Treating your body well can enhance your ability to process and recall information.
Healthy Habits that Improve Memory
Regular exercise
• Increases oxygen to your brain.
• Reduces the risk for disorders that lead to memory loss, such as
diabetes and cardiovascular disease.
• May enhance the effects of helpful brain chemicals and protect brain cells.
Managing stress
• Cortisol, the stress hormone, can damage the hippocampus if the stress is unrelieved.
• Stress makes it difficult to concentrate.
Good sleep habits • Sleep is necessary for memory consolidation.
• Sleep disorders like insomnia and sleep apnea leave you tired and unable to concentrate during the day.
Not smoking
• Smoking heightens the risk of vascular disorders that can cause stroke and constrict arteries that deliver oxygen to the brain.
Nutrition and Memory improvement
You probably know already that a diet based on fruits, vegetables, whole grains, and “healthy” fats will provide lots of health benefits, but such a diet can also improve memory. Research indicates that certain nutrients nurture and stimulate brain function.
• B vitamins, especially B6, B12, and folic acid, protects neurons by breaking down homocysteine, an amino acid that is toxic to nerve cells. They’re also involved in making red blood cells, which carry oxygen. (Best sources: spinach and other dark leafy greens, broccoli, asparagus, strawberries, melons, black beans and other legumes, citrus fruits, soybeans.)
• Antioxidants like vitamins C and E, and beta carotene, fight free radicals, which are atoms formed when oxygen interacts with certain molecules. Free radicals are highly reactive and can damage cells, but antioxidants can interact with them safely and neutralize them. Antioxidants also improve the flow of oxygen through the body and brain. (Best sources: blueberries and other berries, sweet potatoes, red tomatoes, spinach, broccoli, green tea, nuts and seeds, citrus fruits, liver.)
• Omega-3 fatty acids are concentrated in the brain and are associated with cognitive function. They count as “healthy” fats, as opposed to saturated fats and trans fats, protecting against inflammation and high cholesterol. (Best sources: cold-water fish such as salmon, herring, tuna, halibut, and mackerel; walnuts and walnut oil; flaxseed and flaxseed oil)
Because older adults are more prone to B12 and folic acid deficiencies, a supplement may be a good idea for seniors. An omega-3 supplement (at any age) if you don’t like eating fish. But nutrients work best when they’re consumed in foods, so try your best to eat a broad spectrum of colorful plant foods and choose fats that will help clear, not clog, your arteries. Your brain will thank you!
Apr 23, 2010
Mnemonic devices to improve memory
Mnemonics are clues of any kind that help us remember something, usually by causing us to associate the information we want to remember with a visual image, a sentence, or a word.
Common types of mnemonic devices include:
1. Visual images - a microphone to remember the name “Mike,” a rose for “Rosie.” Use positive, pleasant images, because the brain often blocks out unpleasant ones, and make them vivid, colorful, and three-dimensional — they’ll be easier to remember.
2. Sentences in which the first letter of each word is part of or represents the initial of what you want to remember. Millions of musicians, for example, first memorized the lines of the treble staff with the sentence “Every good boy does fine” (or “deserves favor”), representing the notes E, G, B, D, and F. Medical students often learn groups of nerves, bones, and other anatomical features using nonsense sentences.
3. Acronyms, which are initials that creates pronounceable words. The spaces between the lines on the treble staff, for example, are F, A, C, and E: FACE.
4. Rhymes and alliteration: remember learning “30 days hath September, April, June, and November”? A hefty guy named Robert can be remembered as “Big Bob” and a smiley co-worker as “Perky Pat” (though it might be best to keep such names to yourself).
5. Jokes or even off-color associations using facts, figures, and names you need to recall, because funny or peculiar things are easier to remember than mundane images.
6. “Chunking” information; that is, arranging a long list in smaller units or categories that are easier to remember. If you can reel off your Social Security number without looking at it, that’s probably because it’s arranged in groups of 3, 2, and 4 digits, not a string of 9.
7. “Method of loci”: This is an ancient and effective way of remembering a lot of material, such as a speech. You associate each part of what you have to remember with a landmark in a route you know well, such as your commute to work.
Common types of mnemonic devices include:
1. Visual images - a microphone to remember the name “Mike,” a rose for “Rosie.” Use positive, pleasant images, because the brain often blocks out unpleasant ones, and make them vivid, colorful, and three-dimensional — they’ll be easier to remember.
2. Sentences in which the first letter of each word is part of or represents the initial of what you want to remember. Millions of musicians, for example, first memorized the lines of the treble staff with the sentence “Every good boy does fine” (or “deserves favor”), representing the notes E, G, B, D, and F. Medical students often learn groups of nerves, bones, and other anatomical features using nonsense sentences.
3. Acronyms, which are initials that creates pronounceable words. The spaces between the lines on the treble staff, for example, are F, A, C, and E: FACE.
4. Rhymes and alliteration: remember learning “30 days hath September, April, June, and November”? A hefty guy named Robert can be remembered as “Big Bob” and a smiley co-worker as “Perky Pat” (though it might be best to keep such names to yourself).
5. Jokes or even off-color associations using facts, figures, and names you need to recall, because funny or peculiar things are easier to remember than mundane images.
6. “Chunking” information; that is, arranging a long list in smaller units or categories that are easier to remember. If you can reel off your Social Security number without looking at it, that’s probably because it’s arranged in groups of 3, 2, and 4 digits, not a string of 9.
7. “Method of loci”: This is an ancient and effective way of remembering a lot of material, such as a speech. You associate each part of what you have to remember with a landmark in a route you know well, such as your commute to work.
An Integrated Risk Management Framework
The Integrated Risk Management Framework provides guidance to adopt a more holistic approach to managing risk. The application of the Framework is expected to enable employees and organizations to better understand the nature of risk, and to manage it more systematically.
Four Elements and Their Expected Results
The Integrated Risk Management Framework is comprised of four related elements. The elements, and a synopsis of the expected results for each, are presented below
Element 1: Developing the Corporate Risk Profile
the organization's risks are identified through environmental scanning;
current status of risk management within the organization is assessed; and
the organization's risk profile is identified.
Element 2: Establishing an Integrated Risk Management Function
management direction on risk management is communicated, understood and applied;
approach to operationalize integrated risk management is implemented through existing decision-making and reporting structures; and
capacity is built through development of learning plans and tools.
Element 3: Practising Integrated Risk Management
a common risk management process is consistently applied at all levels;
results of risk management practices at all levels are integrated into informed decision-making and priority setting;
tools and methods are applied; and
consultation and communication with stakeholders is ongoing.
Element 4: Ensuring Continuous Risk Management Learning
a supportive work environment is established where learning from experience is valued, lessons are shared;
learning plans are built into an organization's risk management practices;
results of risk management are evaluated to support innovation, learning and continuous improvement; and
experience and best practices are shared, internally and across government.
The four elements of the Integrated Risk Management Framework are presented as they might be applied: looking outward and across the organization as well as at individual activities. This comprehensive approach to managing risk is intended to establish the relationship between the organization and its operating environment, revealing the interdependencies of individual activities and the horizontal linkages.
While it is acknowledged that some departments are more advanced than others in moving towards the implementation of an integrated risk management approach, there is growing appreciation across the Public Service of the need to strengthen risk management practices and develop a more strategic and corporate-wide focus. Implementing integrated risk management will depend largely on an organization's state of readiness, overall priorities and the level of effort necessary to implement the various elements. As a result, developing a more mature risk management environment will require sustained commitment and will evolve over time.
This Framework is a step in establishing the foundation for integrated risk management in the public sector. It is acknowledged that to support and facilitate implementation, the development of specific tools and guidelines as well as sharing of best practices and lessons learned will be required.
Element 1: Developing the Corporate Risk Profile
A broad understanding of the operating environment is an important first step in developing the corporate risk profile. Developing the risk profile at the corporate level is intended to examine both threats and opportunities in the context of an organization's mandate, objectives and available resources.
In building the corporate risk profile, information and knowledge at both the corporate and operational levels is collected to assist departments in understanding the range of risks they face, both internally and externally, their likelihood and their potential impacts. In addition, identifying and assessing the existing departmental risk management capacity and capability is another critical component of developing the corporate risk profile.
An organization can expect three key outcomes as a result of developing the corporate risk profile:
Threats and opportunities are identified through ongoing internal and external environmental scans, analysis and adjustment.
Current status of risk management within the organization is assessed-challenges/opportunities, capacity, practices, culture- and recognized in planning organization-wide management of risk strategies.
The organization's risk profile is identified-key risk areas, risk tolerance, ability and capacity to mitigate, learning needs.
External and Internal Environment
Through the environmental scan, key external and internal factors and risks influencing an organization's policy and management agenda are identified. Identifying major trends and their variation over time is particularly relevant in providing potential early warnings. Some external factors to be considered for potential risks include:
Political: the influence of international governments and other governing bodies;
Economic: international and national markets, globalization;
Social: major demographic and social trends, level of citizen engagement; and
Technological: new technologies.
Internally, the following factors are considered relevant to the development of an organization's risk profile: the overall management framework; governance and accountability structures; values and ethics; operational work environment; individual and corporate risk management culture and tolerances; existing risk management expertise and practices; human resources capacity; level of transparency required; and local and corporate policies, procedures and processes.
The environmental scan increases the organization's awareness of the key characteristics and attributes of the risks it faces. These include:
type of risk: technological, financial, human resources (capacity, intellectual property), health, safety;
source of risk: external (political, economic, natural disasters); internal (reputation, security, knowledge management, information for decision making);
what is at risk: area of impact/type of exposure (people, reputation, program results, materiel, real property); and
level of ability to control the risk: high (operational); moderate (reputation); low (natural disasters).
An organization's risk profile identifies key risk areas that cut across the organization (functions, programs, systems) as well as individual events, activities or projects that could significantly influence the overall management priorities, performance, and realization of organizational objectives.
The environmental scan assists the department in establishing a strategic direction for managing risk, making appropriate adjustments in decisions and actions. It is an ongoing process that reinforces existing management practices and supports the attainment of overall management excellence.
Assessing Current Risk Management Capacity
In assessing internal risk management capacity, the mandate, governance and decision-making structures, planning processes, infrastructure, and human and financial resources are examined from the perspective of risk. The assessment requires an examination of the prevailing risk management culture, risk management processes and practices to determine if adjustments are necessary to deal with the evolving risk environment.
Furthermore, the following factors are considered key in assessing an organization's current risk management capacity: individual factors (knowledge, skills, experience, risk tolerance, propensity to take risk); group factors (the impact of individual risk tolerances and willingness to manage risk); organizational factors (strategic direction, stated or implied risk tolerance); as well as external factors (elements that affect particular risk decisions or how risk is managed in general).
Risk Tolerance
An awareness and understanding of the current risk tolerances of various stakeholders is a key ingredient in establishing the corporate risk profile. The environmental scan will identify stakeholders affected by an organization's decisions and actions, and their degree of comfort with various levels of risk. Understanding the current state of risk tolerance of citizens, parliamentarians, interest groups, suppliers, as well as other government departments will assist in developing a risk profile and making decisions on what risks must be managed, how, and to what extent. It will also help identify the challenges associated with risk consultations and communication.
In general, there is lower risk tolerance for the unknown, where impacts are new, unobservable or delayed. There are higher risk tolerances where people feel more in control (for example, there is usually a higher risk tolerance for automobile travel than for air travel).
Risk tolerance can be determined through consultation with affected parties, or by assessing stakeholders'response or reaction to varying levels of risk exposure. Risk tolerances may change over time as new information and outcomes become available, as societal expectations evolve and as a result of stakeholder engagement on trade-offs. Before developing management strategies, a common approach to the assessment of risk tolerance needs to be understood organization-wide.
Determining and communicating an organization's own risk tolerance is also an essential part of managing risk. This process identifies areas where minimal levels of risk are permissible, as well as those that should be managed to higher, yet reasonable levels of risk.
Element 2: Establishing an Integrated Risk Management Function
Establishing an integrated risk management function means setting up the corporate "infrastructure" for risk management that is designed to enhance understanding and communication of risk issues internally, to provide clear direction and demonstrate senior management support. The corporate risk profile provides the necessary input to establish corporate risk management objectives and strategies. To be effective, risk management needs to be aligned with an organization's overall objectives, corporate focus, strategic direction, operating practices and internal culture. In order to ensure risk management is a consideration in priority setting and revenue allocation, it needs to be integrated within existing governance and decision-making structures at the operational and strategic levels.
To ensure that risk management is integrated in a rational, systematic and proactive manner, an organization should seek to achieve three related outcomes:
Management direction on risk management is communicated, understood and applied-vision, policies, operating principles.
Approach to operationalize integrated risk management is implemented through existing decision-making structures: governance, clear roles and responsibilities, and performance reporting.
Building capacity-learning plans and tools are developed for use throughout the organization.
Strategic Risk Management Direction
The establishment and communication of the organization's risk management vision, objectives and operating principles are vital to providing overall direction, and ensure the successful integration of the risk management function into the organization. Using these instruments can reinforce the notion that risk management is everyone's business.
It is essential that management provides a clear statement of its commitment to risk management and determines the best way to implement risk management in its organization. This includes establishing a corporate focus and communicating internal parameters, priorities, and practices for the implementation of risk management. To reinforce the corporate focus on risk management, organizations may dedicate a small number of resources to provide both advisory and challenge functions, and to specifically integrate these responsibilities into an existing unit (for example, Corporate Planning and Policy, Comptrollership Secretariat, Internal Audit).
In establishing the strategic risk management direction, internal and external concerns, perceptions and risk tolerances are taken into account. It is also imperative to identify acceptable risk tolerance levels so those unfavourable outcomes can be remedied promptly and effectively. Clear communication of the organization's strategic direction will help foster the creation and promotion of a supportive corporate risk management culture.
Objectives and strategies for risk management are designed to complement the organization's existing vision and goals. In establishing an overall risk management direction, a clear vision for risk management is articulated and supported by policies and operating principles. The policy would guide employees by describing the risk management process, establishing roles and responsibilities, providing methods for managing risk, as well as providing for the evaluation of both the objectives and results of risk management practices.
Integrating Risk Management into Decision Making
Effective risk management cannot be practised in isolation, but needs to be built into existing decision-making structures and processes. As risk management is an essential component of good management, integrating the risk management function into existing strategic management and operational processes will ensure that risk management is an integral part of day-to-day activities. In addition, organizations can capitalize on existing capacity and capabilities (e.g., communications, committee structures, existing roles and responsibilities, etc.)
While each organization will find its own way to integrate risk management into existing decision-making structures, the following are factors that may be considered:
aligning risk management with objectives at all levels of the organization;
introducing risk management components into existing strategic planning and operational processes;
communicating corporate directions on acceptable level of risk; and
improving control and accountability systems and processes to take into account risk management and results.
The integration of risk management into decision-making is supported by a corporate philosophy and culture that encourages everyone to manage risks. This can be accomplished in a number of ways, such as:
seeking excellence in management practices, including risk management;
having senior managers champion risk management;
encouraging innovation, while providing guidance and assistance in situations that do not turn out favourably;
encouraging managers to develop knowledge and skills in risk management;
including risk management as part of employees'performance appraisals;
introducing incentives and rewards; and
recruiting on risk management ability as well as experience.
Reporting on Performance
The development of evaluation and reporting mechanisms for risk management activities provides feedback to management and other interested parties in the organization and government-wide. The results of these activities ensure that integrated risk management is effective in the long term. Some of these activities could fall to functional groups in the organization responsible for review and audit. Responsibility may also be assigned to operational managers and employees to ensure that information affecting risk that is collected as part of local reporting or practices is incorporated into the environmental scanning process. Reporting could take place through normal management channels (performance reporting, ongoing monitoring, appraisal) as part of the advisory and challenge functions associated with risk management.
Reporting facilitates learning and improved decision-making by assessing both successes and failures, monitoring the use of resources, and disseminating information on best practices and lessons learned. Organizations should evaluate the effectiveness of their integrated risk management processes on a periodic basis.
Building Organizational Capacity
Building risk management capacity is an ongoing challenge even after integrated risk management has become firmly entrenched. Environmental scanning will continue to identify new areas and activities that require attention, as well as the risk management skills, processes, and practices that need to be developed and strengthened.
Organizations need to develop their own capacity strategies based on their specific situation and risk exposure.
To build capacity for risk management, there needs to be a focus on two key areas: human resources, and tools and processes at both the corporate and local levels. The risk profile will identify the organization's existing strengths and weaknesses vis-à-vis capacity. Areas that may require attention include:
Human Resources
building awareness of risk management initiatives and culture;
broadening skills base through formal training including appropriate applications and tools;
increasing knowledge base by sharing best practices and experiences; and
building capacity, capabilities and skills to work in teams.
Tools and Processes
developing and adopting corporate risk management tools, techniques, practices and processes;
providing guidance on the application of tools and techniques;
allowing for development and/or the use of alternative tools and techniques that may be better suited to managing risk in specialized applications; and
adopting processes to ensure integration of risk management across the organization.
Element 3: Practising Integrated Risk Management
Implementing an integrated risk management approach requires a management decision and sustained commitment, and is designed to contribute to the realization of organizational objectives. Integrated risk management builds on the results of an environmental scan and is supported by appropriate corporate infrastructure.
The following outcomes are expected for practising integrated risk management:
A departmental risk management process is consistently applied at all levels, where risks are understood, managed and communicated.
Results of risk management practices at all levels are integrated into informed decision-making and priority setting-strategic, operational, management and performance reporting.
Tools and methods are applied as aids to make decisions.
Consultation and communication with stakeholders is ongoing-internal and external.
A Common Process
A common, continuous risk management process assists an organization in understanding, managing and communicating risk. Continuous risk management has several steps. Emphasis on various points in the process may vary, as may the type, rigour or extent of actions considered, but the basic steps are similar. In the exhibits that follow, Exhibit 1 illustrates an example of a continuous risk management process that focuses on an integrated approach to risk management, while Exhibit 2 presents a risk management decision-making process in the context of public policy.
Exhibit 1: A Common Risk Management Process
Internal and external communication and continuous learning improve understanding and skills for risk management practice at all levels of an organization, from corporate through to front-line operations. The process provides common language, guides decision-making at all levels, and allows organizations to tailor their activities at the local level. Documenting the rationale for arriving at decisions strengthens accountability and demonstrates due diligence.
The common risk management process and related activities are:
Risk Identification
1. Identifying Issues, Setting Context
Defining the problems or opportunities, scope, context (social, cultural, scientific evidence, etc.) and associated risk issues.
Deciding on necessary people, expertise, tools and techniques (e.g., scenarios, brainstorming, checklists).
Performing a stakeholder analysis (determining risk tolerances, stakeholder position, attitudes).
Risk Assessment
2. Assessing Key Risk Areas
Analyzing context/results of environmental scan and determining types/categories of risk to be addressed, significant organization-wide issues, and vital local issues.
3. Measuring Likelihood and Impact
Determining degree of exposure, expressed as likelihood and impact, of assessed risks, choosing tools.
Considering both the empirical/scientific evidence and public context.
4. Ranking Risks
Ranking risks, considering risk tolerance, using existing or developing new criteria and tools.
Responding to Risk
5. Setting Desired Results
Defining objectives and expected outcomes for ranked risks, short/long term.
6. Developing Options
Identifying and analyzing options-ways to minimize threats and maximize opportunities-approaches, tools.
7. Selecting a Strategy
Choosing a strategy, applying decision criteria-results-oriented, problem/opportunity driven.
Applying, where appropriate, the precautionary approach/principle as a means of managing risks of serious or irreversible harm in situations of scientific uncertainty.
8. Implementing the Strategy
Developing and implementing a plan.
Monitoring and Evaluation
9. Monitoring, Evaluating and Adjusting
Learning, improving the decision-making/risk management process locally and organization-wide, using effectiveness criteria, reporting on performance and results.
Organizations may vary the basic steps and supporting tasks most suited to achieving common understanding and implementing consistent, efficient and effective risk management. A focused, systematic and integrated approach recognizes that all decisions involve management of risk, whether in routine operations or for major initiatives involving significant resources. It is important that the risk management process be applied at all levels, from the corporate level to programs and major projects to local systems and operations. While the process allows tailoring for different uses, having a consistent approach within an organization assists in aggregating information to deal with risk issues at the corporate level.
Exhibit 2: Risk Management in Public Policy: A Decision-Making Process
Exhibit 2 presents the model, developed by the PCO-led ADM Working Group on Risk Management, which addresses the issue of risk management in the context of public policy development. This model presents a basis for exploring issues of interest to government policy-makers, and provides a context in which to discuss, examine, and seek out interrelationships between issues associated with public policy decisions in an environment of uncertainty and risk (i.e., a model of public risk management).
As in Exhibit 1, this model recognizes six basic steps: identification of the issue; analysis or assessment of the issue; development of options; decision; implementation of the decision; and evaluation and review of the decision. [4]
In this model, several key elements were identified as influencing the public policy environment surrounding risk management:
There is a public element to virtually all government decision-making, and it is a central and legitimate input to the process.
Uncertainty in science, together with competing policy interests (including international obligations) has led to increased focus on the precautionary approach.
A decision-making process does not occur in isolation-the public nature and complexity of many government policy issues means that certain factors, such as communications and consultation activities, legal considerations, and ongoing operational activities, require active consideration at each stage of the process.
Integrating Results for Risk Management into Practices at all Levels
The results of risk management are to be integrated both horizontally and vertically into organizational policies, plans and practices. Horizontally, it is important that results be considered in developing organization-wide policies, plans and priorities. Vertically, functional units, such as branches and divisions, need to incorporate these results into programs and major initiatives.
In practice, the risk assessment and response to risk would be considered in developing local business plans at the activity, division or regional level. These plans would then be considered at the corporate level, and significant risks (horizontal or high-impact risks) would be incorporated into the appropriate corporate business, functional or operational plan.
The responsibility centre providing the advisory and "corporate challenge" functions can add value to this process, since new risks might be identified and new risk management strategies required after the roll-up. There needs to be a synergy between the overall risk management strategy and the local risk management practices of the organization.
Each function or activity would have to be examined from three standpoints:
its purpose: risk management would look at decision-making, planning, and accountability processes as well as opportunities for innovation;
its level: different approaches are required based on whether a function or activity is strategic, management or operational; and
the relevant discipline: the risks involved with technology, finance, human resources, and those regarding legal, scientific, regulatory, and/or health and safety issues.
Tools and Methods
At a technical level, various tools and techniques can be used for managing risk. The following are some examples:
risk maps: summary charts and diagrams that help organizations identify, discuss, understand and address risks by portraying sources and types of risks and disciplines involved/needed;
modelling tools: such as scenario analysis and forecasting models to show the range of possibilities and to build scenarios into contingency plans;
framework on the precautionary approach: a principle-based framework that provides guidance on the precautionary approach in order to improve the predictability, credibility and consistency of its application across the federal government;
qualitative techniques: such as workshops, questionnaires, and self -assessment to identify and assess risks; and
Internet and organizational Intranets: promote risk awareness and management by sharing information internally and externally.
Exhibit 3 provides an example of a risk management model. In this model, one can assess where a particular risk falls in terms of likelihood and impact and establish the organizational strategy/response to manage the risk.
Exhibit 3: A Risk Management Model
In developing methods to provide guidance on risk management, the different levels of readiness and experience in a department, as well as variations in available resources need to be recognized. Therefore, methods need to be flexible and simple using clear language to ensure open channels of communication.
Several practical methods that could be used to provide guidance are:
a managers'forum: where risks are identified, proposed actions are discussed and best practices are shared;
an internal risk management advisory function: dedicated to risk management, either as a special unit or associated with an existing functional unit; and
tool kits: a collection of effective risk management tools such as checklists, questionnaires, best practices.
Communication and Consultation
Communication of risk and consultation with interested parties are essential to supporting sound risk management decisions. In fact, communication and consultation must be considered at every stage of the risk management process.
A fundamental requirement for practising integrated risk management is the development of plans, processes and products through ongoing consultation and communication with stakeholders (both internal and external) who may be involved in or affected by an organization's decisions and actions.
Consultation and proactive citizen engagement will assist in bridging gaps between statistical evidence and perceptions of risk. It is also important that risk communication practices anticipate and respond effectively to public concerns and expectations. A citizen's request for information presents an opportunity to communicate about risk and the management of risk.
In the public sector context, some high-profile risk issues would benefit from proactively involving parliamentarians in particular forums of discussion thus creating opportunities for exchanging different perspectives. In developing public policy, input from both the empirical and public contexts ensures that a more complete range of information is available, therefore, leading to the development of more relevant and effective public policy options. Internally, risk communication promotes action, continuous learning, innovation and teamwork. It can demonstrate how management of a localized risk contributes to the overall achievement of corporate objectives.
Risk communication involves a range of activities, including issue identification and assessment, analysis of the public environment (including stakeholder interests and concerns), development of consultation and communications strategies, message development, working with the media, and monitoring and evaluating the public dialogue. The public sector has the additional responsibility of reporting to and communicating with Parliament.
Within the Public Service, it is expected that consultation activities, including those related to risk management, will be undertaken in a manner that is consistent with the Government Communications Policy.
Element 4: Ensuring Continuous Risk Management Learning
Continuous learning is fundamental to more informed and proactive decision-making. It contributes to better risk management, strengthens organizational capacity and facilitates integration of risk management into an organizational structure. To ensure continuous risk management learning, pursue the following outcomes:
Learning from experience is valued, lessons are shared-a supportive work environment.
Learning plans are built into organization's risk management practices.
Results of risk management are evaluated to support innovation, capacity building and continuous improvement-individual, team and organization.
Experience and best practices are shared-internally and across government.
Creating a Supportive Work Environment
A supportive work environment is a key component of continuous learning. Valuing learning from experience, sharing best practices and lessons learned, and embracing innovation and responsible risk-taking characterize an organization with a supportive work environment. An organization with a supportive work environment would be expected to:
Promote learning
by fostering an environment that motivates people to learn;
by valuing knowledge, new ideas and new relationships as vital aspects of the creativity that leads to innovation; and
by including and emphasizing learning in strategic plans.
Learn from experience
by valuing experimentation, where opportunities are assessed for benefits and consequences;
by sharing learning on past successes and failures; and
by using "lessons learned" and "best practices" in planning exercises.
Demonstrate management leadership
by selecting leaders who are coaches, teachers and good stewards;
by demonstrating commitment and support to employees through the provision of opportunities, resources, and tools; and
by making time, allotting resources and measuring success through periodic reviews (e.g., learning audits).
Building Learning Plans in Practices
Since continuous learning contributes significantly to increasing capacity to manage risk, the integration of learning plans into all aspects of risk management is fundamental to building capacity and supporting the strategic direction for managing risk.
As part of a unit's learning strategy, learning plans provide for the identification of training and development needs of each employee. Effective learning plans, reflecting risk management learning strategies, are linked to both operational and corporate strategies, incorporate opportunities for managers to coach and mentor staff, and address competency gaps (knowledge and skills) for individuals and teams. The inclusion of risk management learning objectives in performance appraisals is a useful approach to support continuous risk management learning.
Supporting Continuous Learning and Innovation
In implementing a continuous learning approach to risk management, it is important to recognize that not all risks can be foreseen or totally avoided. Procedures are paramount to ensure due diligence and to maintain public confidence. Goals will not always be met and innovations will not always lead to expected outcomes. However, if risk management actions are informed and lessons are learned, promotion of a continuous learning approach will create incentives for innovation while still respecting organizational risk tolerances. The critical challenge is to show that risk is being well-managed and that accountability is maintained while recognizing that learning from experience is important for progress.
In addition to demonstrating accountability, transparency and due diligence, proper documentation may also be used as a learning tool.
Practising integrated risk management should support innovation, learning, and continuous improvement at the individual, team and organization level.
An organization demonstrates continuous learning with respect to risk management if:
an appropriate risk management culture is fostered;
learning is linked to risk management strategy at many levels;
responsible risk-taking and learning from experience is encouraged and supported;
there is considerable information sharing as the basis for decision-making;
decision-making includes a range of perspectives including the views of stakeholders, employees and citizens; and
input and feedback are actively sought and are the basis for further action.
Conclusion
The Integrated Risk Management Framework advances a more systematic and integrated approach for risk management. By focusing on the importance of risk communication and risk tolerance, it looks outside the organization for the views of Canadians. Internally, it emphasizes the importance of people and leadership and the need for departments and agencies to more clearly define their roles. The Framework provides a tool that helps organizations communicate a vision and objectives for management of risk based on government values and priorities, lessons learned, best practices and consultation with stakeholders.
The Framework is a fundamental part of the federal management agenda and Modern Comptrollership. It is designed to support the optimization of resource allocation and responsible spending, paramount for achieving results. It also builds on public sector values, knowledge management and continuous learning for innovation. The Integrated Risk Management Framework is the first step in establishing the foundation for more strategic and corporate integrated risk management in departments and in government. In the future, the Framework will be supported by tools and guidance documents as well as complemented by other risk management initiatives.
adapted from: Treasury Board of Canada Secretariat
Four Elements and Their Expected Results
The Integrated Risk Management Framework is comprised of four related elements. The elements, and a synopsis of the expected results for each, are presented below
Element 1: Developing the Corporate Risk Profile
the organization's risks are identified through environmental scanning;
current status of risk management within the organization is assessed; and
the organization's risk profile is identified.
Element 2: Establishing an Integrated Risk Management Function
management direction on risk management is communicated, understood and applied;
approach to operationalize integrated risk management is implemented through existing decision-making and reporting structures; and
capacity is built through development of learning plans and tools.
Element 3: Practising Integrated Risk Management
a common risk management process is consistently applied at all levels;
results of risk management practices at all levels are integrated into informed decision-making and priority setting;
tools and methods are applied; and
consultation and communication with stakeholders is ongoing.
Element 4: Ensuring Continuous Risk Management Learning
a supportive work environment is established where learning from experience is valued, lessons are shared;
learning plans are built into an organization's risk management practices;
results of risk management are evaluated to support innovation, learning and continuous improvement; and
experience and best practices are shared, internally and across government.
The four elements of the Integrated Risk Management Framework are presented as they might be applied: looking outward and across the organization as well as at individual activities. This comprehensive approach to managing risk is intended to establish the relationship between the organization and its operating environment, revealing the interdependencies of individual activities and the horizontal linkages.
While it is acknowledged that some departments are more advanced than others in moving towards the implementation of an integrated risk management approach, there is growing appreciation across the Public Service of the need to strengthen risk management practices and develop a more strategic and corporate-wide focus. Implementing integrated risk management will depend largely on an organization's state of readiness, overall priorities and the level of effort necessary to implement the various elements. As a result, developing a more mature risk management environment will require sustained commitment and will evolve over time.
This Framework is a step in establishing the foundation for integrated risk management in the public sector. It is acknowledged that to support and facilitate implementation, the development of specific tools and guidelines as well as sharing of best practices and lessons learned will be required.
Element 1: Developing the Corporate Risk Profile
A broad understanding of the operating environment is an important first step in developing the corporate risk profile. Developing the risk profile at the corporate level is intended to examine both threats and opportunities in the context of an organization's mandate, objectives and available resources.
In building the corporate risk profile, information and knowledge at both the corporate and operational levels is collected to assist departments in understanding the range of risks they face, both internally and externally, their likelihood and their potential impacts. In addition, identifying and assessing the existing departmental risk management capacity and capability is another critical component of developing the corporate risk profile.
An organization can expect three key outcomes as a result of developing the corporate risk profile:
Threats and opportunities are identified through ongoing internal and external environmental scans, analysis and adjustment.
Current status of risk management within the organization is assessed-challenges/opportunities, capacity, practices, culture- and recognized in planning organization-wide management of risk strategies.
The organization's risk profile is identified-key risk areas, risk tolerance, ability and capacity to mitigate, learning needs.
External and Internal Environment
Through the environmental scan, key external and internal factors and risks influencing an organization's policy and management agenda are identified. Identifying major trends and their variation over time is particularly relevant in providing potential early warnings. Some external factors to be considered for potential risks include:
Political: the influence of international governments and other governing bodies;
Economic: international and national markets, globalization;
Social: major demographic and social trends, level of citizen engagement; and
Technological: new technologies.
Internally, the following factors are considered relevant to the development of an organization's risk profile: the overall management framework; governance and accountability structures; values and ethics; operational work environment; individual and corporate risk management culture and tolerances; existing risk management expertise and practices; human resources capacity; level of transparency required; and local and corporate policies, procedures and processes.
The environmental scan increases the organization's awareness of the key characteristics and attributes of the risks it faces. These include:
type of risk: technological, financial, human resources (capacity, intellectual property), health, safety;
source of risk: external (political, economic, natural disasters); internal (reputation, security, knowledge management, information for decision making);
what is at risk: area of impact/type of exposure (people, reputation, program results, materiel, real property); and
level of ability to control the risk: high (operational); moderate (reputation); low (natural disasters).
An organization's risk profile identifies key risk areas that cut across the organization (functions, programs, systems) as well as individual events, activities or projects that could significantly influence the overall management priorities, performance, and realization of organizational objectives.
The environmental scan assists the department in establishing a strategic direction for managing risk, making appropriate adjustments in decisions and actions. It is an ongoing process that reinforces existing management practices and supports the attainment of overall management excellence.
Assessing Current Risk Management Capacity
In assessing internal risk management capacity, the mandate, governance and decision-making structures, planning processes, infrastructure, and human and financial resources are examined from the perspective of risk. The assessment requires an examination of the prevailing risk management culture, risk management processes and practices to determine if adjustments are necessary to deal with the evolving risk environment.
Furthermore, the following factors are considered key in assessing an organization's current risk management capacity: individual factors (knowledge, skills, experience, risk tolerance, propensity to take risk); group factors (the impact of individual risk tolerances and willingness to manage risk); organizational factors (strategic direction, stated or implied risk tolerance); as well as external factors (elements that affect particular risk decisions or how risk is managed in general).
Risk Tolerance
An awareness and understanding of the current risk tolerances of various stakeholders is a key ingredient in establishing the corporate risk profile. The environmental scan will identify stakeholders affected by an organization's decisions and actions, and their degree of comfort with various levels of risk. Understanding the current state of risk tolerance of citizens, parliamentarians, interest groups, suppliers, as well as other government departments will assist in developing a risk profile and making decisions on what risks must be managed, how, and to what extent. It will also help identify the challenges associated with risk consultations and communication.
In general, there is lower risk tolerance for the unknown, where impacts are new, unobservable or delayed. There are higher risk tolerances where people feel more in control (for example, there is usually a higher risk tolerance for automobile travel than for air travel).
Risk tolerance can be determined through consultation with affected parties, or by assessing stakeholders'response or reaction to varying levels of risk exposure. Risk tolerances may change over time as new information and outcomes become available, as societal expectations evolve and as a result of stakeholder engagement on trade-offs. Before developing management strategies, a common approach to the assessment of risk tolerance needs to be understood organization-wide.
Determining and communicating an organization's own risk tolerance is also an essential part of managing risk. This process identifies areas where minimal levels of risk are permissible, as well as those that should be managed to higher, yet reasonable levels of risk.
Element 2: Establishing an Integrated Risk Management Function
Establishing an integrated risk management function means setting up the corporate "infrastructure" for risk management that is designed to enhance understanding and communication of risk issues internally, to provide clear direction and demonstrate senior management support. The corporate risk profile provides the necessary input to establish corporate risk management objectives and strategies. To be effective, risk management needs to be aligned with an organization's overall objectives, corporate focus, strategic direction, operating practices and internal culture. In order to ensure risk management is a consideration in priority setting and revenue allocation, it needs to be integrated within existing governance and decision-making structures at the operational and strategic levels.
To ensure that risk management is integrated in a rational, systematic and proactive manner, an organization should seek to achieve three related outcomes:
Management direction on risk management is communicated, understood and applied-vision, policies, operating principles.
Approach to operationalize integrated risk management is implemented through existing decision-making structures: governance, clear roles and responsibilities, and performance reporting.
Building capacity-learning plans and tools are developed for use throughout the organization.
Strategic Risk Management Direction
The establishment and communication of the organization's risk management vision, objectives and operating principles are vital to providing overall direction, and ensure the successful integration of the risk management function into the organization. Using these instruments can reinforce the notion that risk management is everyone's business.
It is essential that management provides a clear statement of its commitment to risk management and determines the best way to implement risk management in its organization. This includes establishing a corporate focus and communicating internal parameters, priorities, and practices for the implementation of risk management. To reinforce the corporate focus on risk management, organizations may dedicate a small number of resources to provide both advisory and challenge functions, and to specifically integrate these responsibilities into an existing unit (for example, Corporate Planning and Policy, Comptrollership Secretariat, Internal Audit).
In establishing the strategic risk management direction, internal and external concerns, perceptions and risk tolerances are taken into account. It is also imperative to identify acceptable risk tolerance levels so those unfavourable outcomes can be remedied promptly and effectively. Clear communication of the organization's strategic direction will help foster the creation and promotion of a supportive corporate risk management culture.
Objectives and strategies for risk management are designed to complement the organization's existing vision and goals. In establishing an overall risk management direction, a clear vision for risk management is articulated and supported by policies and operating principles. The policy would guide employees by describing the risk management process, establishing roles and responsibilities, providing methods for managing risk, as well as providing for the evaluation of both the objectives and results of risk management practices.
Integrating Risk Management into Decision Making
Effective risk management cannot be practised in isolation, but needs to be built into existing decision-making structures and processes. As risk management is an essential component of good management, integrating the risk management function into existing strategic management and operational processes will ensure that risk management is an integral part of day-to-day activities. In addition, organizations can capitalize on existing capacity and capabilities (e.g., communications, committee structures, existing roles and responsibilities, etc.)
While each organization will find its own way to integrate risk management into existing decision-making structures, the following are factors that may be considered:
aligning risk management with objectives at all levels of the organization;
introducing risk management components into existing strategic planning and operational processes;
communicating corporate directions on acceptable level of risk; and
improving control and accountability systems and processes to take into account risk management and results.
The integration of risk management into decision-making is supported by a corporate philosophy and culture that encourages everyone to manage risks. This can be accomplished in a number of ways, such as:
seeking excellence in management practices, including risk management;
having senior managers champion risk management;
encouraging innovation, while providing guidance and assistance in situations that do not turn out favourably;
encouraging managers to develop knowledge and skills in risk management;
including risk management as part of employees'performance appraisals;
introducing incentives and rewards; and
recruiting on risk management ability as well as experience.
Reporting on Performance
The development of evaluation and reporting mechanisms for risk management activities provides feedback to management and other interested parties in the organization and government-wide. The results of these activities ensure that integrated risk management is effective in the long term. Some of these activities could fall to functional groups in the organization responsible for review and audit. Responsibility may also be assigned to operational managers and employees to ensure that information affecting risk that is collected as part of local reporting or practices is incorporated into the environmental scanning process. Reporting could take place through normal management channels (performance reporting, ongoing monitoring, appraisal) as part of the advisory and challenge functions associated with risk management.
Reporting facilitates learning and improved decision-making by assessing both successes and failures, monitoring the use of resources, and disseminating information on best practices and lessons learned. Organizations should evaluate the effectiveness of their integrated risk management processes on a periodic basis.
Building Organizational Capacity
Building risk management capacity is an ongoing challenge even after integrated risk management has become firmly entrenched. Environmental scanning will continue to identify new areas and activities that require attention, as well as the risk management skills, processes, and practices that need to be developed and strengthened.
Organizations need to develop their own capacity strategies based on their specific situation and risk exposure.
To build capacity for risk management, there needs to be a focus on two key areas: human resources, and tools and processes at both the corporate and local levels. The risk profile will identify the organization's existing strengths and weaknesses vis-à-vis capacity. Areas that may require attention include:
Human Resources
building awareness of risk management initiatives and culture;
broadening skills base through formal training including appropriate applications and tools;
increasing knowledge base by sharing best practices and experiences; and
building capacity, capabilities and skills to work in teams.
Tools and Processes
developing and adopting corporate risk management tools, techniques, practices and processes;
providing guidance on the application of tools and techniques;
allowing for development and/or the use of alternative tools and techniques that may be better suited to managing risk in specialized applications; and
adopting processes to ensure integration of risk management across the organization.
Element 3: Practising Integrated Risk Management
Implementing an integrated risk management approach requires a management decision and sustained commitment, and is designed to contribute to the realization of organizational objectives. Integrated risk management builds on the results of an environmental scan and is supported by appropriate corporate infrastructure.
The following outcomes are expected for practising integrated risk management:
A departmental risk management process is consistently applied at all levels, where risks are understood, managed and communicated.
Results of risk management practices at all levels are integrated into informed decision-making and priority setting-strategic, operational, management and performance reporting.
Tools and methods are applied as aids to make decisions.
Consultation and communication with stakeholders is ongoing-internal and external.
A Common Process
A common, continuous risk management process assists an organization in understanding, managing and communicating risk. Continuous risk management has several steps. Emphasis on various points in the process may vary, as may the type, rigour or extent of actions considered, but the basic steps are similar. In the exhibits that follow, Exhibit 1 illustrates an example of a continuous risk management process that focuses on an integrated approach to risk management, while Exhibit 2 presents a risk management decision-making process in the context of public policy.
Exhibit 1: A Common Risk Management Process
Internal and external communication and continuous learning improve understanding and skills for risk management practice at all levels of an organization, from corporate through to front-line operations. The process provides common language, guides decision-making at all levels, and allows organizations to tailor their activities at the local level. Documenting the rationale for arriving at decisions strengthens accountability and demonstrates due diligence.
The common risk management process and related activities are:
Risk Identification
1. Identifying Issues, Setting Context
Defining the problems or opportunities, scope, context (social, cultural, scientific evidence, etc.) and associated risk issues.
Deciding on necessary people, expertise, tools and techniques (e.g., scenarios, brainstorming, checklists).
Performing a stakeholder analysis (determining risk tolerances, stakeholder position, attitudes).
Risk Assessment
2. Assessing Key Risk Areas
Analyzing context/results of environmental scan and determining types/categories of risk to be addressed, significant organization-wide issues, and vital local issues.
3. Measuring Likelihood and Impact
Determining degree of exposure, expressed as likelihood and impact, of assessed risks, choosing tools.
Considering both the empirical/scientific evidence and public context.
4. Ranking Risks
Ranking risks, considering risk tolerance, using existing or developing new criteria and tools.
Responding to Risk
5. Setting Desired Results
Defining objectives and expected outcomes for ranked risks, short/long term.
6. Developing Options
Identifying and analyzing options-ways to minimize threats and maximize opportunities-approaches, tools.
7. Selecting a Strategy
Choosing a strategy, applying decision criteria-results-oriented, problem/opportunity driven.
Applying, where appropriate, the precautionary approach/principle as a means of managing risks of serious or irreversible harm in situations of scientific uncertainty.
8. Implementing the Strategy
Developing and implementing a plan.
Monitoring and Evaluation
9. Monitoring, Evaluating and Adjusting
Learning, improving the decision-making/risk management process locally and organization-wide, using effectiveness criteria, reporting on performance and results.
Organizations may vary the basic steps and supporting tasks most suited to achieving common understanding and implementing consistent, efficient and effective risk management. A focused, systematic and integrated approach recognizes that all decisions involve management of risk, whether in routine operations or for major initiatives involving significant resources. It is important that the risk management process be applied at all levels, from the corporate level to programs and major projects to local systems and operations. While the process allows tailoring for different uses, having a consistent approach within an organization assists in aggregating information to deal with risk issues at the corporate level.
Exhibit 2: Risk Management in Public Policy: A Decision-Making Process
Exhibit 2 presents the model, developed by the PCO-led ADM Working Group on Risk Management, which addresses the issue of risk management in the context of public policy development. This model presents a basis for exploring issues of interest to government policy-makers, and provides a context in which to discuss, examine, and seek out interrelationships between issues associated with public policy decisions in an environment of uncertainty and risk (i.e., a model of public risk management).
As in Exhibit 1, this model recognizes six basic steps: identification of the issue; analysis or assessment of the issue; development of options; decision; implementation of the decision; and evaluation and review of the decision. [4]
In this model, several key elements were identified as influencing the public policy environment surrounding risk management:
There is a public element to virtually all government decision-making, and it is a central and legitimate input to the process.
Uncertainty in science, together with competing policy interests (including international obligations) has led to increased focus on the precautionary approach.
A decision-making process does not occur in isolation-the public nature and complexity of many government policy issues means that certain factors, such as communications and consultation activities, legal considerations, and ongoing operational activities, require active consideration at each stage of the process.
Integrating Results for Risk Management into Practices at all Levels
The results of risk management are to be integrated both horizontally and vertically into organizational policies, plans and practices. Horizontally, it is important that results be considered in developing organization-wide policies, plans and priorities. Vertically, functional units, such as branches and divisions, need to incorporate these results into programs and major initiatives.
In practice, the risk assessment and response to risk would be considered in developing local business plans at the activity, division or regional level. These plans would then be considered at the corporate level, and significant risks (horizontal or high-impact risks) would be incorporated into the appropriate corporate business, functional or operational plan.
The responsibility centre providing the advisory and "corporate challenge" functions can add value to this process, since new risks might be identified and new risk management strategies required after the roll-up. There needs to be a synergy between the overall risk management strategy and the local risk management practices of the organization.
Each function or activity would have to be examined from three standpoints:
its purpose: risk management would look at decision-making, planning, and accountability processes as well as opportunities for innovation;
its level: different approaches are required based on whether a function or activity is strategic, management or operational; and
the relevant discipline: the risks involved with technology, finance, human resources, and those regarding legal, scientific, regulatory, and/or health and safety issues.
Tools and Methods
At a technical level, various tools and techniques can be used for managing risk. The following are some examples:
risk maps: summary charts and diagrams that help organizations identify, discuss, understand and address risks by portraying sources and types of risks and disciplines involved/needed;
modelling tools: such as scenario analysis and forecasting models to show the range of possibilities and to build scenarios into contingency plans;
framework on the precautionary approach: a principle-based framework that provides guidance on the precautionary approach in order to improve the predictability, credibility and consistency of its application across the federal government;
qualitative techniques: such as workshops, questionnaires, and self -assessment to identify and assess risks; and
Internet and organizational Intranets: promote risk awareness and management by sharing information internally and externally.
Exhibit 3 provides an example of a risk management model. In this model, one can assess where a particular risk falls in terms of likelihood and impact and establish the organizational strategy/response to manage the risk.
Exhibit 3: A Risk Management Model
In developing methods to provide guidance on risk management, the different levels of readiness and experience in a department, as well as variations in available resources need to be recognized. Therefore, methods need to be flexible and simple using clear language to ensure open channels of communication.
Several practical methods that could be used to provide guidance are:
a managers'forum: where risks are identified, proposed actions are discussed and best practices are shared;
an internal risk management advisory function: dedicated to risk management, either as a special unit or associated with an existing functional unit; and
tool kits: a collection of effective risk management tools such as checklists, questionnaires, best practices.
Communication and Consultation
Communication of risk and consultation with interested parties are essential to supporting sound risk management decisions. In fact, communication and consultation must be considered at every stage of the risk management process.
A fundamental requirement for practising integrated risk management is the development of plans, processes and products through ongoing consultation and communication with stakeholders (both internal and external) who may be involved in or affected by an organization's decisions and actions.
Consultation and proactive citizen engagement will assist in bridging gaps between statistical evidence and perceptions of risk. It is also important that risk communication practices anticipate and respond effectively to public concerns and expectations. A citizen's request for information presents an opportunity to communicate about risk and the management of risk.
In the public sector context, some high-profile risk issues would benefit from proactively involving parliamentarians in particular forums of discussion thus creating opportunities for exchanging different perspectives. In developing public policy, input from both the empirical and public contexts ensures that a more complete range of information is available, therefore, leading to the development of more relevant and effective public policy options. Internally, risk communication promotes action, continuous learning, innovation and teamwork. It can demonstrate how management of a localized risk contributes to the overall achievement of corporate objectives.
Risk communication involves a range of activities, including issue identification and assessment, analysis of the public environment (including stakeholder interests and concerns), development of consultation and communications strategies, message development, working with the media, and monitoring and evaluating the public dialogue. The public sector has the additional responsibility of reporting to and communicating with Parliament.
Within the Public Service, it is expected that consultation activities, including those related to risk management, will be undertaken in a manner that is consistent with the Government Communications Policy.
Element 4: Ensuring Continuous Risk Management Learning
Continuous learning is fundamental to more informed and proactive decision-making. It contributes to better risk management, strengthens organizational capacity and facilitates integration of risk management into an organizational structure. To ensure continuous risk management learning, pursue the following outcomes:
Learning from experience is valued, lessons are shared-a supportive work environment.
Learning plans are built into organization's risk management practices.
Results of risk management are evaluated to support innovation, capacity building and continuous improvement-individual, team and organization.
Experience and best practices are shared-internally and across government.
Creating a Supportive Work Environment
A supportive work environment is a key component of continuous learning. Valuing learning from experience, sharing best practices and lessons learned, and embracing innovation and responsible risk-taking characterize an organization with a supportive work environment. An organization with a supportive work environment would be expected to:
Promote learning
by fostering an environment that motivates people to learn;
by valuing knowledge, new ideas and new relationships as vital aspects of the creativity that leads to innovation; and
by including and emphasizing learning in strategic plans.
Learn from experience
by valuing experimentation, where opportunities are assessed for benefits and consequences;
by sharing learning on past successes and failures; and
by using "lessons learned" and "best practices" in planning exercises.
Demonstrate management leadership
by selecting leaders who are coaches, teachers and good stewards;
by demonstrating commitment and support to employees through the provision of opportunities, resources, and tools; and
by making time, allotting resources and measuring success through periodic reviews (e.g., learning audits).
Building Learning Plans in Practices
Since continuous learning contributes significantly to increasing capacity to manage risk, the integration of learning plans into all aspects of risk management is fundamental to building capacity and supporting the strategic direction for managing risk.
As part of a unit's learning strategy, learning plans provide for the identification of training and development needs of each employee. Effective learning plans, reflecting risk management learning strategies, are linked to both operational and corporate strategies, incorporate opportunities for managers to coach and mentor staff, and address competency gaps (knowledge and skills) for individuals and teams. The inclusion of risk management learning objectives in performance appraisals is a useful approach to support continuous risk management learning.
Supporting Continuous Learning and Innovation
In implementing a continuous learning approach to risk management, it is important to recognize that not all risks can be foreseen or totally avoided. Procedures are paramount to ensure due diligence and to maintain public confidence. Goals will not always be met and innovations will not always lead to expected outcomes. However, if risk management actions are informed and lessons are learned, promotion of a continuous learning approach will create incentives for innovation while still respecting organizational risk tolerances. The critical challenge is to show that risk is being well-managed and that accountability is maintained while recognizing that learning from experience is important for progress.
In addition to demonstrating accountability, transparency and due diligence, proper documentation may also be used as a learning tool.
Practising integrated risk management should support innovation, learning, and continuous improvement at the individual, team and organization level.
An organization demonstrates continuous learning with respect to risk management if:
an appropriate risk management culture is fostered;
learning is linked to risk management strategy at many levels;
responsible risk-taking and learning from experience is encouraged and supported;
there is considerable information sharing as the basis for decision-making;
decision-making includes a range of perspectives including the views of stakeholders, employees and citizens; and
input and feedback are actively sought and are the basis for further action.
Conclusion
The Integrated Risk Management Framework advances a more systematic and integrated approach for risk management. By focusing on the importance of risk communication and risk tolerance, it looks outside the organization for the views of Canadians. Internally, it emphasizes the importance of people and leadership and the need for departments and agencies to more clearly define their roles. The Framework provides a tool that helps organizations communicate a vision and objectives for management of risk based on government values and priorities, lessons learned, best practices and consultation with stakeholders.
The Framework is a fundamental part of the federal management agenda and Modern Comptrollership. It is designed to support the optimization of resource allocation and responsible spending, paramount for achieving results. It also builds on public sector values, knowledge management and continuous learning for innovation. The Integrated Risk Management Framework is the first step in establishing the foundation for more strategic and corporate integrated risk management in departments and in government. In the future, the Framework will be supported by tools and guidance documents as well as complemented by other risk management initiatives.
adapted from: Treasury Board of Canada Secretariat
Subscribe to:
Posts (Atom)