Management Response and Action Plan: Audit of Integrated Risk Management at Health Canada
Recommendation 1
The CFO should ensure that the new Risk Management Policy and related Guide:
- Clearly establish minimum expectations for branches regarding risk processes and associated risk management outputs;
- Establish and clarify the roles and responsibilities of CFOB with respect to functional authority over risk management practices across the Department, including monitoring, assessment, and reporting on practices and compliance with HC's Risk Management Policy;
- Define a process for a periodic review, assessment, and reporting on the status of HC risk management practices; and
- Ensure that risk management updates, including the results of CRP annual reviews, are incorporated as standing items on EC and DAC agendas on a regular basis.
Management response
Management agrees with the recommendation.
| Planned Actions | Deliverables | Expected Completion Date | Responsibility |
|---|---|---|---|
The CFOB, in consultation with Branch ADMs, will finalize the Risk Management Policy and update the accompanying Guide. The Risk Management Guide will include guidance on the periodic review, assessment and reporting on the status of Health Canada corporate- and program-level risk management practices. |
1.1 Risk Management Policy approved by the Deputy Minister |
July 31, 2023 |
CFO |
1.2 Risk Management Guide approved by the CFO |
September 30, 2023 |
CFO |
Recommendation 2
The CFO, in consultation with branch heads, should develop formal risk management procedures and tools that promote standardized branch-level risk management practices and outputs. To ensure that expectations are understood and activities are implemented consistently, the CFOB should collaborate with branch heads to:
- develop and communicate branch-level risk identification and assessment processes that identify key stakeholders, associated responsibilities, and timelines;
- develop and communicate standard risk categories to be considered in the identification process;
- require branch risk registers to include consideration and assessment of risks to operations, in addition to those in the CRP;
- ensure that branch risk registers are clearly linked to and inform the annual CRP review and update process;
- provide guidance on establishing risk tolerance levels and thresholds, and linking them to risk response and monitoring activities; and
- develop and implement training and awareness informed by results of the periodic assessments of departmental risk management practices.
Management response
Management agrees with the recommendation.
| Planned Actions | Deliverables | Expected Completion Date | Responsibility |
|---|---|---|---|
CFOB, in consultation with branch leads, will develop a Risk Management Guide that includes:
CFOB, in consultation with branch leads, will also develop a new section in the Performance Information Profile templates to document the alignment of program and corporate risks CFOB will develop training materials for all Health Canada employees on corporate and program-level risk management practices. |
2.1 Risk Management Policy and Guide are posted on the HC/PHAC Intranet |
November 30, 2023 |
DG Departmental Submissions and Performance Measurement Directorate |
2.2 Risk Training materials are posted on the HC/PHAC Intranet |
December 31, 2023 |
DG Departmental Submissions and Performance Measurement Directorate |
|
2.3 Revised Performance Information Profile templates shared with branch leads |
November 1, 2023 |
DG Departmental Submissions and Performance Measurement Directorate |
Recommendation 3
The CFO, in consultation with branch heads, should establish risk management monitoring and assessment processes at the departmental and branch levels to evaluate and demonstrate the effectiveness of risk management activities across the Department and to ensure that risks and their associated responses are periodically reviewed and updated. Elements that would support the development of such processes include identifying and reviewing the following:
- number of risks, whether they materialized, and if they were mitigated;
- changes to the nature and level of risks, and associated responses due to evolving circumstances;
- progress on implementing risk responses; and
- costs of risk mitigation measures.
Management response
Management agrees with the recommendation.
| Planned Actions | Deliverables | Expected Completion Date | Responsibility |
|---|---|---|---|
CFOB, in consultation with branch leads, will include guidance on risk management monitoring practices in the Risk Management Guide. |
3.1 Risk Management Guide is posted on the HC/PHAC Intranet |
November 30, 2023 |
DG Departmental Submissions and Performance Measurement Directorate |
| Deliverable # | Rationale |
|---|---|
2.3 Risk Training materials are posted on the HC/PHAC Intranet |
Training materials must align with the Risk Policy and Guide, both of which are set to be finalized in July 2023. While training materials can be developed in tandem with those documents, they will only be able to be finalized once the Policy and Guide themselves are approved. Additional time is also required for engagement/pilot testing with the target audience, translation, final editing, and web coding. |
Page details
- Date modified: