Employment and Social Development Canada: 2018 to 2020 corporate risk profile

From: Employment and Social Development Canada

On this page

Introduction

The Corporate Risk Profile (CRP) describes an organization’s key risks which include both threats and opportunities. Risks are the expression of the likelihood and impact of an event with the potential to affect the achievement of an organization’s objectives. A corporate risk profile is intended to be used to enhance senior management’s analysis and decision making related to priority setting and resource allocation as well as a tool to communicate risk information to employees throughout the organization so that employees may consider risk at all levels in the organization when planning and prioritizing their work.

In the development of the 2018 to 2020 CRP, the Enterprise Risk Management (ERM) Team in Strategic and Service Policy Branch (SSPB) undertook extensive consultations during 2018 to derive a comprehensive perspective of ESDC’s risk landscape. Consultations to identify risks were done from the top-down and the bottom-up; they involved generalists and functional specialists; and they took into account drivers within the Department as well as external threats outside of its doors.

2018 to 2020 risks
description follows
2018 to 2020 risks – Text version

The 11 enterprise-level risks for 2018 to 20 are listed in a table. Two of these risks are identified as new in red italic font, namely Information Technology (number 1 risk) and Policy Design (number 9 risk). The 11 risks are:

  1. Information Technology - new
  2. Investment Planning and Investment Portfolio Management
  3. HR Management
  4. Project Management
  5. Information / Knowledge Management (Data)
  6. Fraud
  7. Privacy / Safeguarding of Personal Information
  8. Service Delivery
  9. Policy Design - new
  10. Business Continuity
  11. Physical Security

To assess and treat each top risk, detailed risk profiles, including strategies to mitigate the risks, were developed and approved by responsible Tier 2 governance committees. The CRP was also approved by the Department’s Portfolio Management Board. Ongoing monitoring and reporting of the top risks will be carried out through the quarterly risk update process.

During 2018, ESDC also undertook an Internal Audit and an independent assessment of its risk management processes and practices. The Audit and the assessment generated a number of recommendations for strengthening risk management practices in ESDC. Many of these recommended improvements were introduced in the development of the 2018 to 2020 CRP, including:

  1. the integration of risk management into the Departmental planning cycle with the linking of risks to strategic priorities
  2. the implementation of oversight for risk identification, assessment, and mitigation actions with the introduction of Tier 2 committee reviews of risk profiles and the identification of the accountable executives responsible for implementing controls and mitigations; and
  3. monitoring the implementation of risk mitigation actions with the addition of key risk indicators to track trends for each top risk

Further efforts are required to respond to other recommendations such as:

  1. draft and publish an integrated Enterprise Risk Management (ERM) Framework to clearly establish the Department’s risk management processes, including accountabilities and governance; and
  2. review Departmental risk management training to ensure it is tailored to the levels and types of risk work performed throughout the Department

In 2019 to 2020, ESDC intends to further strengthen risk management practices in the Department by increasing dedicated resources and transferring the responsibility for coordinating the Department’s risk management from SSPB to Internal Audit Services Branch. Through a strengthened risk framework and challenge function, and enhanced training and advisory services, EDSC will be able to further mature risk culture across the organization.

While it is not possible to eliminate all risk - there will always be events outside of the Department’s control and a finite level of resources that can reasonably be dedicated to risk management – the CRP represents the Department’s best efforts to reduce risks to an acceptable level.

Operating context

In 2019 to 2020, the Canadian economy in is expected to grow at a modest and sustainable pace, with Canada projected to have the second-highest rate of Gross Domestic Product (GDP) growth among G7 countriesFootnote 1 . While this growth will create opportunities for Canadians across the country, it is anticipated that there will be a continued shortage of skills and labour in certain regions and occupations. In addition, over the medium-term, Canada will need to be ready to address other challenges and pressures to continued economic growth and improved well-being of Canadians that may arise.

Such challenges may include labour market adjustments resulting from an aging population and the changing nature of work, and the continued underrepresentation of certain groups in the labour market (for example, Indigenous people, recent immigrants, and persons with disabilities). These challenges, coupled with a desire for inclusive and sustainable economic growth, are informing the Department’s priorities and planned results for 2019 to 2020.

The Department will invest in training and skills development to support an efficient and resilient labour market and support a culture of continuous learning. This will help all Canadians, including those from groups that are less represented in the labour market to find and keep jobs and lead rewarding lives. The Department will also continue to assist Canadians in vulnerable situations by ensuring that the financial and social supports they need are available when they need them. It will support increased inclusion and opportunities for Canadians through efforts to reduce poverty and homelessness, and improve access to early learning and childcare. It will also make efforts to ensure workplaces are safe, healthy and accessible, as well as take steps to narrow the persistent gap in wages between men and women.

Embedding innovative approaches across the Department will ensure that Canadians remain at the centre of program and policy design and delivery. Design thinking, behavioural insights, and experimentation will allow the Department to better respond to Canadians’ complex life challenges as well as enable the modernization of our services.

The Department recognizes that Canadians expect high-quality, easy-to-access, simple and secure services that are responsive to their needs, whether they are offered online, through call centers, or in person. Innovative service development is fundamental to achieving the Department’s mandate and contributing to such priorities as poverty reduction, supporting the middle class and improving accessibility for Canadians. The Department will continue to optimize recent investments that seek to modernize benefits delivery, reduce time to process Old Age Security, Canada Pension Plan, and Employment Insurance applications, and improve the responsiveness of call centres. As it looks to the future, the Department will continue to leverage client and stakeholder feedback, along with advancements in other jurisdictions and sectors, to further improve service delivery.

Millions of Canadians depend on government services each year—to access benefits, obtain social insurance numbers or records of employment, submit their taxes, obtain passports and cross borders. These services help Canadians through some big transitions. So it is no surprise that they want quality services that are convenient, easy to use and focused on their needs. … What does this look like for Canadians? It means more accessible, connected and bundled services. And more than ever before, this means access to digital tools.

25th Annual Report to the Prime Minister on the Public Service of Canada, 2018

ESDC is responsible for delivering more than $120 billion in benefits annually (or more than 5 percent of Canada’s GDP) and for meeting over sixty major priorities of the Government of Canada. ESDC’s ability to effectively deliver programs and benefits to improve the lives of Canadians, is dependent on its capacity to be mindful of the changing environment in which it operates and the potential risks that may delay or prevent it from achieving its objectives.

ESDC’s 2018 to 2020 corporate risks focus on the internal capacity that is needed by the Department to build a stronger and more inclusive Canada and support Canadians to live productive and rewarding lives.

Methodology

The 2018 to 2020 Corporate Risk Profile highlights the results of this year’s enterprise-wide risk management process. The Profile is intended to provide an overview of key risks including an understanding of the organization’s operating context and objectives with respect to managing risk. ESDC’s process is based on international best practices such as ISO 31000 Risk Management Standard, as well as the Treasury Board Secretariat’s Framework for the Management of Risk. ESDC follows five phases of risk management annually, which include: establish the context, identify and assess risks, address risks, monitor and report quarterly and ongoing communication (Figure A).

Figure A: Corporate risk profile cycle
Figure A: description follows
Figure A: Corporate risk profile cycle – Text version

The Corporate Risk Profile cycle is depicted in a circle that is divided into quarters (Q1, Q2, Q3 and Q4). Each quarter is further divided into the three months that make up that quarter (April, May and June for Q1; July, August and September for Q2; October, November and December for Q3; and January, February and March for Q4).

  • The activity “PMB risk identification workshop” is shown to take place in June
  • The activity “Risk ranking and assessment of top risks by ADMs and DGs” is shown to take place over Q2
  • The activity “PMB approval of top risks” is shown to take place in November
  • The activity “Risk profile development by lead branches” is shown to take place from November (following PMB approval of tops risks) until end of January
  • The activity “PMB approval of CRP” is shown to take place at the beginning of March
  • The acticity “CRP dissemination” is shown to take place over the course of March, following PMB approval of CRP

1. Risk identification

In June 2018, Portfolio Management Board members identified risks in relation to the ESDC Risk Taxonomy (Appendix A) linked to the ESDC’s 2018 to 2019 strategic priorities (Appendix B). Based on this risk identification exercise, Assistant Deputy Ministers provided input on their top three risk categories to flag the biggest threats to meeting departmental objectives.

2. Risk ranking and assessment

The assessment phase that followed included an expanded consultation process with individuals and through key committees. The Directors General (DG) used a survey to rank the top risks according to likelihood and impact. Results were calculated by multiplying likelihood and impact (Figure B) to arrive at a severity score for each risk category. Risks that were assessed as being in the red zone (high likelihood/significant impact) as well as risks that were consistently flagged in follow-up DG consultations have been proposed as the corporate risks in the 2018 to 2020 CRP. These top risks were then validated through various committees, and finally presented and approved by Portfolio Management Board members in November 2018. The section, ESDC’s Top Risks (Figure D), outlines the results.

3. Address risks

Subject matter specialists in lead branches developed risk profiles that include:

  • concise statements of the risk
  • existing activities to control risks (“controls” are processes or activities already in place that serve to reduce exposure to risk)
  • additional mitigations (new options to enhance opportunities and reduce threats)
  • residual risk severity (assessment of the severity of the risk with all of controls in place)
  • target risk severity (the level to which a risk is expected to be lowered with the controls and all mitigation activities completed or in place); and
  • indicators by which to measure the progress made toward the targets

The responsible Tier 2 Governance Committees endorsed individual risk profiles prior to final approval by Portfolio Management Board.

Risk severity

Severity = Likelihood x Impact

Likelihood - The measure of the probability of a risk event becoming a reality within the next year.

  • Low – 1 (unlikely to happen in the next year)
  • Medium - 2 (might happen to happen in the next year)
  • High - 3 (very likely to happen in the next year)

Impact - The qualitative measure of the consequences on the Department of a risk event becoming a reality.

  • Minor - 1 (harm to the Department’s reputation and operations is minor)
  • Moderate - 2 (harm to the Department’s reputation and operations is moderate)
  • Significant - 3 (harm to the Department’s reputation and operations is significant)
Figure B: Multiplying likelihood and impact
Figure B: description follows
Figure B: Multiplying likelihood and impact – Text version
  • Figure B shows how the severity of each risk will be illustrated, in the rest of the document, on a 3 by 3 matrix that has impact on the vertical axis and likelihood on the horizontal axis. The 3 squares in the upper right corner are red to indicate high severity; the 3 diagonal squares are yellow to show medium severity; and the 3 squares in the bottom left corner are green to show low severity
  • An empty dot is used to indicate the initial risk severity, before controls are in place; for illustrative purposes, the empty dot has been placed in the upper right (red) zone of the matrix
  • A full dot is used to indicate the residual risk severity, after controls are in place; for illustrative purposes, the full dot has been placed below the empty dot and to its left, still in the red zone but less severe in terms of both impact and likelihood
  • A star is used to indicate the target risk severity, which is the level to which risk is expected to be lowered with ongoing controls and upon completion of all mitigation strategies (new measures introduced to further reduce the threat). For illustrative purposes, the star has been placed in the middle of the matrix, in the yellow zone, to reflect medium likelihood and medium impact

4. Monitor and report

Monitoring of the Corporate Risk Profile occurs throughout the year on a quarterly basis. All branches and regions are required to engage their senior management in regular risk discussions and to provide risk updates and environmental scan highlights in each quarter. The Portfolio Management Board receives the quarterly risk results reports.

Interconnectivity of top risks

It is important to consider the relationships between the corporate risks to understand their impact on other risks. If risks become reality, they can influence one another, potentially introduce other risks and ultimately impact the Department’s ability to realize strategic priorities. At the same time, some corporate risks’ mitigation activities could also assist in the mitigation of other corporate risks.

Analysis of these relationships among risks will ensure that there are no unintended consequences of one risk on another as well as create opportunities to economize the Department’s approach to resourcing its risk treatment strategies across the portfolio. Understanding the links between risks and strategic objectives also supports senior management’s decision-making relating to priority setting, and resource allocation.

Figure C illustrates which risk categories have the potential to impact other corporate risks (in red) and which risk categories assist in the mitigation of other corporate risks (in green). Full details are described throughout the document.

Figure C: Risk categories – Impacts and Mitigations
Figure C: description follows
Figure C: Risk categories – Impacts and Mitigations – Text version

The diagram shows the interconnectivity between the 11 enterprise-level risks that are part of the 2018 to 20 Corporate Risk Profile and which were listed earlier in the document, namely:

  1. Information Technology - new
  2. Investment Planning and Investment Portfolio Management
  3. HR Management
  4. Project Management
  5. Information / Knowledge Management (Data)
  6. Fraud
  7. Privacy / Safeguarding of Personal Information
  8. Service Delivery
  9. Policy Design - new
  10. Business Continuity
  11. Physical Security
  • These 11 risks are listed on the left side of the page and the same list of 11 risks is repeated on the right side of the page, in the same order
  • Red arrows are used to connect the risks on the left side to the risks on the right side and green arrows are used to connect the risks on the right side to the risks on the left side
  • Red arrows, which go from left to right, are used to show which risks have the potential to impact other risks. Green arrows, which go from right to left, are used to show which corporate risks can assist in the mitigation of other risks
  • Red arrows leave from all but one (Privacy / Safeguarding of Personal Information) of the risks on the left and go to all but one of the risks on the right (Human Resources), illustrating that almost all of the risks have a potential impact on almost all of the other risks
  • Green arrows connect all of the risks on the right to all but one (Human Resources) of the risks on the left, illustrating that all of the risks can assist in mitigating one or more of the other risks
  • Overall, the diagram illustrates that almost all of the 11 risks are interconnected

Innovation and experimentation

ESDC recognizes that one of the biggest risks it faces is a failure to take risks, that it may not take the bold risks necessary to innovate and to keep pace with the expectations of Canadians.

As a result, it will continue to pursue innovation and experimentation to learn from the successes and failures that come from testing new and different approaches to policy development, program design, and service delivery.

Innovation at ESDC refers to the development of new ideas, services, and models to better address departmental priorities. Without informed risk-taking, the Department may not be able to innovate in order to deliver programs and services in a way that Canadians want and need.

Experimentation provides an opportunity to exercise modern risk management, where a certain small amount of failure is anticipated, accounted for, and managed in order for an organization to achieve its goals. Organizational innovation can be enhanced by experimentation, that is, by evaluating what works and what does not, by analyzing client expectations, and by testing the validity and efficacy of these ideas through experimentation.

Public servants are inviting more voices to the table to talk about priorities and policies, and we are bringing new tools, approaches, and perspectives to tough problems. We are taking bolder risks, being more creative, and experimenting with fresh ideas.

26th Annual Report to the Prime Minister on the Public Service of Canada, 2019

ESDC has existing controls through its history of experimentation that includes efforts by the Department’s Innovation Lab and Acceleration Hub. The Innovation Lab, through its Strategic Plan, integrates experimentation in the development of services and brings stakeholders together at the beginning of a project to discuss the relationship between policy development, design, and delivery, which ultimately facilitates better results for Canadians. As well, ESDC’s Acceleration Hub collects leading practices from other governments and the private sector, analyzes client feedback, creates journey maps, designs and prototypes service solutions and conducts qualitative and quantitative testing to help ESDC employees design services by considering the context and relevant life events that clients typically face.

Currently, the Department is innovating and experimenting in areas such as artificial intelligence-based modelling of internal processes; the assessment of the impact of Labour Market Agreements on the use of Employment Insurance; initiatives in the Service Transformation Plan; and in developing generic terms and conditions to deliver transfer payment programs. ESDC has also supported a number of experiments with organizations such as the Social Research and Demonstration Corporation and in ESDC functions such as Evaluation that have been using experimental approaches in their products.

As well, ESDC has introduced an expanded Enterprise Risk Management (ERM) function, including the establishment of a Chief Risk Officer. This new ERM team will support the culture shift to intelligent risk taking through advancing awareness of risk management practices and conducting risk tolerance and risk appetite discussions.

Going forward, the Department is proposing several mitigation strategies that will encourage intelligent risk-taking, including further projects in the Innovation Lab to engage ESDC partners in human-centric approaches that address departmental priorities; support for departmental efforts to build competency and capacity for innovation and experimentation; and collaboration across the Government of Canada and with other external organizations. The Acceleration Hub will continue to modernize ESDC’s services through innovations such as the auto-enrolment for Old Age Security benefits and the Guaranteed Income Supplement.

ESDC will explore developing an experimentation strategy to act as a framework to encourage intelligent risk-taking. ESDC will also use the Innovation Lab to increase the Department’s capacity to connect with Canadians for solutions, and will leverage the Chief Data Office to enable data access through greater governance and literacy. As well, ESDC will look for opportunities to publish and disseminate ESDC experiments in journals and online. Finally, consideration is being given to identifying dedicated funding to support innovation within the Department.

ESDC’s top risks

The results of the Department’s risk identification and ranking phases (outlined on page 7) yielded top risks to be treated in the 2018 to 2020 Corporate Risk Profile.

Results were calculated by multiplying likelihood and impact (Figure B) to arrive at a severity score for each risk category. Risks that were assessed as being in the red zone (high likelihood/significant impact) as well as risks that were identified consistently through follow-up DG consultations were proposed as the corporate risks to be further treated in 2018 to 2020.

The top risks were then validated through various committees, and presented and approved by Portfolio Management Board members in November 2018.

ESDC’s eleven top risks in order of initial severity score are outlined below (Figure D).

Figure D: ESDC’s eleven top risks in order of initial severity score
Figure D: description follows
Figure D: ESDC’s eleven top risks in order of initial severity score – Text version

Pink dots are placed on the 3 by 3 severity matrix to show the initial severity score of each of the 11 risks.
The seven top risks are shown to be in the red zone (high impact / high likelihood). The seven top risks are:

  1. Information Technology - new
  2. Investment Planning and Investment Portfolio Management
  3. HR Management
  4. Project Management
  5. Information / Knowledge Management (Data)
  6. Fraud
  7. Privacy / Safeguarding of Personal Information

The four other risks are shown to be in the yellow zone but close to the red zone, meaning they require attention.

  1. Service Delivery
  2. Policy Design - new
  3. Business Continuity
  4. Physical Security

Detailed descriptions for each of the corporate risks follow.

1. Information technology

Given that ESDC carries significant technical debt both in systems and infrastructure, there is a risk that ESDC does not have the ability to continuously operate, transform, and innovate to adequately deliver on the digital government priorities that support ESDC programs and services and ensure IT Service Continuity.

Figure 1: Severity of the IT risk
Figure 1: description follows
Figure 1: Severity of the IT risk – Text version

The severity of the IT Risk (number 1 risk) is illustrated on the 3 by 3 matrix as follows:

  • Initial risk (empty dot) is in the upper right square (red zone – high likelihood and high impact)
  • Residual risk (full dot) is immediately below the empty dot and overlaps it (same red zone – same high likelihood but slightly lower impact than the initial risk)
  • Target risk (star) is in the upper left hand square (yellow zone – low likelihood and almost same impact as the residual risk)

ESDC carries significant technical debt in both systems and infrastructure, and this indirect cost of owning and managing old IT assets and applications affecting IT infrastructure, employee tools, and program and administrative applications, can potentially delay or compromise benefits and service delivery to Canadians. To this end, the Department is moving forward with modernization initiatives to strengthen and sustain IT infrastructure and replace and enhance existing IT systems and services that support benefits to Canadians most in need.

Should an IT risk event occur, it has the potential to affect the Department’s ability to maintain the infrastructure required to effectively access and mine data, to protect personal information from potential breaches, and to support the provision of ESDC programs and services, thereby impacting the Information/Knowledge Management (Data), Privacy/Safeguarding Personal Information, Fraud and Service Delivery risks.

The Department’s IT controls include overarching strategies (such as the 2018 to 2021 ESDC IT Plan the People Management Strategy), as well as governance structures (such as the Enterprise Architecture Review Board and Application Portfolio Management). These controls and planned mitigations will maintain the likelihood and moderately reduce the likelihood and impact by March 31, 2024.

ESDC will continue pursuing mitigation activities to further reduce the likelihood of a risk event from occurring. Key to ensuring IT Service Continuity, ESDC will undertake a complete renewal of business processes and technology for Employment Insurance, Old Age Security and Canada Pension Plan. Other more moderate enhancements to various systems and services will support the portfolio and its delivery of programs. Other mitigations will focus on strengthening and sustaining infrastructure delivery to ensure there are no gaps in continuity between partners’ responsibilities, and implementing effective workforce strategies to attract, recruit, and retain skilled IM/IT employees and increase training for existing employees on new application solutions and tools.

As well, ESDC will develop a departmental framework for managing technological change via programs, major projects, and regular projects, in conjunction with minor modifications and maintenance to application so as to increase infrastructure reliability and ensure that systems meet business and IT requirements.

Considering the risk controls in place and the planned mitigations, it is anticipated that the risk severity will be reduced to a medium likelihood by March 31, 2029.

2. Investment planning and investment portfolio management

There is a risk that Departmental capacity, in terms of people, money, and infrastructure is not sufficiently aligned to support the successful realization of the portfolio benefits. In addition, there is a risk of misalignment between strategic planning and portfolio management.

Understandably, in a department the size of ESDC, with its vast and varied programs and benefits, there is a risk of misalignment in the number, type, interdependencies, and sequencing of portfolio benefits (departmental programmes and projects); or that the investment portfolio could exceed human resource or funding capacity; or that there could be a significant change in organizational priorities. Changing priorities without re-evaluating and downgrading other priorities is a key driver for this risk augmented during times of uncertainty. Ongoing insufficient or ineffective use of existing capacity and ineffective portfolio management practices are also contributing factors.

Figure: 2: Severity of investment planning and investment portfolio management risk
Figure 2: description follows
Figure: 2: Severity of investment planning and investment portfolio management risk – Text version

The severity of the Investment Planning and Investment Portfolio Management Risk (number 2 risk) is illustrated on the 3 by 3 matrix as follows:

  • Initial risk (empty dot) is in the upper right square (red zone – high likelihood and high impact)
  • Residual risk (full dot) is immediately to the left of the empty dot and overlaps it (red zone – same high impact but slightly lower likelihood than the initial risk)
  • Target risk (star) is in the middle of the matrix (yellow zone – lowered to medium likelihood and medium impact)

The misalignment of planning and portfolio management and the unsuccessful realization of portfolio benefits could have a direct impact on other risks: Information Technology and Service Delivery.

ESDC relies heavily on governance and oversight to mitigate this risk, including the financial management forecasting and reporting and its tri-annual investment plan submission and annual updates process. In 2019 to 2020, the Chief Financial Officer Branch will establish additional mitigations such as a mechanism to integrate the portfolio schedule (the integrated alignment and sequencing of the schedules for programs and projects in the investment portfolio) and establish a risk review board to augment its existing controls and better coordinate and sequence priorities. These mitigations will allow for better resource management, as well as a more robust understanding of the interdependencies between programmes and projects.

Considering the risk controls in place and the planned mitigations, it is anticipated that the risk severity will be reduced to a target of medium likelihood/moderate impact by April 30, 2020.

3. HR management

There is a risk that ESDC may not have the workforce skills, competencies, and distribution to meet current and future needs due to changing skills requirements, as well as demographic trends. In addition, challenges with the current HR-to-Pay environment may continue to affect the Department’s ability to recruit and retain talent and skills across all business lines. This could have an impact on Departmental service standards and objectives.

Changing skills requirements, shifting demographics (including a significant proportion of projected retirements over the next several years) and compensation issues stemming from the HR-to-Pay environment, have important implications for HR management across the Department. With the Department’s policy and service transformation agenda and other government-wide priorities, it is increasingly important that ESDC has the right mix of skills and competencies within its workforce. If this risk is not mitigated, Departmental objectives and service standards may not be met, and the ability to maintain the desired quality of analysis and advice, and respond to Canadian’s expectations of services that are easy-to-access, timely, accurate and efficient, could be compromised.

Figure 3: Severity of HR management risk
Figure 3: description follows
Figure 3: Severity of HR management risk – Text version

The severity of the HR Management Risk (number 3 risk) is illustrated on the 3 by 3 matrix as follows:

  • Initial risk (empty dot) is in the upper right square (red zone – high likelihood and high impact)
  • Residual risk (full dot) is to the left of the empty dot and in the middle of the top row of squares (red zone – same high impact as initial risk but medium likelihood)
  • Target risk (star) is in the upper left hand square (yellow zone – low likelihood but same high impact as residual risk)

An inability to have a sufficient and right workforce at ESDC would heighten all other corporate risks. For example, the Information Technology risk set its risk severity target based on its successful implementation of their workforce strategy to attract, recruit, and retain skilled IM/IT employee. Similarly, without sufficient project management capabilities, programmes and projects will not fully realize benefits on time, budget and scope.

To address this risk, the Department will continue implementing the ESDC Workforce Strategy and annual Workforce Action Plans containing numerous initiatives to attract, develop and retain a skilled and diverse workforce. Additionally, established governance structures will continue to ensure strategic management of human resources.

To further reduce the risk relating to HR, and improve pay outcomes for employees, ESDC is implementing the Compensation POD Plus Model to add its own compensation resources to the standard Pay Centre POD service delivery model. It will leverage the capacity of trained, ESDC Compensation Advisors with access to the Phoenix pay system, to increase the compensation capacity for processing ESDC pay cases.

The Department is also implementing the 2019 to 2020 Workforce Action Plan, which includes the following initiatives:

  • implement the Executive Integrated Workforce Management Approach
  • implement new ESDC talent approaches and continue to evolve succession planning efforts
  • implement the ESDC 2017 to 2020 Recruitment Strategy
  • develop and implement a renewed Action Plan on Official Languages training
  • advance and implement the Competency Based Management (CBM) project; and
  • implement the Compensation POD Plus Model

Considering the risk controls in place and the planned mitigations, it is anticipated that the risk severity will be reduced to a target of low likelihood/significant impact by March 31, 2022.

4. Project management

Due to a combination of high volumes of programmes and projects and insufficient project management capabilities and capacity, there is a risk that programmes and projects will not fully realize benefits on time, budget and scope. This may result in exposure to key risks including the inability to meet client expectations, reputational damage, financial loss, operational ineffectiveness, and political and regulatory challenges.

Project Management is central to the accomplishment of any goal within federal departments as it ensures the successful delivery of programmes and projects. However, high volumes of programmes and projects, insufficient capability and capacity for project management, along with competing priorities and ineffective portfolio management practices put the Department at risk of not being able to meet its commitments. Without effective project management, the Department may not be able to meet clients’ expectations, which could damage the Department’s reputation and lead to a loss of public trust. An inability to deliver on commitments could also result in financial loss if the desired results are not delivered or not delivered on budget.

Figure 4: Severity of project management risk
Figure 4: description follows
Figure 4: Severity of project management risk – Text version

The severity of the project Management Risk (number 4 risk) is illustrated on the 3 by 3 matrix as follows:

  • Initial risk (empty dot) is in the upper right square (red zone – high likelihood and high impact)
  • Residual risk (full dot) is essentially in the same spot as the empty dot, overlapping it almost completely; this indicates that the risk after controls (residual risk) is the same as before the controls (initial risk)
  • Target risk (star) is in the upper left hand square (yellow zone – low likelihood but almost same high impact as the initial and residual risk)

Failure to adequately mitigate this risk could result in not fully realizing benefits on time, budget and scope, which would have a direct impact on the Department’s finances and the potential inability to meet client expectations and operational effectiveness which are encapsulated in the Investment Planning and Investment Portfolio Management and Service Delivery risks.

Various controls have been established to minimize project management risks, including the establishment of the Enterprise Project Management Office (EPMO) that offers various advisory services such as, risk management and benefits management. Governance and oversight further mitigate the risks through committees such as the Major Project Investment Board and Internal Audit Reviews of project management. Best practices are communicated through the EPMO to inform project management delivery.

To further reduce the likelihood of the project management risk, ESDC will pursue other mitigation activities in 2019 to 2020, including project management development and maturation services for branches and enhanced oversight for risks at the project, programme, and portfolio levels. ESDC is also developing a Service Transformation Portfolio Risk Review process to enhance risk oversight and promote better resource management.

Considering the risk controls in place and the planned mitigations, it is anticipated that the risk severity will be reduced to a target of low likelihood/significant impact by March 31, 2020.

5. Information/Knowledge management (Data)

Given the high volume and complexity of information to manage and the lack of mature data management and information management programs, there is a risk that ESDC is unable to adequately protect, access, or analyze data and information of business value. This may result in potential privacy and security breaches, and reduced productivity in support of ESDC programs and services.

ESDC must manage a high volume and complexity of information while protecting the information from increasingly sophisticated cybersecurity attacks that can ultimately result in breaches of privacy and security. With the continued need to mature information management skills, tools and overall strategy, there is a risk that the Department’s policies, programs and services may not respond to the needs of Canadians.

Figure 5: Severity of information / knowledge management risk
Figure 5: description follows
Figure 5: Severity of information / knowledge management risk – Text version

The severity of the Information / Knowledge Management Risk (number 5 risk) is illustrated on the 3 by 3 matrix as follows:

  • Initial risk (empty dot) straddles the square in the upper right corner and the one below it (red zone – high likelihood and high impact)
  • Residual risk (full dot) is immediately below the empty dot (red zone – same high likelihood but slightly lower impact)
  • Target risk (star) is in the middle of the matrix (yellow zone – medium likelihood and medium impact, both slightly lower than the residual risk)

Since this risk event could result in potential privacy and security breaches from inadequate protection of information, this risk has the potential to compound the Fraud and Privacy/Safeguarding of Personal Information risks. Additionally, the possible impact on ESDC’s ability to access and analyze data to inform policy development and delivery of programs and services could exacerbate the Policy Design risk and Service Delivery risk.

To address this risk, ESDC has implemented an ESDC Data Strategy (including Analytics and Data Governance & Stewardship programs) as well as an Enterprise Information Management (IM) Policy Suite Strategy and Roadmap to reduce the volume of information and the risk of unresponsive policies, programs, and services. The Department has also implemented the Policy on Government Security, which provides direction on the secure delivery of government programs and services, the protection of information, individuals and assets, and provides assurance to Canadians, partners, oversight bodies and other stakeholders regarding security management.

In addition to these controls, ESDC is taking steps to further reduce the risks relating to information and knowledge management. The Department is working to further mature its IM practices, increase IM awareness and training, and address IM tools and technology challenges, all of which are expected to be completed by June 2022. Policy and process updates such as Data Policy 1.0 and the Data Stewardship and Analytics Program are also on track to be completed in June 2021. Additionally, to further reduce the Department’s vulnerabilities to cyberattacks, ESDC continues to increase cybersecurity protection measures, in collaboration with government partners and service providers. ESDC is also continuing to implement its enterprise data strategy.

Considering the risk controls in place and the planned mitigations, it is anticipated that the risk severity will be reduced to a target of high likelihood/moderate impact by June 2022.

6. Fraud

Due to emerging and sophisticated fraud threats and the potential for wrongdoing, there is a risk that ESDC may be unable to effectively prevent, detect, and/or manage internal and/or external fraudulent activity and wrongdoing in relation to the delivery of its programs, services, and operations.

The Department has identified fraud and wrongdoing as risk areas that could result in loss of money, assets, information or public trust in the Canadian government. Additionally, risks posed by fraudulent activities and wrongdoing may impact the delivery of accurate and timely services to clients and the credibility of the Department of being an effective steward of public funds and personal information.

Figure 6: Severity of the fraud risk
Figure 6: description follows
Figure 6: Severity of the fraud risk – Text version

The severity of the Fraud Risk (number 6 risk) is illustrated on the 3 by 3 matrix as follows:

  • Initial risk (empty dot) is in the middle square of the top row (red zone – medium likelihood and high impact)
  • Residual risk (full dot) is in the middle of the matrix (yellow zone – medium likelihood and medium impact, both slightly lower than the initial risk)
  • Target risk (star) is immediately below the full dot in the same yellow zone (same likelihood and slightly lower impact than residual risk)

Should this risk event occur, then it could impact the Privacy/ Safeguarding of Personal Information risk by increasing the likelihood of inappropriate access/ disclosure of personal information. This risk could also exacerbate the Service Delivery risk by potentially reducing the funds available within programs that support legitimate and eligible beneficiaries, impacting the Department’s ability to deliver financial support and services to those in need. Finally, this risk event could also increase the Policy Design risk. For example, if fraudulent activity and wrongdoing in relation to the delivery of programs, services, and operations were to occur, then it could distort evidence related to the social or economic well-being of Canadians. This could challenge ESDC’s ability to provide informed advice and policy recommendations.

The Department has taken steps to minimize the likelihood and impacts of fraud and wrongdoing from occurring. It has refreshed its Fraud Framework, which provides a cohesive, integrated and enterprise-wide approach to prevent, detect, and address fraud and wrongdoing against the Department. These measures incorporate controls rooted in a privacy-aware culture, accountability and governance, risk assessment, disclosure, investigation, monitoring, and reporting. They increase the Department’s capacity to prevent and respond to cases of fraud and wrongdoing sooner and more effectively, reducing the impact on the Department.

Although the Department has already taken steps to reduce the risk of fraud, it continues to improve its understanding of potential fraud and wrongdoing against and within its programs, services, and operations through regular analysis of the frequency and amount of fraud as well as the drivers behind it (malicious intent or accidental). The Department is seeking to align its systems and reporting mechanisms to improve its ability to identify, limit, and respond to incidents of inappropriate access to, or manipulation of, information in its electronic systems. ESDC will be introducing a secure website in 2019 to 20 through which citizens can report suspected program abuse. The Department will also test software to centralize and manage data for more efficient monitoring to ensure ESDC can keep pace and act on wrongdoing and fraud within a changing technological environment.

Given that the risk of fraud and wrongdoing is a variable threat, and considering existing controls and additional mitigations expected to be completed by March 31, 2021, ESDC accepts to maintain a residual and target risk severity level of medium likelihood / moderate impact.

7. Privacy/Safeguarding personal information

The large volume of personal information obtained or prepared by ESDC, the risk of its inadvertent or inappropriate access, use, disclosure or disposal by ESDC or its appropriation by threats that are constantly evolving, could result in a significant unauthorized loss or disclosure.

ESDC manages volumes of personal information much of which is sensitive. Not only can a loss or unauthorized disclosure of information lead to identity theft, fraud, or physical threats to individuals, but in a significant privacy breach situation, ESDC could also risk losing public confidence and trust. The large quantity of personal information and the technical sophistication of current and future threats means that ESDC must actively keep pace by continuously focussing on privacy controls and the implementation of safeguards.

Figure 7: Severity of privacy / safeguarding personal information risk
Figure 7: description follows
Figure 7: Severity of privacy / safeguarding personal information risk – Text version

The severity of the Privacy / Safeguarding Personal Information Risk (number 7 risk) is illustrated on the 3 by 3 matrix as follows:

  • Initial risk (empty dot) is in the middle square of the top row (red zone – medium likelihood and high impact)
  • Residual risk (full dot) is to the left of the empty dot but in a different zone (yellow zone – low likelihood but same high impact as initial risk)
  • Target risk (star) is in the same place as the full dot and overlaps it almost entirely (yellow zone – low likelihood and same high impact as residual risk)

Should this risk event occur, it could increase the risk of fraud by potentially reducing the Departments’ ability to effectively prevent, detect, and manage internal or external fraudulent activity and wrongdoing in relation to the delivery of its programs, services and operations. The Physical Security risk could also increase this risk to ESDC clients since an information breach could result in the divulgence of personal client information.

To protect personal information, the Department has established a robust privacy regime, including the Departmental Policy on Privacy Management (DPPM) and the Privacy Management Framework (PMF) for the management, safeguarding and judicious use of personal information. Together, the DPPM and PMF, aligned with the Treasury Board security policy and standards, consist of a risk-based and proactive approach for the management of personal information which includes:

  • structured and coordinated risk management processes
  • technical, physical and administrative safeguards to protect personal information throughout its life-cycle
  • awareness campaigns and mandatory training to foster a privacy-respectful organizational culture; and
  • a governance structure that provides senior-level privacy risk oversight

Considering the risk controls in place and the planned mitigations, it is anticipated that the target risk severity will be reduced from medium likelihood/significant impact to low likelihood/significant impact.

8. Service delivery

There is a risk that ESDC will not be able to provide and maintain high quality, timely, accurate, and efficient government services, delivered through multiple channels, in both the short and long-term. ESDC must be able to deliver day-to-day services to Canadians and, at the same time, transform service delivery to respond to Canadians' evolving needs and expectations.

Emerging technologies are Canadians’ expectations that government services, become more accessible, responsive and easier to use. While the Department is expected to continue to deliver services that meet the current high standards, it is also expected to modernize and transform to meet rising expectations. There is a risk that the Department will not have the ability to maintain consistent high-quality day-to-day services while innovating to keep pace with service delivery models enabled by modern technology.

Figure 8: Severity of the service delivery risk
Figure 8: description follows
Figure 8: Severity of the service delivery risk – Text version

The severity of the Service Delivery Risk (number 8 risk) is illustrated on the 3 by 3 matrix as follows:

  • Initial risk (empty dot) is in the upper right square (red zone – high likelihood and high impact)
  • Residual risk (full dot) is immediately to the left of the empty dot and touches it on the edge (red zone – same high impact as initial risk but slightly lower likelihood)
  • Target risk (star) is to the left of the full dot but still in the same red zone, indicating lower likelihood but same high impact

Should this risk event occur with ESDC not being able to effectively deliver ongoing services, it could increase the likelihood of the risks associated with Project Management because programmes and projects may not fully realize benefits on time, budget and scope.

The Transformation and Integrated Service Management Branch (TISMB) – introduced as a mitigation and now an existing control – is working collaboratively with its partners within the Department, across the federal government, and with provinces and territories to transform how ESDC engages to better understand Canadians and deliver services that meet their needs. The Department will continue to perform regular reviews of its transformation initiatives to adjust the sequencing and prioritization of deliverables and balance its resource needs through vehicles such as the Major Projects and Investment Board and ADM Service Transformation Committee. It will also continue to report on progress through regular service dashboards and scorecards.

Further mitigations have been developed to streamline processes and to address specific issues relating to service delivery, client expectations, technology, and human resource needs.

Mitigations planned to streamline processes include those to boost ESDC’s capacity to secure a sufficient workforce with in-depth and program-specific knowledge for both ongoing operations and transformation initiatives. ESDC will allocate people resources to support the success of both operations and transformation initiatives. It will also fast track and increase the capacity of Branches to hire and onboard a workforce to meet the needs of today and the future.

To address specific service delivery issues, ESDC will review and streamline the Grants and Contributions process to reduce administrative burden, and through conducting internal and external consultations, it will develop a multi-year action plan to identify other key areas for improvement. ESDC will also mature the Integrated Service Management function to support an integrated approach to managing services across programs, branches and channels and will further mitigate against competing service workloads.

To manage client expectations, service standards and real-time performance results will be published on a monthly basis on Canada.ca.

Service delivery is dependent on technology. ESDC plans to conduct a complete business process and technology renewal (Benefits Delivery Modernization) for Employment Insurance, Old Age Security, and the Canada Pension Plan to enhance client service by transforming the way benefits are delivered. It will migrate to the Hosted Contact Centre Solution (HCCS), which will replace existing end-of-life call centre technology with a modern, hosted, centralized, and shared platform.

Considering the risk controls in place and the planned mitigations, it is anticipated that risk severity will be reduced slightly by March 31,2021but ultimately; it can only reach its target of medium likelihood/significant impact once the IT Risk mitigations are in place in 2024.

9. Policy design

A quickly evolving social and economic context could put at risk ESDC’s ability to provide timely and high quality policy advice.

Employment and Social Development Canada has a mandate to build a stronger and more inclusive Canada, to help Canadians live productive and rewarding lives and to improve Canadians' quality of life. While the Department continues to develop policies in support of its mandate, it is also operating in a quickly evolving social and economic environment. As such, there is a risk that it may not be able to provide timely policy advice that keeps pace with these rapid shifts.

Figure 9: Severity of the policy design risk
Figure 9: description follows
Figure 9: Severity of the policy design risk – Text version

The severity of the Policy Design Risk (number 9 risk) is illustrated on the 3 by 3 matrix as follows:

  • Initial risk (empty dot) is in the middle of the matrix (yellow zone – medium likelihood and medium impact)
  • Residual risk (full dot) is below the empty dot and overlaps the middle square (yellow) and the square below it (green) (same medium likelihood as initial risk but slightly lower impact)
  • Target risk (star) is to the left of the full dot but in the green zone (slightly lower likelihood than residual risk but same impact)

Should this risk event occur, it could result in less than optimal designs of policies and programs. The risk of Policy Design must be addressed in order to maintain targeted and responsive policies that address the public’s needs.

The Department has a number of existing controls in place to reduce the Policy Design risk. For example, ESDC has well established governance structures, both internal and external, such as the Strategic Policy Committee and Federal/Provincial/Territorial Committees (e.g. Forum of Labour Market Ministers), which serve as fora for discussing emerging issues and advancing the Government’s policy agenda. As well, through Government-wide committees such as the Deputy Minister Committee on Inclusive Growth, ESDC is able to apply a forward-looking lens to assess the impacts of public policies and programs in support of growth. ESDC also undertakes stakeholder engagement through Public Opinion Research, social media, and policy co-design, to understand the needs and expectations of Canadians and work to ensure policies and programs are responsive. Priority Trackers, Ministerial Stock Takes, Memoranda to Cabinet and Treasury Board Submissions are also used to monitor and track Government commitments.

Along with the controls in place, the Department is working to further reduce this risk by establishing new mitigation activities that improve policy responsiveness. The development of a coherent research strategy and plan will seek to improve the policy foundation by integrating research and analysis across the Department and making them easily accessible to teams responsible for policy development and implementation. ESDC will also leverage its Medium Term Planning process and further leverage Policy Horizons Foresight to understand the uncertainty surrounding emerging policy issues. Through these processes, ESDC will assess the responsiveness of programs to potential changes in the economic and social landscape, in consultation with internal and external partners (e.g. academics and other experts). The Department will capitalize on the work being done in the ESDC Innovation Lab to create more responsive policy approaches and use its Data Strategy to enhance key data foundations, including a Data Policy and Data Stewardship Program to support greater use, access, and collection of data to inform policy design and evidence-based decision-making.

After taking into consideration the existing controls in place and planned mitigation activities it is anticipated that the risk severity will be reduced to a target of low likelihood and vary between low to moderate impact depending on planned completion dates for activities.

10. Business continuity

Due to external threats such as natural disasters, cyber-attacks workplace violence and terrorism, there is a risk that critical systems go offline or facilities close. This may result in an interruption in the delivery of services to Canadians.

Although the likelihood of external threats such as natural disasters, cyber-attacks, workplace violence, and terrorism is highly variable, the potential impacts to service disruption are high, and it remains a risk.

Figure 10: Severity of the business continuity risk
Figure 10: description follows
Figure 10: Severity of the business continuity risk – Text version

The severity of the Business Continuity Risk (number 10 risk) is illustrated on the 3 by 3 matrix as follows:

  • Initial risk (empty dot) overlaps the top middle square in the red zone and the middle square in the yellow zone (medium likelihood and medium to high impact)
  • Residual risk (full dot) is immediately below the empty dot and overlaps it slightly (yellow zone – same medium likelihood but slightly lower impact than initial risk)
  • Target risk (star) is immediately below the full dot and in the middle of the matrix (yellow zone – same medium likelihood and slightly lower impact than residual risk)

Should systems go offline or facilities close it could directly impact the Service Delivery risk by further challenging ESDC’s ability to effectively deliver services to Canadians.

ESDC maintains a schedule for the renewal and communication of its Business Continuity Plans, Recovery Strategies, and Emergency Management Procedures. To date, these processes have benefitted from collaboration with departmental partners as well as external stakeholders, and that will continue.

In 2019 to 2020, the Department proposes to focus on readiness to respond and validate the effectiveness of its approaches through training and simulation. Minimum service levels and recovery time objectives will be measured on an annual basis to assess the Department’s progress towards business continuity.

Considering the risk controls in place and the planned mitigations, it is anticipated that risk severity will be reduced to a target of medium likelihood/moderate impact by March 31, 2023.

11. Physical security

Due to the types of programs administered by the Department and given the public access to service delivery areas, there is a risk that the security of employees or clients may be compromised. This may have an impact on employee mental health and morale or may result in physical harm or injury.

Should this risk event occur, the Business Continuity risk could be exacerbated if a Departmental workplace or Service Canada Centre needs to close. Risks to the physical security of employees and the public have the potential to impact the Service Delivery risk because it would interfere with the Department’s ability to provide quality and timely service to Canadians.

Figure 11: Severity of the physical security risk
Figure 11: description follows
Figure 11: Severity of the physical security risk – Text version

The severity of the Physical Security Risk (number 11 risk) is illustrated on the 3 by 3 matrix as follows:

  • Initial risk (empty dot) is in the middle of the matrix in the yellow zone (medium likelihood and medium impact)
  • Residual risk (full dot) is to the left of the empty dot but in the green zone (low likelihood but same medium impact as initial risk)
  • Target risk (star) is immediately below the full dot in the same green zone (same low likelihood and slightly lower impact than residual risk) 

An evidence-based Security Communications Plan is in place and a Security Awareness, Training, Education and Outreach Program is being developed to ensure that security awareness tools and products are in place and aligned with security trends and that they sustain a strong security culture respectively. The Departmental Security Officer’s ongoing monitoring and regularly reporting on the statistics and trends in security incidents will continue to be a critical control to mitigate this risk.

To enhance the aforementioned controls, ESDC will continue to implement recommendations from the Threat and Risk Assessments of client-facing sites, and assess the awareness of and training on the tools available through the Security Awareness, Training, and Education Plan. It will also review and update its Security Policy, directives, guidelines and tools to align with the new Policy on Government Security that came into effect in July 2019, and to respond to the needs of the modern workplace

Considering the risk controls in place and the planned mitigations, it is anticipated that the risk severity will be reduced to a target of low likelihood/moderate impact by March 31, 2021.  

Conclusion

The Corporate Risk Profile provides an enterprise level overview of the risks that ESDC faces. The information found in the CRP is intended to be considered as part of decision-making relating to priority-setting within the organization. It also provides assurance to senior management and key stakeholders that a comprehensive risk management framework is in place, that potential enterprise risks are identified and monitored, and that actions are taken when required. It also empowers employees with the risk information they require to inform and influence their work.

The CRP delivers a structured approach to identify the top risks and the plans to be put into motion to help reduce risk, increase controls where required, and seize opportunities. It highlights the interconnected risks that could have the greatest impact on the achievement of the Department’s strategic objectives. Knowledge of risk information at all levels of the organization will support the Department to meet its objectives and deliver on results.

As the Department strives to ensure that Canadians receive high quality and efficient services, it must remain mindful of the changing environment in which it operates. Risk management will play an important role as the Department navigates the uncertainty. By understanding its risks and managing them effectively, ESDC can explore new opportunities. Intelligent risk-taking allows an organization to identify areas where risk exposure is within its tolerance allowing for opportunities to innovate, experiment and find new ways to adapt to a changing environment.

The CRP is only one part of ESDC’s approach to risk management. It is up to all employees to consider risk at all levels of the organization when planning and prioritizing. The goal is that the information in the report is taken into account when making decisions about priorities and reinforces sound risk management practices in ESDC. 

Appendix A – ESDC risk taxonomy

Risk areas

HR management
Threats/Opportunities linked with recruitment and retention of staff, succession planning, and staff management and capacity building.
Information/ Knowledge management (data)
Threats/Opportunities related to with an organization’s capacity and sustainability of information management procedures and practices, of collection and management of knowledge such as operational information, records, research, scientific data and intellectual property.
Privacy/Safeguarding of personal information
Threats/Opportunities linked with an organization’s protection of personal information including sharing information agreements.
Project Management
Threats/Opportunities linked with an organization’s processes, practices and capacity of developing and managing projects in support of its overall mandate, as well as risks associated with specific projects that may require ongoing management.
Resource management
Threats/opportunities linked with the availability and level of resources of an organization to deliver on its mandate, as well as the organization's management of these resources.
Investment planning and investment portfolio management
Threats/Opportunities linked with the capacity of an organization to adequately prioritize and schedule its resources (human and financial capital, information technology, and physical assets) to deliver on its mandate and priorities
Service delivery
Threats/Opportunities linked with an organization’s design, implementation and delivery of services as well as service channel capacities.
Business continuity
Threats/Opportunities linked with business processes including implementation failure and disruption of activities, programs or services due to natural, technological or human-induced event.
Business process controls/Integrity
Threats/Opportunities linked with business process design and implementation, including implementation gaps, inadequate measures, tools or methods, or poor documentation.
Communications
Threats/Opportunities linked with an organization’s approach and culture of communication, consultation, transparency and information-sharing, both within and outside the organization.
Financial management
Threats/Opportunities linked with the structures and processes of an organization to ensure sound management of financial resources and its compliance with financial management policies and standards.
Fraud
Threats/Opportunities linked with a form of false representation with the specific intent of gaining an unfair or dishonest advantage. It involves either wilful misrepresentation or deliberate concealment of material facts for the purpose of inducing another person or organization to either part with money or something else of value or to surrender a legal right.
Governance and strategic directions
Threats/Opportunities linked with an organization’s approach to leadership, decision-making and management capacity i.e. complexity of governance structure, definition of roles and responsibilities.
Information technology
Threats/Opportunities linked with an organization’s capacity and sustainability of information technology, both the infrastructure and utilization of technological applications i.e. obsolescence, transformation.
Stakeholder relations/Partnerships
Threats/Opportunities related to our relationship with other governments, other departments, organization’s partners and stakeholders.
Transfer payments
Threats/Opportunities related to the design, the delivery and management of transfer payment programs (benefit to individuals, funding to organizations and transfers to other governments) in a manner that respects sound stewardship transparency, accountability, and fairness.
Capital infrastructure
Threats/Opportunities linked with an organization’s capital infrastructure including hard assets (e.g. buildings, vessels, scientific equipment, fleet), but excluding IT.
Contracting and Procurement
Threats/Opportunities linked with an organization’s acquisition of goods or services from external sources.
Legal obligations
Threats/Opportunities linked with an organization’s achievement of its legislated obligations (compliance with, laws, regulations, and domestic and international treaties, agreements and policies).
Policy design
Threats/Opportunities linked with an organization’s design, implementation and delivery of policies and programs which may impact the organization’s overall objectives.
Reputation/Public perception
Threats/Opportunities linked with an organization’s reputation and credibility with its partners, stakeholders and the Canadian public.
Values and ethics
Threats/Opportunities linked with an organization’s culture and capacity to adhere to the spirit and intent of the Values and Ethics Code for the Public Service.
Physical security
Threats/Opportunities linked with an organization’s provision of safe and secure work places.

Appendix B – Priorities for Transformation

Figure: Priorities for Transformation 2018 to 2019 – Strategic framework
Figure: description follows
Figure: Priorities for Transformation 2018 to 2019 – Strategic framework – Text version

Priorities for transformation 2018 to 2019

Policies and programs: Growth that benefits all

Cross Cutting Themes:

  • Indigenous Reconciliation
  • Gender Impact and Equality
  • Innovation and Experimentation
  • Vulnerable Groups
  • Policy-Service Integration
  • Diversity and growth

Support well-being and full and equal participation in Canada’s prosperity.

  • Support gender equality at home and in the workplace through introduction of a new EI Parental Sharing Benefit and investing in early learning and child care innovation and reporting.
  • Support official language minority communities through the government’s OL Action Plan
  • Assist children in receiving education savings incentives, especially, the Canada Learning Bond
  • Close the gaps between Indigenous and non-Indigenous Canadians through continued co-development of Indigenous Early Learning and Child Care framework, implementation of a new Indigenous Skills and Employment Training Strategy and support for the post-secondary education review
  • Release and implement the Poverty Reduction Strategy with other federal, P/T and Indigenous partners
  • Assist vulnerable Canadians with access to safe, stable and secure housing
  • Increase retirement security through Canada Pension Plan Enhancement and other measures
  • Table accessibility legislation
  • Co-create with stakeholders and other Government departments federal Social Innovation/Social Finance strategy
Adapting to a changing labour market

Help Canadians succeed in an evolving economy and changing labour market.

  • Support lifelong learning and skills upgrading through: increased investments in training (e.g. LMDA); modernization of the Youth Employment Strategy; expanding Student Work Placements for youth; and enhancing student aid for adult learners through Skills Boost
  • Build a flexible and resilient labour force by making permanent and expanding provisions of the EI Working While on Claim pilot and by providing assistance to workers in seasonal industries
  • Encourage innovation in skills development and measurement via Future Skills
  • Encourage women and other members of underrepresented groups to pursue opportunities in the skilled trades through development of: the Apprenticeship Incentive Grant for Women, Pre-Apprenticeship Program, Women in Construction Fund and Union Training and Innovation Program
  • Better connect job seekers and employers in a timely fashion through the Job Bank app and career information platform
  • Provide greater support to workers during difficult transitions by expanding the Wage Earner Protection Program
  • Assist low-income workers through more generous, accessible Canada Workers Benefit
A fair and safe workplace

Promote equality in the workplace and combat unsafe and unfair practices.

  • To address the gender wage gap, move forward with proactive pay equity legislation and implement pay transparency requirements
  • Protect Federally Regulated Employees from Harassment and Violence (C-65)
  • Implement new measures to enhance compliance with, and enforcement of, the Canada Labour Code
  • Better protect workers and set the stage for good quality jobs by introducing amendments to modernize federal labour standards
  • Strengthen program compliance through increased inspections and enforcement to protect Foreign Workers.

Transforming our services

Experience

A world-class service experience with benefits and services delivered when needed

  • Improve the sharing of information between programs and across departments (e.g. consent based sharing of direct deposit with CRA)
  • Make providing/receiving information fast and convenient (e.g. upload of application documents for CPP-D, telephone self-service, proactive communication with clients)
  • Improve client engagement and implement feedback (e.g. client centric policy) to improve service experience
Quality

Accurate and consistent service

  • Survey clients and leverage client feedback to improve service quality
  • Simplify and improve the experience of applying for programs or using services (e.g. standardize info and service tools, provide step-by-step and how-to video)
  • Implement a transparent approach to reporting against service standards
  • Develop an enterprise-wide Quality Framework to embed quality considerations in a consistent fashion at each stage of the policy-program-service continuum.
  • Strengthen tools and processes to safeguard the integrity of programs, services and operations.
Timeliness

Issues resolved at first point of contact

  • Leverage existing information to auto-enroll clients.
  • Improve response time by streamlining application processes and leveraging digital technology for service delivery.
  • Invest resources in areas of existing and potential inventories (e.g. EI processing and services, OAS and CPP application processing) and call centre improvements
  • Explore reduction of administrative reporting burden for businesses/employers
Access

Services are accessible to all, with digital by choice

  • Improve access to agents by launching a pilot to expand Video Chat in select SC Centres and moving forward with service improvements to Call Centres
  • Expand efforts and pursue partnerships that allow us to serve groups and communities that are hard to reach and clients that have particular needs (e.g. Indigenous communities outreach, mobile outreach, P/T partnerships to service remote areas, authorize use of delegates to assist clients)
  • Support digital service delivery through development of digital identity validation approaches and undertake pilots with My Service Canada Account (MSCA).
  • Provide more convenient access to information (e.g. enhanced Benefits Finder tool, Ask Canada forum).
  • Enhance self-service capabilities through an online portal to manage student loans and grants
  • Enhance the delivery of social services at the community level by helping community organizations build capacity.
  • Help clients access the right services at the right time, encourage uptake and identify avenues to engage clients through enhanced service marketing.

Mobilizing our organisation

Evidence-based decision making

Develop the infrastructure, tools, skills and processes to leverage data and analytics.

  • Implement the Data Strategy with a focus on building data science/analytics capacity
  • Address key gaps in the measurement of poverty
  • Support collection of data that will inform understanding of gender and equality impacts
  • Develop and implement a new 3 year Research Strategy.
  • Support the government’s Open Data initiative.
  • Modernize privacy governance to enhance the use of data while ensuring the protection of personal information.
Modern and secure technology

Develop and implement modern and secure IT infrastructure that enables digital services and effective access to information.

  • Provide employees with secure, flexible, accessible and adaptable tools that will encourage collaboration and increase productivity
  • Advance information management practices so that our information assets can be used more effectively in support of our mandate
  • Establish strong relationships with technology partners to increase responsiveness and ability to provide solutions to evolving business needs
  • Support departmental readiness for compliance with access to information reform, more specifically, the new proactive disclosure requirements.
A productive and inclusive workplace

Support our workforce through transformation and ensure a safe, healthy workplace.

  • Strengthen the Workforce for the future and improve representation of under-represented groups.
  • Foster a culture of healthy and inclusive workplace wellness
  • Modernize HR service and program delivery
  • Support the GoC’s HR-to-Pay initiative and resolution of Phoenix pay issues
  • Develop workforce plans to support ESDC’s transformation agenda
  • Enhance the ESDC physical security program and set protection standards for ESDC employees, clients, information and facilities
Resource management excellence

Strengthen project management and investment planning to direct resources to emerging priorities and deliver results.

  • Strengthen and further integrate departmental Investment Planning, Performance Management and Enterprise Project Management practices
  • Strengthen risk management and governance processes
  • Ensure robust financial management and human resources management through strategic resource allocation and sound stewardship
  • Expand efforts to innovate the workplace and generate savings in our departmental accommodations
  • Improve real-time channel management practices to enable the Department to better respond to current and emerging operational needs
Figure: Departmental results framework at a glance
Figure: description follows
Figure: Departmental results framework at a glance – Text version

Departmental results framework at a glance

Core responsibility 1: Social development

Description
  • Increase inclusion and opportunities for participation of Canadians in their communities.
Departmental results
  • Homelessness in Canada is prevented and reduced
  • Not for profit organizations, communities and other groups have an enhanced capacity to address a range of social issues such as the social inclusion of people with disabilities, the engagement of seniors, and support for children and families
  • Access to early learning and childcare is increased
  • Community spaces and workplaces are more accessible
  • Clients receive high quality, timely and efficient services that meet their needs
Program mapping
  • Homelessness Partnering Strategy
  • Enabling Accessibility Fund
  • New Horizons for Seniors Program
  • Social Development Partnerships Program
  • Early Learning and Child Care
  • Parents of Murdered or Missing Children

Core responsibility 2: Pensions and benefits

Description
  • Assist Canadians in maintaining income for retirement, and provide financial benefits to survivors, people with disabilities and their families.
Departmental results
  • Seniors have income support for retirement
  • People with disabilities and their families have financial support
  • Clients receive high quality, timely and efficient services that meet their needs
Program mapping
  • Old Age Security
  • Canada Pension Plan
  • Canada Disability Savings Program

Core Responsibility 3: Learning, skills development and employment

Description
  • Help Canadians access post-secondary education, obtain the skills and training needed to participate in a changing labour market, and provide supports to those who are temporarily unemployed.
Departmental results
  • More students from low- and middle-income families access and participate in post-secondary education.
  • Canadians receive financial support during employment transitions such as job loss, illness, or maternity/parental leave.
  • Canadians access education, training, and life-long learning supports to gain the skills and work experience they need.
  • Canadians participate in an inclusive and efficient labour market.
  • Clients receive high quality, timely and efficient services that meet their needs.
Program mapping
  • Employment Insurance
  • Labour Market Development Agreements
  • Workforce Development Agreements
  • Opportunities Fund for Persons with Disabilities
  • Youth Employment Strategy
  • Canada Service Corps
  • Aboriginal Skills and Employment Training Strategy
  • Skills and Partnership Fund
  • Union Training and Innovation
  • Literacy and Essential Skills
  • Future Skills Program
  • Enabling fund for Official Language Minority Communities
  • Canada Student Loans and Grants and Canada Apprentice Loans Program
  • Canada Education Savings Program
  • Apprenticeship Grants
  • Job Bank
  • Sectoral Initiatives Program
  • Skilled Trades and Apprenticeships (Red Seal Program)
  • Foreign Credentials Recognition Program
  • Temporary Foreign Worker Program
  • Student Work Placements

Core responsibility 4: Work conditions and relations

Description
  • Promotes safe, healthy, fair and inclusive work conditions and cooperative workplace relations.
Departmental results
  • Work conditions are fair and inclusive
  • Labour relations are cooperative
  • Workplaces are safe and healthy
  • Clients receive high quality, timely and efficient services that meet their needs
Program mapping
  • Labour Relations
  • Occupational Health and Safety
  • Federal Workers' Compensation
  • Labour Standards
  • Workplace Equity
  • International Labour Affairs
  • Wage Earner Protection Program

Core responsibility 5: Information delivery and services on behalf of other government departments

Description
  • Provide information to the public on the programs of the Government of Canada and the department, and provide services on behalf of other government departments.
Departmental results
  • Clients receive high quality, timely and accurate government information and services that meet their needs
  • Canadians can obtain an error-free passport within Canada in a timely manner
Program mapping
  • Government of Canada Telephone General Enquiries Services
  • Government of Canada Internet Presence
  • In-Person Points of Service
  • Passport
  • Other Government Department Programs
Internal services
  • Management and Oversight
  • Communications
  • Legal
  • Human Resources Management
  • Financial Management
  • Information Management
  • Information Technology
  • Real Property Management
  • Acquisition Management
  • Materiel Management

Page details

Date modified: