Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - Risk Management Guide (Review Guide) - November 1, 1994


Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.


(4) COMPENSATION OR RESTORATION AND RECOVERY

Objective

4.0 To ensure that the organization has developed its capacity; to investigate incidents to determine their causes; to assess the extent and value of damages and determine potential legal liability; to learn from incidents which have occurred in order to prevent similar occurrences; and to develop and maintain appropriate systems for effectively handling claims and for compensating those who have suffered as a result of government operations.

Note: Refer to sections 5 through 9 for more specific criteria and audit procedures.

Criteria

4.1 The organization has the capacity to investigate incidents, assess the extent of damages and determine their causes and potential liability.

Detailed Criteria/Audit Procedures

4.1.1 Determine whether or not the organization has investigated incidents in the past and if the investigations were carried out appropriately and in a timely manner.

4.1.2 Assess whether the staff has the capacity and has been properly trained and informed to assess damages and determine causes and potential liability.

4.1.3 Determine whether or not the organization has assessed the extent and value of damages.

4.1.4 Determine whether or not the organization has determined legal liability for an incident or has plans to do so should the need arise.

4.1.5 Where possible, identify legal determinations of responsibility which have been made by the staff and assess whether or not these determinations have been carried out appropriately and in accordance with government policy. (See the section on claims and ex gratia payments below for more detailed criteria.)

4.1.6 Determine whether or not the staff are accessing those with legal responsibility and that the services being provided satisfy the questions being asked.

4.1.7 Assess whether or not the legal services are being provided in a cost-effective manner relative to other alternatives.

Criteria

4.2 The results of investigations are being used in a manner which prevents recurrence.

Detailed Criteria/Audit Procedures

4.2.1 Determine whether or not the results of investigations and recommendations for the nature of payments or claims are being made available to decision-makers.

4.2.2 Determine whether or not the results of investigations and recommendations for the nature of payments or claims are being used by decision-makers.

4.2.3 Assess whether or not there are recurrence of similar claims.

Criteria

4.3 Employees and/or volunteers who qualify for legal assistance have received it.

Detailed Criteria/Audit Procedures

4.3.1 Determine whether or not legal assistance was provided in accordance with the Policy on the Provision of Legal Assistance to Crown Servants and that advice was provided to the employee or volunteer in a timely manner.

4.3.2 Ensure that the documentation in support of a request for legal assistance was complete ( including the employee's or volunteer's report, appointment of legal counsel and advice received from the Department of Justice).

4.3.3 Ensure that the amounts authorized for legal assistance are within policy limits.

4.3.4 Ascertain whether or not the organization has considered possible conflicts of interest and dealt with them appropriately.

Criteria

4.4 The organization has the capacity to develop and maintain appropriate systems for effectively handling claims and compensating those who have suffered as a result of government operations.

Detailed Criteria/Audit Procedures

4.4.1 Determine if staff involved in the process is properly trained and informed to develop and maintain the system.

4.4.2 Determine what the demands are (or will be) on the system.

4.4.3 Determine the cost of developing the system.

4.4.4 Determine the cost of maintaining the system once it is developed.

4.4.5 Determine whether or not other organizations have already developed such a system and assess whether or not it would be more economical to acquire such a system from one of these organizations.

4.4.6 Determine whether or not it would be cost-effective to use systems operated by other organizations.

Criteria

4.5 The organization can effectively handle claims and compensate those who have suffered as a result of government operations.

Detailed Criteria/Audit Procedures

4.5.1 Determine whether or not the applicable policy guidelines on reporting have been followed and that the report(s) are complete.

4.5.2 Determine whether or not the applicable policy guidelines on investigation have been followed and that the level of investigation is commensurate with the amounts involved.

4.5.3 Verify that the procedures specified in the Policy have been followed as appropriate and in a manner which served the government in a cost-effective and responsible manner.

4.5.4 Assess whether or not recommendations made at the end of an investigation have been carried out and determine whether or not they were carried out in a cost-effective manner.

4.5.5 Determine whether or not the compensation procedures outlined in government policy have been followed appropriately when applicable, and determine if they were in accordance with legal advice and government policy.

4.5.6 Verify that documentation exists to justify payment and that a release has been obtained except where it would not be administratively expedient.

4.5.7 Verify that documentation explains the reasoning behind an ex gratia payment.

4.5.8 Verify that where employees or volunteers are the recipients of ex gratia payments, reference is made to their duties at the time of the loss.

4.5.9 Verify that the documentation related to ex gratia payments includes the failed search for other reasonable means of compensation under other statutes or regulatory schemes.

4.5.10 Ensure that the organization has made a reasonable effort to satisfy claims by the Crown, taking into account administrative expediency and cost-effectiveness.

a) Verify that a legal opinion has been sought where large sums of money are involved.

b) Verify that the procedures to retain or off-set monies due to the servant have been followed when a claim is against a servant.

c) Verify that the releases signed were in accordance with the procedures and forms outlined in the policy on claims and ex gratia payments.

Criteria

4.6 Ensure that the maintenance of records relevant to the risk management process is managed economically, efficiently and effectively.

Detailed Criteria/Audit Procedures

4.6.1 Verify that there is a clear and well-understood procedure for recording, keying, filing, maintaining and reporting on data sources, risk analyses, occurrence of incidents, responses to incidents and evaluations of those responses, contingency plans and rehearsal reports and emergency personnel.

4.6.2 Determine whether or not procedures associated with risk management activities are carried out in an effective, economical and efficient fashion. (Identify any problems within these procedures or their associated systems which might prevent accurate and complete reporting.)

a) Verify that the procedure(s) used to record, key, file and report information used in risk analyses is effective, economical and efficient.

b) Verify that the filing system allows for quick identification and access to data sources.

c) Verify that the reporting system allows access to all of the data recorded and that it is relatively easy and inexpensive to produce customized reports.

d) Verify that there is an effective backup system for storing information.

4.6.3 Assess whether or not all occurrences of risk-related incidents have been reported. Verify that the database reporting system can export data on incidents to statistical programs for analysis.

4.6.4 Verify that all responses to incidents have been recorded in accordance with the Risk Management Policy; that evaluations of the responses to incidents are performed; and that the procedures established to ensure follow-up of recommendations made have been followed.

4.6.5 Verify that all contingency plans have been filed in accordance with the Risk Management Policy and that they can be easily identified and quickly accessed through either manual or electronic database systems.

4.6.6 Verify that the records on emergency personnel are secure, up-to-date, complete and accurate and allow for the quick and easy reporting of all emergency personnel who meet given sets of criteria.

Criteria

4.7 Risk analysis is being carried out accurately, efficiently, effectively, economically and in a timely fashion.

Detailed Criteria/Audit Procedures

4.7.1 Verify that there are clear procedures and guidelines for making risk analyses.

4.7.2 Assess whether the guidelines and procedures for making risk analyses are understood and are being followed.

4.7.3 Verify that risk analyses are reviewed on a regular basis to ensure that the analysis is current and/or invalid.

4.7.4 Verify that there is a system in place for identifying, recording and validating sources of the probability values used in making risk assessments, and verify that there is a system in place for updating the probability values in use as a result of changes in either sources of probability values or assessment of their validity.

4.7.5 Verify that the staff are able to access and extract information from the database of risk incidents effectively and efficiently.

4.7.6 Using incident reports and response evaluation reports, assess the overall accuracy of the risk analyses. (The auditor may wish to compare different groups when making this assessment.)

Criteria

4.8 Risks are perceived and responded to in a coordinated and comprehensive fashion (risks must be compared to opportunities lost as a result of using scarce resources to address risks rather than opportunities).

Detailed Criteria/Audit Procedures

4.8.1 Assess whether or not there is evidence that the organization has identified all of the significant opportunities as well as risks and established priorities which guide the allocation of resources between risks and opportunities.

4.8.2 Assess whether or not similar risks are being recognized as such by the organization and, as a consequence, common contingency plans have been developed. Determine whether or not these common responses exploit whatever economies of scale are available (common insurance policies, common response team, etc.).

4.8.3 Determine whether or not all risks facing the organization have been brought together and compared in order to identify the highest risk perils.

4.8.4 Assess whether or not the resources spent by the organization to minimize risk have been appropriately focussed on the higher risk perils. Determine the correlation between the organization's expenditure and the reduction of overall risk. Determine the variance in risk for all identified threats both before and after, taking into consideration efforts which have been made to minimize those threats. The reduction of inter-threat variance should indicate that the organization is reducing its highest cost risks.

4.8.5 Determine whether or not the organization's expenditure for compensation has changed over time. Assess whether or not the changes noted are indicative of improving risk management.

(5) INDEMNIFICATION OF SERVANTS OF THE CROWN

Objective

5.0 To protect the interests of servants of the Crown respecting their liability to the Crown and to third parties, and to protect the interests of the Crown respecting its potential or actual liability arising from the acts or omissions of its servants.

Note: Specific areas of risk management, such as indemnification of servants of the Crown, are implied and referred to as part of the general framework for risk management. In this sense, they are covered in sections one through four of this guide. This section contains the criteria which are specific to auditing the policy on indemnification of servants of the Crown. When auditing risk management it is necessary to refer to sections one through four above and, in addition, those sections between five and nine which are applicable to the particular audit being undertaken.

Criteria

5.1 The organization has indemnified its employees and/or volunteers in accordance with government policy.

Detailed Criteria/Audit Procedures

5.1.1 Determine whether or not the servant or volunteer informed his or her employer or department at the earliest reasonable opportunity after becoming aware of a possible or actual claim or preceding resulting from an alleged act or omission.

5.1.2 Determine whether or not the appropriate authorization forms were completed.

5.1.3 Where there has been any claim or preceding, assess whether or not the counsel selected by the Attorney General of Canada has treated all communications with the servant in confidence consistent with counsel's obligation to protect the interests of the Crown.

5.1.4 Where there has been any disciplinary or civil action by the Crown against the servant, ensure that the Crown has not used information which was disclosed in confidence by the servant to the selected counsel.

5.1.5 Where there has been the possibility of conflict of interest and the Attorney General has declined to appoint counsel to act on behalf of a servant or instructed counsel to discontinue so acting, verify that the organization has ensured that the servant was informed of their entitlement to apply for assistance under the Legal Assistance Policy.

5.1.6 a) Determine whether or not the organization has maintained adequate records of the actual amounts of damage claims and of territorial, provincial and federal court awards paid by the Crown in application of this policy.

b) Determine whether the organization is in a position to provide accurate and timely information each year to the Public Accounts (damage claims, ex gratia payments, court awards and losses of property).

c) For property reports, verify that within the department a constant definition of items and basis of cost is being used.