Corporate Risk Profile. National Film Board of Canada

Similar documents
POLICY ON RISK MANAGEMENT

Audit of Information Management. Internal Audit Report

UN-HABITAT ENTERPRISE RISK MANAGEMENT IMPLEMENTATION GUIDELINES

Summary of of the the Board of of Management Oversight Framework Assessment of of Performance. Performance. April 7, 2016.

Corporate Risk Management Audit

Indigenous and Northern Affairs Canada. Internal Audit Report. Audit of Performance Measurement. Prepared by: Audit and Assurance Services Branch

RISK MANAGEMENT FRAMEWORK

Audit of the electronic Common Information Management System (ecims) Development Project

REPORT 2015/171 INTERNAL AUDIT DIVISION. Audit of the implementation of the interface between Umoja and Galileo

Public Service Secretariat Business Plan

Resolution adopted by the General Assembly on 11 September [without reference to a Main Committee (A/71/L.86 and Add.1)]

AUDIT REPORT NOVEMBER

ARCHIVED Audit of Risk Management

Audit Report. Audit of Contracting and Procurement Activities

Risk Management in the 21 st Century Ameren Business Risk Management

Audit of the Initiation Phase of the New Bridge for the St. Lawrence Corridor (NBSLC) Project

Service Business Plan

ENTERPRISE RISK MANAGEMENT

WHO managerial reforms

Risk Management at Statistics Canada

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Risk Management Policy and Framework

Finance Division Strategic Plan

Final Report Audit of the Management of the Government of Canada Pension Modernization Project. Office of Audit and Evaluation

Risk Management Guidelines of the CGIAR System

The Ohio State University Human Resources Strategic Plan

Final Audit Report. Follow-up Audit of Emergency Preparedness and Response. March Canada

Open Government Implementation Plan (OGIP)

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

Audit of Business Continuity Planning (BCP) Audit and Evaluation Branch

Audit of Staffing and Classification

INTERNAL AUDIT DIVISION REPORT 2018/105. Audit of strategic support to the global humanitarian inter-agency coordination mechanisms

APPOINTMENT BRIEF AUGUST

Audit of Departmental Security

Risk Assessment - Balancing Risk While Enhancing Controls

Final review report Review of corporate accommodation Public Works and Government Services Canada Office of Audit and Evaluation March 31, 2016

ICMI PROFESSIONAL CERTIFICATION

Key Risks and Risk Based Management Update

INTERNAL AUDIT PLAN AND CHARTER 2018/19

DIGITIZATION AND DIGITAL ASSET MANAGEMENT POLICY

Canada. Internal Audit Charter 1+1. Canadian Nuclear Safety Commission. Office of Audit and Ethics. April 18, 2011

Auditor General of Canada to the House of Commons

LI & FUNG LIMITED ANNUAL REPORT 2016

RISK MANAGEMENT. Risk. response

Audit of the Management Control Framework (MCF) Spectrum Telecommunication Program (S/TP) Final Report. Audit and Evaluation Branch.

Audit of Policy on Internal Control Implementation (Phase 1)

Appendix 4. City of Toronto. Peer Review of the City s Emergency Management Program Review. Prepared for City of Toronto.

Review of the management of data quality in the My Government of Canada Human Resources system. Office of Audit and Evaluation

Follow-up Audit of the CNSC Performance Measurement and Reporting Frameworks, November 2011

Indigenous and Northern Affairs Canada. Internal Audit Report. Audit of Business Continuity Planning. Prepared by: Audit and Assurance Services Branch

JOB DESCRIPTION. Senior Project Manager.docx. Proposed band

AUDIT UNDP GLOBAL SHARED SERVICE CENTRE MALAYSIA. Report No Issue Date: 21 March 2014

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

Audit of Corporate Information Management

Staff safety and security issues, including refugee security

Journey to Excellence

Risk Management Strategy

STRATEGIC PLAN Our Mission

The Quality Assurance Reviews at Statistics Canada

Audit of Cultural Industries Branch

Internal Audit of Compensation and Benefits

AUDIT OF THE INFRASTRUCTURE PROGRAM CANADA STRATEGIC INFRASTRUCTURE FUND (CSIF)

REPORT 2015/102 INTERNAL AUDIT DIVISION

NOGDAWINDAMIN FAMILY AND COMMUNITY SERVICES

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards

Strengthening Your CSR Impact Story with a Program Outcomes Framework

Standard for Validation, Verification and Audit

Audit of Procurement Practices

Audit and Advisory Services Integrity, Innovation and Quality

Integrated Business Planning Audit

Determine the project s level of complexity and agree with the owner the options and appropriate approach for delivery.

OBSI Strategic Plan

Guidance on Establishing an Annual Leadership Talent Management and Succession Planning Process

International Standard on Auditing (Ireland) 315

International Standard on Auditing (UK) 315 (Revised June 2016)

A Risk Management Framework for the CGIAR System

Internal Audit. Audit of Procurement and Contracting

Audit and Advisory Services Integrity, Innovation and Quality

MANAGEMENT ACTION PLANS FOLLOW-UP EVALUATION

Audit of Canada s Participation in the World Exposition Shanghai China 2010 (Expo 2010)

COMPLIANCE MANAGEMENT FRAMEWORK. Conceptual Design Document

Performance Measurement Audit

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

A Risk Management Framework for the CGIAR System

CERTIFICATIONS IN HUMAN RESOURCES. SPHRi TM Senior Professional in Human Resources - International TM SPHRi. Exam Content Outline

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Management Practices Audit of the Treaties and Aboriginal Government Sector

Office of the Superintendent of Financial Institutions. Internal Audit Report on Supervision Sector: Deposit Taking Group - Conglomerates

Canada School of Public Service

White Paper: ITSC Planning: Performing Business Impact Analysis

BOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems

Making winning workforce decisions

INFORMATION SERVICES FY 2018 FY 2020

AUDIT UNDP COUNTRY OFFICE JAMAICA. Report No Issue Date: 24 April 2015

AUDIT UNDP HAITI GRANTS FROM THE GLOBAL FUND TO FIGHT AIDS, TUBERCULOSIS AND MALARIA. Report No Issue Date: 15 April 2014

Creating Business Value Through Optimized Compliance Practices

Management Accountability Framework

Audit of the Governance and Strategic Directions

Human Resource Renewal

Enterprise Risk Management Plan FY Submitted: April 3, 2017

Transcription:

Corporate Risk Profile National Film Board of Canada Approved by the NFB Board of Trustees March 1 st, 2013

Contents 1. Introduction... 3 1.1 Integrated risk management at the NFB Background... 3 1.2 MAF Round VIII Integrated risk management... 3 1.3 IRM governance and resources at the NFB... 4 1.4 Methodology... 4 2. Summary of Corporate Risks... 6 2.1 NFB priority risks... 6 2.2 NFB priority risk matrix... 7 3. The NFB s Program Activity Architecture and Risks... 8 3.1 Strategic outcomes... 8 4. Mitigation Measures, Risk Owners and Indicators... 9 5. Planning, Communication and Training... 11 5.1 Planning... 11 5.2 Communication of the risk profile... 11 5.3 Training... 11 6. Appendices... 12 Appendix I Detailed list of the NFB s corporate risks... 12 Appendix II Definitions... 12 2

1. Introduction Integrated risk management (IRM) is a fundamental component of sound management. It contributes to the improvement of decision making and resource allocation in addition to ultimately providing optimal results for the organization. In recent years, the Treasury Board (TB) has published a Framework for the Management of Risk along with several documents and guides to facilitate IRM implementation in federal organizations. As a result, the National Film Board (NFB) is formalizing its IRM practices and establishing a corporate risk profile. In order to support decision making and priorities as well as the achievement of corporate goals, the profile s objectives are to: 1. determine, mitigate and manage the NFB s key risks; 2. inform those responsible for the organization s strategic and operational planning; 3. be a reference tool for various levels of management at the NFB; 4. contribute to the development of a risk culture that meets the needs of the institution and reflects its area of activities. 1.1 Integrated risk management at the NFB Background According to its constituent act, the National Film Act, the NFB s mission is to initiate and promote the production and distribution of films in the national interest and, in particular, to engage in research in film activity and to make available the results thereof to persons engaged in the production of films. Over the years, the NFB has also built a solid reputation for its development of innovative, creative forms that it puts forward to fulfill its mandate. Innovation of this nature is predicated on a tolerance for creative and editorial risk that is greater than what is found in the private sector. It is one of the organization s fundamental characteristics from an integrated risk management perspective. However, risk tolerance does not mean a lack of controls to mitigate the effects of risk. In recent years, the NFB has made remarkable efforts to reduce its exposure to the strategic and operational risks associated with its business environment. Some of its controls are formal and documented; others are derived instead from informal practices that reflect corporate dynamics inherent to producing creative works. In light of this situation, the NFB developed an initial corporate risk profile (CRP) in 2009 following recommendations by the Treasury Board Secretariat (TBS) during Round V of the Management Accountability Framework (MAF). The exercise made it possible to identify the organization s key risks and more formally document existing mitigation measures or implement new ones. 1.2 MAF Round VIII Integrated risk management In the fall of 2009, the organization s key management activities were assessed in MAF Round VIII. The TBS noted the significant progress that had been made regarding NFB risk management practices, but nevertheless recommended several opportunities for improvement in terms of governance and leadership, especially emphasizing the need for mechanisms to account for corporate risk-related responsibilities. Regarding IRM implementation, the TBS deemed that the NFB should: have an overall risk-management approach rather than one limited to certain sectors; strengthen its methodology for identifying and assessing risk; find ways to communicate its IRM approach within the organization and consider publishing IRM expectations, roles and responsibilities as well as reference materials (IRM policy and corporate risk profile); better define performance measures for: o risk mitigation strategies; o risk owner accountability; 3

o harmonizing the risk identification and assessment process with the strategic planning cycle; provide more learning resources to support risk management. 1.3 IRM governance and resources at the NFB NFB Deputy Head Commissioner Integrated Risk Management Committee Deputy Head Assistant Deputy Head (Assistant Commissioner) Director General, Finance, Operations and Technology (FOT) IRM Champion Assistant Commissioner IRM Working Group NFB middle managers Risk point of contact or risk owner Several positions identified Preparation of the NFB s CRP is the responsibility of the Integrated Risk Management Committee, which is composed of the Deputy Head (Commissioner), Assistant Deputy Head (Assistant Commissioner) and Director General, Finance, Operations and Technology (FOT). The primary responsibilities of the IRM Committee are to: apply the IRM principles of the TB Framework for the Management of Risk; establish the NFB s main IRM directions; approve IRM-related documents for the NFB; determine the NFB s position in situations where mitigation measures are not unanimously supported. 1.4 Methodology To implement some of the suggestions made by the TBS, the NFB adopted a methodology intended to strengthen the identification, assessment and mitigation of its key business risks. The organization consulted several risk management experts in order to develop a solid methodological framework adapted to its context. It undertook the following: 1. Creation of an IRM working group and selection of methodology In September 2011, the NFB established an IRM internal working group whose mandate was to assist senior management in identifying major risks, recommend mitigation measures and thereby contribute to the development of a strong, representative and useful corporate risk profile. The working group was composed of employees and middle managers from all NFB divisions. Supporting documents were drafted 4

in the fall to guide working group members in identifying and analyzing risks and controls in place at the NFB. 1 2. Risk identification In winter and spring 2012, IRM working group members drew up an inventory of all relevant risks to the organization. The inventory, consisting of nearly 200 risks, was grouped and categorized so that it could be analyzed. We ultimately retained 70 inherent risks, which were subsequently entered into a central database. 3. Risk analysis The working group members then analyzed relevant risks in their sectors of activity and validated the analysis results during group discussions. Impact, probability and controls in place were assessed on a scale of one to five. This approach helped ensure analysis consistency among working group members and the development of a common vision of corporate risks. The working group also revisited risks identified in the 2009 CRP and updated them with the NFB Management Committee. 4. Identification of priority risks Once the analyses had been validated, the working group was able to identify the organization s priority risks, prepare a risk matrix and determine the mitigation measures needed for them. Each risk was assigned to an owner. 5. Updating the CRP The working group will perform a yearly review of priority risks and mitigations in place. The NFB will conduct a full review of its risk inventory every three years and produce a new CRP. 1 NFB Risk Analysis Guide and NFB Guide to Risk Event Identification and Controls in Place. 5

2. Summary of Corporate Risks 2.1 NFB priority risks The NFB s 11 priority strategic and operational risks are shown in the table below. Special attention is given to them due to their higher residual risk. Appendix I provides a detailed list of the organization s risks. It contains more than 70 risk events associated with the NFB s activities. No. Risk events Risk drivers 1. Significant reduction in the NFB s budget Reduction of the NFB s parliamentary appropriation, major drop in revenue and buying power and gap with regard to traditional revenue objectives or new sources, etc. 2. The NFB is not relocated (status quo) Lack of financing, financing plan refused, difficulty in finding partners. 3. Loss or inadequate transfer of institutional knowledge Retirements, specific expertise of a single individual (unique positions), lack of adequate resources for knowledge sharing, increase in workload, etc. 4. Inability to recruit or retain qualified personnel in a competitive business environment Strong competition in the job market for certain skill types; better conditions elsewhere, rare and costly skills, etc. 5. Lack of a business continuity plan Major disaster causing loss of access to the building or damage to assets, e.g., fire, breakage, health epidemics, etc. 6. Production and project budgets significantly exceeded Unsuitable monitoring tools, cumbersome processes and procedures, outdated information. 7. Loss or breach of integrity/security of digital assets 8. Technological obsolescence (particularly interactive projects) 9. Discrepancy between corporate capacity and workload 10. Controversy stemming from relations with our partners 11. Inability to use NFB-owned content or unavailability of acquired content Major disaster causing the loss of computer systems and technical equipment, electronic data (e.g., fire, breakage, damage, theft or computer hacking), etc. Technological developments, disappearance of technological medium or standards, lack of adequate preservation means, etc. Increase in institutional priorities, complexity of carrying out certain projects, increased administrative burden (e.g., greater performance measurement requirements), etc. Closing of service centres, relocation of the head office, external storing of duplicates of the NFB s audiovisual collection, reduction of programming or co-productions, etc. Non-compliance with the NFB s technical or legal standards: non-standard production materials, uneven quality control, incomplete copyright acquisition with respect to co-production agreements, etc. 6

Inherent risks Risques inhérents NFB Corporate Risk Profile Although the risk of financial losses associated with co-productions or business relations did not result in a high residual value, the NFB Board of Trustees wishes to have it added to the priority risks and monitored in the same way. 12. Financial losses associated with coproductions or business relations Disagreement or non-compliance in the context of coproduction agreements or business partnerships that could lead to debts or legal disputes, etc. 2.2 NFB priority risk matrix The matrix of the NFB s priority risks below provides a profile of the institution s inherent risks. Risks that exist after taking controls into account are considered residual risks. It is important to mention the prevalence of informal controls in the NFB s corporate culture. A variety of existing business practices reduces the level of risk of activities, however they are not consistently documented. The organization has decided to fully consider these types of controls. Residual risks Risques résiduels Very Très faible low (0-1) Low Faible (1-2) (1-2) Moderate Modéré (2-3) High Important (3-4) (3-4) Critical Critique (4-5) (4-5) Critical (4-5) Critique (4-5) 1 Important High (3-4) (3-4) 9-11 8 6 5 4 2 3 Moderate (2-3) Modéré (2-3) 7 Low (1-2) Faible (1-2) 12 Very low (0-1) Très faible (0-1) 7

3. The NFB s Program Activity Architecture and Risks The IRM must support the achievement of the organization s strategic objectives in the most efficient manner possible. The NFB s Program Activity Architecture (PAA) is shown in the diagram below. In the PAA, the NFB s strategic outcome is to ensure that Canadian stories and perspectives are reflected in audiovisual media and accessible to Canadians and the world. The NFB fulfills its mandate through two main program activities: 1) Audiovisual Production and 2) Accessibility and Audience Engagement. The latter is divided into sub-activities as can be seen here. 3.1 Strategic outcomes The NFB s priority risks directly or indirectly affect two of the institution s program activities: Audiovisual Production, and Accessibility and Audience Engagement. Certain risks are more closely associated with one or the other of our activities to varying degrees. Regarding the Audiovisual Production program activity, the NFB expects the following outcomes: i. The NFB s audiovisual works are innovative. ii. Established and emerging Canadian creators who work with the NFB represent Canada s diversity. For sub-activities related to the Accessibility and Audience Engagement program activity, the expected outcomes are as follows: i. Canadian and international audiences view NFB works and interact with them; ii. The NFB s collection is preserved and maintained; iii. The NFB s collection is made accessible in digital format for future generations; iv. Consumers view the NFB s audiovisual works via multiple access channels; v. Audiences in the educational and institutional markets view the NFB s audiovisual works via multiple access channels; vi. The NFB s expertise is recognized in a wide range of major industry festivals and events in Canada and abroad. 8

4. Mitigation Measures, Risk Owners and Indicators The NFB s priority risks are those that require mitigation measures due to their comparatively higher degree of residual risk. A list of these risks is provided below along with measures to be implemented for each and the division responsible. Each risk owner is responsible for the effectiveness of mitigation measures and associated performance indicators. Risk owners must collect relevant information on indicators and make necessary adjustments according to the results obtained. Risk events Mitigation measures Owners Sample indicators 1. Significant reduction in the NFB s budget 2. The NFB is not relocated (status quo) 3. Loss or inadequate transfer of institutional knowledge 4. Inability to recruit or retain qualified personnel in a competitive business environment 5. Lack of a business continuity plan 6. Production and project budgets significantly exceeded Ongoing implementation of the NFB s 2010-2011 to 2013-2014 Business Plan (incl. exploring new revenue sources, new international partnerships and markets, etc.) Continuation of the internal efficiencies program Implementation of the relocation project (incl. Headquarters relocation project financing plan) Establish an integrated workforce planning process Create a development strategy for next generation and high-potential employees Implement transfer of knowledge plans for at-risk positions Implement new talent acquisition strategies Build the employer brand Develop managers leadership Implement performance management Development and implementation of a business continuity plan (BCP) Optimization of financial information management tools Building awareness about the roles and responsibilities of production personnel and project managers (e.g., periodic training of production personnel in conjunction with the Budgetary Control Directive) Accessibility and Digital Enterprises (ADE) Finance, Operations and Technology (FOT) Human Resources (HR) Variation in parliamentary appropriation Revenue Audiences Achievement of efficiencies program objectives Treasury Board approval % of transfer of knowledge plans vs. atrisk positions identified according to the established timetable % of next generation and high-potential employees who have a skills development plan HR Retention rate Employee motivation index % of managers having completed leadership skills development training Satisfaction survey on the performance management process FOT French Program and English Program (FP/EP) and FOT Implementation of the BCP Application of the BCP s performance indicators Real-time cost reports Results of the Cognos system s oversight of budgets Comparative analysis of cost overruns from year to year 7. Loss or breach of integrity/security of digital assets Backup plan (incl. duplication of copies and storage sites and verification of the integrity of content saved and archived) FOT Based on sampling, 100% successful restoration of content duplicated during restoration exercises

Risk events Mitigation measures Owners Sample indicators Devise an IT succession plan Succession initiatives successfully achieved during disaster scenarios 8. Technological obsolescence (particularly interactive projects) Heightened technological monitoring Working group Production and interactive website preservation strategy 2012-2013 to 2016-2017 Investment Plan FOT Achievement of training objectives 80% of interactive works saved Annual review of the investment plan 9. Discrepancy between corporate capacity and workload 10. Controversy stemming from relations with our partners Implement the 2013-2018 Operational Plan HR Number of projects carried out by year s end % of the quarterly progress among projects carried out according to the timetable % of the gap between prioritized and completed projects Absenteeism rate Turnover rate Employee motivation index Project and partnership risk analysis process (incl. creating a strategic partnerships guide and directory) Office of the Assistant Commissioner and Corporate Services (ACCS, Corporate Communications) Number of risk analysis/projects per year Survey on the effectiveness of the risk analysis process 11. Inability to use NFB-owned content or unavailability of acquired content Regular reminders of the requirements of the NFB Rights Acquisition Policy (NFB Minimum Rights Policy) Implementation of the 2012-2014 Rights Management Action Plan (incl. adjustment of roles and responsibilities, in-house training and improvement of existing processes) Improved compliance with technical standards in force for deliverable production materials (incl. targeted training of production personnel) Diligent assessment of the financial agreements of the NFB s partners for each production Review and validation of the chain of title for the production project ACCS, Business Relations and Legal Services and FOT Number of policy infringements and/or number of works put into distribution with non-compliant elements Number of incomplete rights files returned to studios % of non-compliant technical material/year 12. Financial losses associated with co-productions or business relationships 2 ACCS, Business Relations and Legal Services Number of legal disputes Number of outstanding debts recovered by the NFB 2 Although analysis of this risk event did not result in a high residual value, the NFB Board of Trustees wishes to have it added to the priority risks and monitored in the same way. 10

5. Planning, Communication and Training 5.1 Planning The purpose of the NFB s CRP is to serve as a basis for the organization s strategic and operational planning, which occurs simultaneously with budget planning each fall. The NFB will make the new CRP available to its managers and planners during spring of 2013. Thereafter, full annual reviews and updates should comply with the NFB s planning schedule. 5.2 Communication of the risk profile A specific communication plan has been drawn up for the 2012 version of the NFB s CRP. The main points are as follows: General e-mail from the Assistant Commissioner and the NFB s IRM champion outlining the key aspects of the NFB s IRM policy and CRP; Small group meetings with principal operations managers to provide them with further information on the content of these documents and their use; Publication of the IRM policy and CRP on the NFB s intranet and Internet sites. Each review and update of the CRP will be communicated to staff via a comparable communication plan, taking changes made to the reference documents into account. 5.3 Training With respect to the IRM, the NFB intends to implement initial training for operations managers. In addition to that initiative, the NFB has designated two resource persons to respond to managers questions and needs. The designated resource persons will be required to keep their knowledge up to date and participate in meetings and training organized by the TBS Centre of Excellence on Risk Management.

6. Appendices Appendix I Detailed list of the NFB s corporate risks Consolidated Tableau consolidé table of des NFB risques risks de l'onf.x Appendix II Definitions 3 Integrated risk management is a continuous, proactive and systematic process to understand, manage and communicate risk from an organization-wide perspective. It is about supporting strategic decision making that contributes to the achievement of an organization s overall objectives. Uncertainty is the state, even partial, of deficiency of information related to understanding or knowledge of an event, its consequence, or likelihood. Risk refers to the effect of uncertainty on objectives. It is the expression of the likelihood and impact of an event with the potential to influence positively or negatively an organization's achievement of objectives. Inherent risk is the effect of uncertainty on objectives. It is the likelihood and impact of an event with the potential to affect the achievement of an organization s objectives. Residual risk is the remaining level of risk after taking into consideration risk mitigation measures and controls in place. Risk tolerance is the willingness of an organization to accept or reject a given level of residual risk. A risk category is a type of risk that is sufficiently generic that it can be used to identify and aggregate risks from various parts of the organization. A risk event is a situation with the potential to affect the achievement of an organization s objectives. A risk event may be positive or negative in other words, it may be a threat or an opportunity. Risk impact is the potential effect of a risk event. As with a risk event, a risk impact may be positive or negative. They are assessed as being high, medium or low. Risk probability refers to the probability that a risk event will occur. Probability can be high, medium or low. 3 Definitions are taken from the Guide to Risk Taxonomies prepared by the TBS. 12

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback