Section III: Key risks—Things that could affect our ability to achieve our plans and results: 2017 to 2018 Departmental Plan

Document navigation for "2017 to 2018 Departmental Plan"

Key risks

Public Services and Procurement Canada (PSPC) formally integrates risk into business planning, decision making and organizational processes to minimize negative impacts and maximize opportunities across its diverse range of services and operations. Risk management is conducted throughout PSPC in accordance with the Treasury Board framework for the management of risk, PSPC Policy on Integrated Risk Management, the international organization for standardization 31000, and the Canadian Standards Association implementation guide to CAN/CSA-ISO 31000, Risk management: Principles and guidelines.

PSPC's top five key risks are as follows:

  1. solution delivery
  2. concurrent complex changes
  3. health, safety and security
  4. critical system emergencies
  5. fraud

Risk table

Description of PSPC's top risks
Risks Risk response strategy Link to the department's programs Link to mandate letter commitments or to government-wide and departmental priorities
Solution delivery: There are inherent risks in PSPC undertaking and delivering complex, transformational and interdepartmental major projects and procurements on time, within approved budget and according to scope which could ultimately have an impact on the department's service strategy. Key PSPC existing risk responses include:
  • communicating clearly with employees and clients to set expectations and maintaining commitment to continuous improvement
  • working with other government department partners to improve service

Key PSPC new risk responses will include:

  • a change management and communication strategy
  • ongoing investments to ensure technology systems keep pace with evolving demands
 All programs
  • an open and transparent government: better government for Canadians by focusing on outcomes
  • growth to the middle class: building a more innovative country by supporting business growth and innovation
Concurrent complex changes: The simultaneous implementation of complex transformational initiatives within PSPC and throughout the Government of Canada could expose the department to capacity risks. This could lead to: inability for PSPC to remain relevant (reputation). Key PSPC existing risk responses include:
  • ongoing investments in employee training

Key PSPC new risk responses will include:

  • ensuring robust governance structures and strengthened performance monitoring and reporting, supported by appropriate information management and information technology (IM/IT) investments
  • continue to work closely with Treasury Board Secretariat and Shared Services Canada  to solidify a partnership model with clear roles and responsibilities in supporting large complex transformational initiatives
 All programs An open and transparent government: better government for Canadians by focusing on outcomes
Health, safety and security: There is a risk that issues related to the integrity of infrastructure could affect the operating condition, business continuity as well as the performance of Government of Canada real property assets, leading to: non-compliance with acts, regulations or codes and the disruption to services provided to clients. This could negatively affect the health, well-being, security and safety of employees and the public. Key PSPC existing risk responses include:
  • continuing to develop mitigation strategies to minimize potential operational impacts
  • continuing to assess and mitigate potential security risks when allocating office space to high-risk tenants

Key PSPC new risk responses will include:

  • enhanced training and oversight (such as specialized reviews to ensure conformity with policies)
  • internal services
  • accommodation management and real property          services
  • growth for the middle class: investing in infrastructure to create jobs and prosperity for the middle class by revitalizing federal public infrastructure across Canada
  • an inclusive and fair Canada: enhancing public safety through strengthening the security of Government of Canada networks and cyber systems
Critical system emergencies: There is a risk of a failure of critical systems and infrastructure (such as electrical power supply, water and sewage system, etc.) due to natural and other hazards. These could reduce or halt systems, putting at risk various basic operations within the department, such as: access to information on critical systems, electronic security systems, ventilation and heating systems and employee and public physical safety. Key PSPC existing risk responses include:
  • refreshing and validating Business Continuity Plans (BCP)
  • ensuring external service providers and contractors have BCPs to deliver uninterrupted service to PSPC and its clients

Key PSPC new risk responses will include:

  • establish continuity plans for highest value IT applications
  • reinforce PSPC's IT security management
  • enhance the disaster recovery capabilities of mission critical applications
  • internal services
  • accommodation management and real property services
  • all programs
  • growth for the middle class: investing in infrastructure to create jobs and prosperity for the middle class by revitalizing federal public infrastructure across Canada
  • an inclusive and fair Canada: enhancing public safety through strengthening the security of Government of Canada networks and cyber systems
Fraud: Given PSPC's role as the primary provider of procurement and real property services for the Government of Canada as well as its dependence on computer systems and networks, fraud and other misconduct such as corruption, collusion among contractors, bid rigging or cyber-attack could compromise not only PSPC's operations but also the Government of Canada by undermining fair competition, threatening the integrity of the markets, acting as a barrier to economic growth, increasing the cost and risk of doing business and undermining public confidence in government institutions. Key PSPC existing risk responses include:
  • increased focus on values and ethics, training, higher security screening standards for contractors, improper conduct clauses, data sharing with security agencies and integrity regime
  • internal controls and red flags
  • threat and risk assessments to assess and mitigate risks, including cyber-attacks
  • departmental security assessment and authorization process to ensure IT security is addressed effectively

Key PSPC new risk responses will include:

  • careful review of large or expedited infrastructure projects
  • work across government to identify IM/IT security, awareness, and training gaps
  • work with the Royal Canadian Mounted Police (RCMP) to study and better understand the threat of organized crime
  • explore potential of formalizing a Government of Canada anti-corruption fraud and wrongdoing framework
  • integrity programs and services
  • internal services
  • growth for the middle class: investing in infrastructure to create jobs and prosperity for the middle class by revitalizing federal public infrastructure across Canada
  • an inclusive and fair Canada: enhancing public safety through strengthening the security of Government of Canada networks and cyber systems

Risk narrative

Solution delivery

In order to continue delivering excellence to Canadians, the public service requires timely and appropriate implementation of business processes coupled with technological enablers such as mobile devices, web based solutions and collaborative workspaces. These change initiatives require introduction at an optimal pace; at too quick a pace, employee adoption may not be as deep as originally envisioned, while nourishing personnel disengagement; if implemented too slowly, planned changes face obsolescence as well as higher risk of disruption during the migration of legacy systems. Through the ability to innovate effectively and in a coordinated fashion, these change initiatives will ensure that PSPC remains well-positioned and relevant to its multiple stakeholders.

Concurrent complex changes

There are evolving expectations from both within the work force and from how Canadians engage with government. As a result, several large-scale, government-wide and transformational initiatives have been implemented. These imply new management approaches within and between departments that have historically been in silos and challenged for adoption of rapidly changing governance structures and technology.  Concurrent complex changes have been taking place within PSPC's diverse, functional program areas: finance, procurement, real property, parliamentary heritage asset projects, language services, information technologies, information management, management practices, human resources, security and larger government-wide policy. This could lead to several issues regarding the achievement of numerous, potentially conflicting and inter-related goals, while maintaining ongoing mandate objectives, and public confidence in the government's capabilities.

Health, safety and security

PSPC manages one of the largest and most diverse real estate portfolios in the country, including government office facilities and specialized infrastructures such as bridges and dams. We provide federal departments and organizations with affordable, productive work environments, and a full range of real property services. The functionality, operating condition, business continuity as well as the performance of real property assets have experienced resource challenges in ensuring high maintenance targets over a number of years. Also, the potential for purposeful and targeted attacks on government infrastructure and specific tenants could compromise physical safety of assets and occupants. This type of risk may negatively impact the economy or functionality of nearby communities. Also, PSPC managed buildings could be temporarily or permanently disabled, limiting the fulfillment of PSPC's mandate to provide safe and functional general-purpose office accommodation to support the continuity of government operations and programs and meet its related service performance targets.

Critical system emergencies

In today's world, a range of natural and health hazards, as well as man-made threats, are increasing in their frequency, complexity and interconnectedness as a result of globalization and natural and political forces. Although emergency response systems are in place, the aforementioned issues increase the potential for higher frequency and severity of various system deficiencies or collapses. Managing unprecedented changes is complex and unpredictable, requiring innovative, dynamic and adaptive approaches in business continuity planning government-wide.

Fraud

Fraud is a deliberate attempt to deceive for a calculated gain. Government initiatives are not immune to the risk of fraud as demonstrated by previous instances of bid rigging, collusion and corruption. Existing systems must continue to evolve in order to best respond to rapidly changing technological environment (such as cyber-attack) that affords new means by which criminal actors (internal and external) could compromise internal controls. This type of activity results in the undermining of public trust in government institutions and financial loss. 

Document navigation for "2017 to 2018 Departmental Plan"

Report a problem or mistake on this page
Date modified: