Framework for the Management of Risk

The Framework for the Management of Risk (the Framework) is effective as of August 27, 2010.

The Framework will be supported by learning resources, which will replace the Treasury Board Integrated Risk Management Framework (2001) and the Integrated Risk Management Implementation Guide (2004).

In a dynamic and complex public sector context, risk management plays a significant role in strengthening government capacity to recognize, understand, accommodate and capitalize on new challenges and opportunities. Effective risk management equips federal government organizations to respond actively to change and uncertainty by using risk-based information to enable more effective decision-making. In turn, increased capacity and demonstrated ability to assess, communicate and manage risk builds trust and confidence, both within the government and with the public.

For the Government of Canada to continually improve the way it delivers services to Canadians, it is important that its management regime fosters flexibility, seeks opportunity and focuses on results. Integral to such a regime is effective risk management. The principles-based approach to risk management articulated in this Framework provides the flexibility to departments and agencies to tailor management solutions to their mandate and objectives. In addition, it enables strategic, risk-informed oversight and less transactional involvement of the Treasury Board and Treasury Board Secretariat in supporting department and agency management initiatives.

In order to foster this type of risk-informed culture and capacity to fully realize performance improvements within federal organizations, strengthened risk management approaches must be reflected across all business practices. Failure to effectively manage risks can result in increased program costs and missed opportunities, which can compromise program outcomes, and ultimately public trust. In contrast, sound risk management is fundamental to effective public administration as it can lead to a more effective, results-based, and high performance government. Key terminology related to risk management is defined in Appendix A.

As one of the three core frameworks guiding Treasury Board policies and management instruments, the Framework for the Management of Risk provides Deputy Heads with principles to embed risk management as a critical element in all areas of work, at all levels of their organization. The risk management principles outlined in this Framework complement the conceptual model for policy renewal set out in the Foundation Framework for Treasury Board Policies as well as the considerations for managing compliance identified in the Framework for the Management of Compliance.

The Framework for the Management of Risk outlines the risk management principles to guide Deputy Heads in the effective management of their organizations in all areas of work, including policy and program implementation. These principles apply to all Treasury Board policies, including the individual policies of the renewed Treasury Board Policy Suite, and guide the Treasury Board Secretariat in its policy development, enabling and oversight roles. These three core Frameworks are put in place to enable more effective management of federal organizations by promoting accountability, transparency and supporting risk-informed decision-making, which is recognized as a leading management practice.

Specifically, the principles contained in the Framework for the Management of Risk have shaped the design and choice of implementation approaches for particular Treasury Board policies (e.g. Policy on Internal Audit, Policy on Internal Control, Policy on Transfer Payments, Policy on Investment Planning), and will continue to be refined and adjusted based on emerging trends and lessons learned from their implementation.

Key linkages with other Treasury Board instruments are outlined in Appendix B. The current list of Treasury Board policies can be found on the Secretariat's web site.

The purpose of this Framework is to provide guidance to Deputy Heads on the implementation of effective risk management practices at all levels of their organization. This will support strategic priority setting and resource allocation, informed decisions with respect to risk tolerance, and improved results.

To achieve this purpose, the Framework provides principles and guidance for Deputy Heads to consider in their role as leaders of sound risk management practices and risk management integration within their organizations. For the purposes of the Framework, departments and agencies are those defined in section 2 of the Financial Administration Act.

Effective risk management, supported by this Framework, and associated learning resources, will enable Deputy Heads to:

• Identify and explain different types of risks at all levels of their organization and how they can be managed;
• Provide guidance on setting risk tolerance levels and making decisions informed by considerations of risk and mitigation strategies, including who should be involved;
• Support learning opportunities in their organization, including informal and formal risk management practices that respond to the needs and culture of their organizations;
• Lead by example by embedding risk management principles and practices in the management of their organization; and
• Align their risk management practices with other Treasury Board management practices and policies.

The following risk management principles inform the development of, and apply to, all Treasury Board policy instruments, some of which have embedded risk management requirements specific to their policy coverage. These principles are grounded in federal public service values and ethics, and guide and underpin effective risk management across the federal government. The principles support Deputy Heads, and their departments and agencies, in taking risk-informed approaches to management decisions and in demonstrating and verifying that risks are successfully identified, assessed and managed within their respective organizations.

To that end, effective risk management in the federal government should:

• support government-wide decision-making and priorities as well as the achievement of organizational objectives and outcomes, while maintaining public confidence;
• be tailored and responsive to the organization's external and internal context including its mandate, priorities, organizational risk culture, risk management capacity, and partner and stakeholder interests;
• add value as a key component of decision-making, business planning, resource allocation and operational management;
• achieve a balance between the level of risk responses and established controls and support for flexibility and innovation to improve performance and outcomes;
• be transparent, inclusive, integrated and systematic; and
• continuously improve the culture, capacity and capability of risk management in federal organizations.

In addition, Treasury Board policy instruments and associated oversight activities are aligned with the above and also guided by the following principles:

• Treasury Board policy instruments should target risks linked to achieving federal government management objectives;
• these instruments should be proportional to the degree of impact and likelihood of the risks identified; and
• oversight should be adjusted to correspond to an organization's demonstrated capacity for managing risk, where circumstances permit.

Learning resources to support the practical application of these principles by departments and agencies, including the 2010 Guide to Integrated Risk Management, are available on the Treasury Board Secretariat's web site.

All enquiries regarding this Framework, as well as its supporting guides and tools, should be directed to:

Email: TBS Public Enquiries.