HomeMy WebLinkAbout5.1 Report 24-013 Approval of a New Risk Management Policy.pdfAD HOC POLICY COMMITTEE 4 April 2024
Report 24-013
APPROVAL OF NEW RISK MANAGEMENT POLICY
Key Contact:Richard Sinclair,General Counsel,ext.8232
PURPOSE:
1.To seek approval for the proposed Policy P.143.GOV Risk Management.
STRATEGIC LINKS:
2.A new risk management policy is intended to minimize the risk exposure of the
District and the Board,reduce uncertainty,and maximize opportunities for staff
and students.This will eventually improve the overall governance and decision
making and enhance our ability to achieve the strategic objectives of the
2023-2027 Strategic Plan through reducing business interruptions and enhancing
business continuity.
CONTEXT:
3.The management of risk has been consistently integrated to system-level
decisions made across the District in compliance with the International Standards
Organization (ISO)31000.However,there is a need to ensure that all processes
involved in risk management are followed by every decision maker in a unified
way.A policy is crucial to raising awareness about a culture of risk management
and clarifying the Board’s principles that will guide implementation.
On 07 December 2023,a draft Risk Management Policy was presented to the Ad
Hoc Committee for Policy Review for initial feedback.The proposed draft was
also posted on the District Consultation webpage for public feedback.The
feedback received was incorporated into the revised draft policy.Following the
adoption of the Risk Management Policy,a procedure will be developed,
including the implementation of a Strategic Enterprise Risk Management (SERM)
tool.
KEY CONSIDERATIONS:
4.Received Feedback and Key Changes
The following key areas were raised for consideration and have informed the
changes to the proposed policy:
Report 24-013 Approval of New Risk Management Policy Page 1
●adding “inactions”to actions as both of which could carry risks to the
organization (Section 3.1);
●adding “should”to Section 3.1 in order to align with the definition of risk
which includes risks that could positively impact the organization;
●adding “opportunities”to “benefits”in Section 4.2 to account for the
uncertainty associated with risks;
●adding “physical safety risk”to the list of designated risk categories
(Section 4.3);
●replacing “risk mitigation”with “risk response”,which includes mitigating,
avoiding,transfering,or accepting risks;
●replacing “risk tolerance”with “risk appetite”throughout the document;and
●adding the definition of “risk appetite”to Appendix A.
5.OCDSB Risk Register
Staff have a Risk Register that identifies risk scores and assigns risk ownership
to appropriate individuals responsible for identifying,evaluating,mitigating,and
reporting risk exposures.The owners’response to the identified risks is informed
by their associated scores which are determined by the likelihood,the severity,
and the speed of each risk occurring.
The feedback from the Audit Committee suggested that some changes need to
be made to the way the Risk Register is maintained,updated and reviewed,as
well as to the designated risk categories.The Risk Register will be a living
document as it will continuously be updated in response to the evolving
operational environment of the District.At its 21 February 2024 meeting,the
Audit Committee welcomed their assigned responsibility of cyclically reviewing
the Risk Register in order to assess current and emerging risks and updating the
Risk Appetite,and reporting back to the Board.
6.Risks Associated with Emerging Technology
Feedback from the Ad Hoc Policy Review Committee and the Audit Committee
raised concern of the emerging risks associated with the use of Artificial
Intelligence (AI)products and other emerging technology.Because the field of AI
is so quickly developing and transforming,there is an expressed need for the
Board to develop their knowledge and understanding of AI as well.In February
2024,the Director of Education and senior staff attended a conference on AI in
education,looking to gain knowledge on both the risks and opportunities of
incorporating AI into OCDSB schools and classrooms.Staff are of the view that
the risks and opportunities associated with the use of AI and other emerging
technologies can be incorporated into the OCDSB Risk Register.As stated,the
Risk Register provides the Board with the opportunity to update and address
these developing concerns as staff gain a deeper understanding of the field.
RESOURCE IMPLICATIONS:
7.Risk Management is integral to a socially responsible leadership and therefore
must be appropriately resourced to manage and mitigate top risks faced by the
Report 24-013 Approval of New Risk Management Policy Page 2
OCDSB.Financial resources will be required to continue to implement and train
District staff and trustees on risk management once a new policy is in place.
COMMUNICATION/CONSULTATION ISSUES:
8.The draft policy was shared on the District website to collect public feedback
between 01 December 2023 and 05 January 2024,and with the Audit Committee
at its 21 February 2024 meeting.Limited feedback was received which has been
integrated in Appendix A.
Upon adoption of the new policy,information and resources will be provided to
system leaders,including principals and vice Principals as well as Managers’
Council,and feedback will be collected to inform the creation of a Risk
Management procedure.
RECOMMENDATION
THAT the proposed Policy P.143.GOV Risk Management,attached as Appendix A to
Report 24-013,be approved.
Richard Sinclair
General Counsel
Pino Buffone
Director of Education/
Secretary of the Board
Appendices
Appendix A -Policy P.143.GOV Risk Management
Report 24-013 Approval of New Risk Management Policy Page 3
POLICY P.143.GOV
TITLE:RISK MANAGEMENT
Date Authorized:25 April 2024
Last Revised:
Last Reviewed:
COMMITMENT TO INDIGENOUS RIGHTS,HUMAN RIGHTS,AND EQUITY
The Board recognizes its responsibility to ensure that the development of procedures and the
associated work promotes and protects Indigenous rights,human rights,and equity.The Board will
strive to address and eliminate discrimination and structural and systemic barriers for students,staff,
and community.
1.0 RATIONALE
To support Risk-informed decision making at the Ottawa-Carleton District School Board and
comply with the International Standards Organization (ISO)31000,Risk Management.
2.0 DEFINITIONS
Please refer to Appendix A for a full list of definitions used in this policy.
3.0 GUIDING PRINCIPLES
3.1 The Board recognizes that all organizational activities,including inactions,have an
element of Risk,and that not all Risks can or should be avoided,transferred,or
completely mitigated.As such,Risks may affect and require the adjustment of the
Board’s plans,budgets,and priorities.
3.2 The Board acknowledges that effective Risk Management is a shared responsibility of
the Board,Director of Education,and all levels of staff.
3.3 The Board is committed to anticipating and effectively managing Risks as an integral
part of its stewardship of resources and commitment to transparency and accountability.
3.4 The Board embraces Risks that balance safety and innovation in public education and
therefore has a relatively high Appetite for Risks in areas such as innovative teaching,
learning,and relationships with business partners.
Page 1 P.143.GOV
3.5 The Board has a low Appetite for Risks that may adversely affect student safety,while
Risks that necessitate unethical governance are not tolerated.
4.0 SPECIFIC DIRECTIVES
4.1 The District shall adopt a system-wide implementation of Risk Mitigation strategies and
the establishment of Internal Controls and apply it to the development and
implementation of all OCDSB policies,programs,projects,initiatives,and strategic
planning.
4.2 The District shall manage Risks in a manner that balances resources with anticipated
benefits and opportunities prioritizing equity and human rights principles.
4.3 The District shall create and maintain a Risk Register where Risks are classified under
designated categories including,but not limited to:
a)educational Risk;
b)physical safety Risk;
c)financial Risk;
d)operational Risk;
e)legal and compliance Risk;and
f)reputational Risk.
4.4 The District shall integrate Risk Management in its operational planning,and will elicit
the input of affected parties,where practicable,on Risks in decision making in order to
achieve the most appropriate Risk Response.
Evaluation and Continuous Improvement
4.5 The OCDSB Audit Committee shall:
a)cyclically review the Risk Register in order to assess current and emerging risks
and update Risk Appetite;
b)monitor the overall effectiveness of the District’s Risk Management Processes
and internal controls;and
c)cyclically report to the Board on its review of Risk Management Processes and
internal controls.This reporting shall be made public,where possible and
appropriate.
Implementation
4.6 The Board shall ensure the appropriate level of resources is allocated to implement this
policy and improve Risk Management at the District.
Page 2 P.143.GOV
4.7 The Director of Education/Secretary of the Board is authorized to issue such
procedures,guidelines,and other materials as may be necessary to implement this
policy.This shall include,but is not limited to:
a)assigning accountabilities for managing Risk within the District;
b)ensuring an organization-wide awareness and understanding of the District`s
Risks,including those affecting the allocation of budget and staffing,and the
setting of District priorities;and
c)tools and training to help staff become adept at applying the Risk management
process to daily operations based on their authority.
5.0 APPENDICES
Appendix A:Policy Definitions
6.0 REFERENCE DOCUMENTS
Education Act,R.S.O.1990
Strategic Enterprise Risk Management (SERM)Framework for Ontario School Boards
Page 3 P.143.GOV
APPENDIX A:POLICY DEFINITIONS
In this policy,
Board means the Board of Trustees of the Ottawa-Carleton District School Board.
Board Governance is the way in which the Board provides leadership,stewardship,and oversight of
the school district and its resources.
District means the Ottawa-Carleton District School Board.
Internal Controls means any action or measure introduced to manage Risk.Controls include any
policy,procedure,process,practice,or other actions that manage/mitigate the Risk.
Risk means the potential that events,expected or unexpected,may positively or negatively impact
OCDSB strategic and operational planning and execution.
Risk Appetite means the level of risk that the Board is willing to accept in pursuit of its objectives
before action is deemed necessary to respond to the risk.It is sometimes referred to as Risk Attitude
or Risk Tolerance.
Risk Management means coordinating action to identify,understand,and manage Risk,including by
mitigating controls.
Risk Management Processes means the coordinated application of OCDSB policies and
procedures to the actions of identifying,analyzing,evaluating,treating,monitoring,and reporting
Risks.
Risk Mitigation means the processes developed to reduce the likelihood and/or impact of a Risk
identified in the Risk Register.
Risk Response means assessing the likelihood and impact of risks and deciding on appropriate
measures to mitigate,avoid,transfer,or accept those risks while evaluating the potential benefits and
drawbacks of various response strategies to ensure they align with the overall objectives and
constraints of the situation at hand.
Risk Register means a repository/inventory of identified Risks.
Page 4 P.143.GOV