Table B-1. Summary of the Review Results. This table shows the review’s assessment of current DND/CAF IRM practices against the TB RM Capability Model.

A – Acceptable

NI – Needs some improvement

Table B-1. Summary of the Review Results.

This table shows the review’s assessment of current DND/CAF IRM practices against the TB RM Capability Model. It has seven columns and six rows. The left-most column lists the five Areas of RM Excellence. Columns two, four and six list the sub-criteria applicable to the Initiated, Developing and Systematic levels of RM capability, respectively. Following each coloured IRM practices category column is an assessment column that provides an acceptable (A) or Needs Improvement (NI) rating to each related IRM sub-criteria. Read across the row for the assessment of the IRM practices compared to the sub-criteria for each Area of RM Excellence.

Annex C─Case Studies Overview

Title Case Study 1 – Submarine Safety (RCN)

Case Study 2 – Mission Acceptance and Launch Authorization

(RCAF)

Case Study 3 – Medium Support Vehicle System

(ADM(Mat))

Description SUBSAFE is a risk-based safety management system for the RCN that supports submarine operations. SUBSAFE was launched in 2001, with the latest update in October 2014 as part of the update to the submarine licensing and certification management system. The MALA tool is used within the RCAF operational RM process to assess aviation mission risks. The MALA tool has been used in tactical aviation since approximately 2004. The MALA is completed prior to the mission launch. It is the final confirmation that flying activity risk is being accepted at the appropriate level of authority. The MSVS project uses a risk- based methodology and analysis to determine the feasibility of achieving contractor-identified delivery milestones. Mathematical modelling, statistical tools and project management experience are used to better understand risks that impact project milestones, which affect financial forecasting.
Benefits/ Observations
  • Risk-aware culture
  • Decision making based on risk information from various organizational levels
  • More efficient and streamlined licensing process
  • Documentation and reporting practices that promote process transparency
  • Enhanced discussion; overall situational awareness of the multiple factors involved in military flight operations
  • Major asset in dealing with the experience gap
  • Decision making based on risk information from various organizational levels
  • Clear accountability and decision-making authorities supported by sound risk assessment guidance
  • Risk-aware culture
  • Decision making based on risk information
  • Communication of best practices promotes the initiative
  • Tools and resources necessary to undertake this initiative might not be available
  • Model to improve the Department-contractor relationship

Table C-1. Overview of Case Studies. This table summarizes the key aspects of three projects/initiatives that were reviewed to determine top RM success factors.

Back to Table of Contents

Table C-1. Overview of Case Studies.

This table summarizes the key aspects of the three projects/initiatives that were reviewed to determine top RM success factors. It has four columns and three rows. The top row lists the three case studies (SUBSAFE, MALA and MSVS). For each case study, read down each column for a description and a summary of the benefits and observations.

Annex C─Case Study: SUBSAFE

Title SUBSAFE Program
Important Success Factors

Senior management involvement in monitoring RM approach, governance and leadership

  • There is overarching buy-in from senior management up to the Chief of the Defence Staff.
  • The SUBSAFE board meets annually to discuss concerns including potential risks. It includes representatives from the medical community, ADM(Mat), etc.
  • The commanding officer on the ship is responsible for license compliance.

Reporting mechanisms to communicate lessons learned

  • Every license results in a more mature reporting mechanism.
  • Crew members are involved in RM, which promotes awareness of risk, risk information and how decisions are made.

Documentation and communication

  • The license is a key document for communicating upwards and outwards.

Sound risk assessment techniques

  • The naval order describes in detail what is tolerable, intolerable, etc.
  • A generic CAF RM matrix is used.
  • There is an aggregate risk board where all the subject matter experts validate assumptions, assess individual hazards and then assess the aggregate hazard to determine the impact. The hazards are ranked, and mitigation strategies are identified. There is representation from all three pillars and the commanding officer.

Table C-2. Case Study: SUBSAFE. This table lists the important success factors of the SUBSAFE Program.

Back to Table of Contents

Table C-2. Case Study: SUBSAFE.

This table lists the important success factors of the SUBSAFE Program. The table has two columns and two rows. The left column, which only contains the title Important Success Factors, and the second column, which lists the Important Success Factors of the SUBSAFE Program. Read down the second column for details on each of the Important Success Factors of the SUBSAFE Program.

Annex C─Case Study: MALA

Title MALA
Important Success Factors

Governance and leadership

MALA is driven from the top (Commander RCAF) down to the fleets. For example, the Commander wants MALA to align to the pilot fatigue RM initiative. The leadership monitors the development and implementation of MALA.

Timing of monitoring reviews of RM approach

A baseline for MALA is currently being developed. For domestic and regular missions (normal circumstances), there will be a baseline MALA. MALA will change if there is a change in rules or regulations or if an incident occurs and areas for improvement are identified. For specific operations, there will be a specific theatre MALA. This deployed MALA will be based on the baseline MALA. When an incident occurs, the flight safety system is robust enough to handle it. As part of the process, improvements to avoid future incidents will be considered as well.

Documentation, communication and clear understanding of risk tolerance levels

MALA is an excellent tool for communicating risk information upwards and sideways. All documentation is kept as pre-flight documentation (similar to flight plans).There is better awareness of tolerance levels in the RCAF, which are expressed through authorization levels.

RM training

MALA is still in its infancy, and it is not yet entirely understood and accepted. It has been introduced in mandatory training (part of supervisory courses). The intent is to convince users of the effectiveness of the tool and not just see it as a paper exercise.

Reporting mechanisms to communicate lessons learned

MALA has aided in the communication of lessons learned. For example, when an incident occurs, subsequent improvements needed to avoid future incidents are considered through the flight safety system.

Table C-3. Case Study: MALA. This table lists the important success factors of the MALA tool.

Back to Table of Contents

Table C-3. Case Study: MALA.

This table lists the important success factors of the MALA tool. The table has two columns and two rows. The left column, which only contains the title Important Success Factors, and the second column, which lists the Important Success Factors of MALA. Read down the second column for details on each of the Important Success Factors of the MALA tool.

Annex C─Case Study: MSVS

Title MSVS Project – Schedule Risk Analysis
Important Success Factors

Cross sector risk engagement

  • Risk discussions take place with the contractor, Public Services and Procurement Canada and the Canadian Army to gain a holistic understanding of risks and the stakeholders’ roles in the mitigation strategy.

Integration of risk priorities and risk responses in business plans / corporate processes

  • This initiative applies to the tri-annual financial forecasting process and aides in better financial cash-flow forecasting.

Effective risk mitigation treatment / mitigation

  • Risk mitigation is identified through risk meetings and through discussions with the contractor.
  • Risk mitigation plans are established and tracked.
  • Risk and forecast‎ outcomes are presented to the contractor to address their own mitigation activities.

Documentation and communication

  • Workflow diagrams are created as a visual communication tool to identify risks and to serve as a communications tool when briefing stakeholders.
  • Risks are managed and discussed with the contractor on a regular basis. Contractor’s risks are discussed at RM meetings to determine if they should be monitored by the project management office.
  • Contractor’s key performance indicators link to identified risk categories of the Schedule Risk Forecasting Analysis.

Governance and leadership

  • Top-down (ADM(Mat)) governance is driven in response to the change in forecasting culture.
  • Chief of Staff (Materiel) town halls take place to discuss different methodologies and approaches to improve forecasting.
  • Risk analysis was used to engage with the contractor at a governance committee meeting.

Sound risk assessment techniques

  • Use of RM software tool
  • RM expert embedded in the project to establish the risk-based methodology
  • Business acumen used to interpret information acquired from the risk analysis tool/methodology

Table C-4. Case Study: MSVS. This table lists the important success factors of the MSVS Project.

Back to Table of Contents

Table C-4. Case Study: MSVS.

This table lists the important success factors of the MSVS Project. The table has two columns and two rows (and is split over two slides). The left column, which only contains the title Important Success Factors, and the second column, which lists the Important Success Factors of the MSVS Project – Schedule Risk Analysis. Read down the second column for details on each of the Important Success Factors of the MSVS Project.

Footnote 1 The dedicated resources stated in the criteria refer to staff dedicated to IRM within Chief of Programme.

Footnote 2 Level 1 usually represents Assistant Deputy Minister and Environmental Chiefs of Staff level.

Footnote 3 RCN = Royal Canadian Navy

Footnote 4 RCAF = Royal Canadian Air Force

Footnote 5 ADM(Mat) = Assistant Deputy Minister (Materiel)

Footnote 6 This refers to action plan responses provided by the Level 1s on how they plan to mitigate the corporate risks used to be monitored by Vice Chief of the Defence Staff at the corporate level.

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: