Holding Ottawa Accountable for Its Management of Risk
Ottawa is urged to get on with the job of implementing its Integrated Risk Management Framework. The Auditor General finds that little progress has been made since the IRMF was adopted by the federal government in 2001 to effectively manage its vast and varied operations. Full implementation is seen as needed to create a risk-smart workforce and public service culture that will promote innovation, protect public interest, maintain public confidence, and benefit all Canadians. Inadequate immigration controls are singled out for urgent need of effective risk management, although progress in overseas monitoring of immigration applicants is noted. Speech to the Empire Club of Canada, Toronto, April 30, 2003.
I would like to talk to you about risk management. I am very conscious that the abstract concept of risk is taking on ever more concrete meanings in our daily lives.
New diseases like SARS and the West Nile virus have heightened our awareness of threats to our well-being. And have compelled us all to carefully think through how we will manage such risks, as individuals and as a collective.
A few weeks ago I tabled a report in Parliament that looked at how federal government departments are managing risk.
As Auditor General, one of my key priorities is to promote an effective public service. I believe that good risk management is fundamental to good management and to serving the public effectively.
In my time here today, I'd like to talk about what the federal government can do to step up its efforts. I'll draw some examples from my recent report of where the government needs to manage risks better, and where it is doing well.
Risk management and public sector
Almost nothing we do in life is risk free. Taking risks is part and parcel of being human. The "great American philosopher" Homer Simpson even goes so far as to say that taking stupid risks is what makes life worth living! I can't say I share THAT belief!
To deal with uncertainty, we all actively manage risks every day -- both large and small -- as we go about our business and live our lives.
We manage risks when we bring an umbrella to work in the morning, when we buckle up our seatbelts, when we have our children immunized, when we invest in a particular stock, when we move to another city to accept a more challenging job.
Not only do we try to prepare for and minimize calamity when we take risks, but we also take risks in order to profit from a good opportunity.
And just as risk is a given in life, it is also a given in organizations -- and the federal government is no exception.
I'm sure we'd all agree that the public sector has a special responsibility to manage risk well, given its unique and critical role in assuring the safety and security of Canadians and in protecting their health and the environment.
After September 11, we are now all much more aware of negative risks such as terrorism. It is always worth remembering that the ultimate consequence of poor risk management can be the loss of human life.
In the government context, managing risk means more than focusing on what can go wrong. It also means taking advantage of opportunities -- to improve services or lower costs, for example.
As the deadline to submit tax returns rapidly approaches, it's worth mentioning that a number of years ago, the Canada Customs and Revenue Agency took the risk of introducing filing over the Internet, which has made preparing tax returns a lot quicker and easier for many Canadians.
The agency's decision to do that had to take account of some serious risks -- to security and taxpayer confidentiality, among others -- and how to manage them. And the payoff -- increased taxpayer compliance -- had to be worth the effort and expense of managing these risks.
A sound and systematic approach to risk management distinguishes managing effectively from merely coping. …