You are here

Corporate Risk Management

The Corporate Risk Office is responsible for the Corporate Risk Management Program which ensures that the significant risks identified by the organization, and confirmed and prioritized by City Council, are being addressed in a positive, systematic and productive way. This includes helping departments assess the effectiveness of their current risk mitigation strategies and the need for additional or alternate actions.

The City provides a wide range of programs and services that citizens rely on every day, and this diversity of activity creates an equally diverse and complex range of risks and opportunities.  The Corporate Risk Infographic shows just some of the many areas where the City's risks exist.

This Office also oversees the internal audit function of the corporation by working with the contracted internal auditor in meeting the timelines and expectations of the internal audit plan. Monitoring the implementation of audit recommendations is also a focus of this area.

Risk Based Management Program

Risk is necessary for growth and improvement, and providing services to citizens does involve risks; therefore, it is important to ensure risk is managed. The City is implementing a Risk-Based Management Program (RBM) that will assist the Administration to enhance intelligent risk performance in all areas of the operations, ensuring continuous improvement in the way the City is managed, as well as continued growth in public confidence in the City’s performance.

RBM will enhance business, budget and strategic planning by providing a continuous, proactive and systematic process to ensure risk is understood, managed and communicated throughout the organization. The framework will assist departments in developing processes that help identify and document risks before they occur, allowing for a planned approach to reducing the likelihood and impact of an adverse event, and also increasing the possibility and magnitude of benefits that could result from seizing an opportunity.

A consistent approach for identifying, evaluating, mitigating and reporting on risk promotes better alignment of risk, value and resources. When effectively integrated into the strategic and decision making processes, the risk management process will help to:

  • Achieve Strategic Goals and operational objectives;
  • Improve financial and operational management by effectively allocating resources to high-risk areas;
  • Strengthen the planning and priority-setting process;
  • Increase management accountability by demonstrating due diligence; and
  • Foster innovation and continuous improvement.
Administrative Reports

Saskatoon, like all municipal governments, faces many types of risk, including strategic, operational, financial and compliance risks that, if not effectively managed, can impede the successful delivery of services and achievement of goals and objectives. Strategic risks are affected or created by an organization’s business strategy and strategic goals; operational risks affect an organization’s ability to execute its strategic plan; financial risks arise from financing activities and financial transactions; and compliance risks relate to legal and regulatory compliance.

 Proposed Risk Based Management Program,  Internal Audit Services – Request for Proposals
 Key Risks and Risk Based Management Update
 Update on Key Strategic Risks - 2016
 Update on Key Strategic Risks - 2017
 List of Key Strategic Risks - 2017
 2017 Year-End Update on Key Strategic Risks
 

Policies 

In order to help ensure that the City of Saskatoon is protected from the negative effects of risk to the fullest extent possible, and realizes maximum positive results from its activities and efforts, a Risk Based Management policy has been developed.

 C02-040 Corporate Governance – Risk Based Management

Frequently Asked Questions

Why does The City of Saskatoon have a Risk Based Management Program and Policy?

The intent of the City’s Risk Based Management Program is to promote a proactive risk management practice and culture within the City of Saskatoon; on an ongoing basis, we want to ensure any potential risks to the Corporation are dealt with - before they occur. Risk Based Management helps us to identify positive opportunities, key in our Strategic Goal of a Culture of Continuous Improvement with innovation and forward-thinking. This program will help ensure the City is protected from the negative effects of risk to the fullest extent possible, help us to realize positive results from our activities and efforts, and ensure continuous improvement in the way we manage the City of Saskatoon. All Risk Based Management decisions made by City Council and Administration will be vetted against the Program so that the total Risk Based Management picture can be considered.

Is the City just starting to monitor and deal with risk? Why now?

The City has a number of policies, practices, and tools that it uses to efficiently manage our risk profile. Everything we do involves risk, and though the City already manages risk, we can be more strategic how we deal with risk as a corporation.

How will risks be assessed and prioritized?

The City’s logical Risk Based Management Program helps to identify, analyze, evaluate, treat, monitor and communicate any risks to the City, those that can impact any activities, functions, programs, or our service levels.

The City ranks and prioritizes potential risks using a risk assessment matrix that assesses the likelihood and potential impact of each scenario. Risks are categorized by organization impact, those that have organization-wide impact and those where the impact is more concentrated at the department level.

What was the role of PricewaterhouseCoopers?

The City contracted PricewaterhouseCoopers to assist with identifying the key strategic risks faced by the City. The identified risks were then tied to the Corporate Strategic Goals:

  • Asset and Financial Sustainability
  • Quality of Life
  • Environmental Leadership
  • Sustainable Growth
  • Moving Around
  • Economic Diversity & Prosperity

How will the Risk Based Management Program continue to move ahead?

The City has assigned identified risks to the appropriate department for monitoring and will be incorporating risk management into the City’s strategic and business planning cycles. Attention will be given to all items, but special efforts will be focused on higher priority items.

Over the coming months, additional risk assessments will be completed throughout the organization to gain an understanding about the operational, financial and compliance risks faced by the City. Further reports will be prepared outlining those risks and the actions that the Administration has already taken, and plans to take, to manage those risks.

What is The City’s current risk situation?

A strategic risk assessment was completed by the Administration and PricewaterhouseCoopers in 2015 to identify the strategic risks faced by the City. This list has been ranked by priority: high, medium and low. We are confident in being able to manage these risks to ensure we can continue to meet our strategic goals.
 

What is The City’s identified level of tolerance for risk?

The City’s level of risk tolerance will be identified in coming months. Tolerance levels will be set in consideration of relevant legislated requirements, corporate goals and objectives, and the principles and processes outlined in the City of Saskatoon’s Corporate Governance – Risk Based Management Policy

Annual Reports

A key component of the Risk Based Management (RBM) Program was the establishment of a Corporate Risk Committee (CRC).  The CRC was established in early 2015 with the mandate “…to promote a proactive risk management practice and culture within the City of Saskatoon so as to assist with the achievement of corporate goals through the timely identification and effective treatment of corporate risk.”

The CRC consists of the Senior Administration (City Manager, General Managers of the four departments, City Solicitor, and Director of Government Relations), Fire Chief, Police Chief, and the Corporate Risk Manager.

The Terms of Reference for the CRC requires the Committee to report, on an annual basis, to the Standing Policy Committee on Finance and City Council a summary of risk management activity for each calendar year.  

 Administrative Report - Corporate Risk 2016 Annual Report
 Corporate Risk 2016 Annual Report
 Administrative Report - Corporate Risk 2017 Annual Report
 Corporate Risk 2017 Annual Report
 Administrative Report - Corporate Risk 2018 Annual Report
 Corporate Risk 2018 Annual Report

Corporate Risk Appetite

To  help ensure risk management is incorporated into the decision-making process, the Administration needs to understand how much risk is acceptable, and unacceptable, as it pursues achievement of the City's strategic objectives.  This understanding is gained through establishment of risk appetite, which is defined as "the amount and type of risk that an organization is willing to accept in order to achieve its objectives."

Risk appetite sets the overall tone for risk taking in an organization and encourages consistency in the way risk is considered.  It is as much about setting expectations and encouraging well-considered risk-taking as it is about imposing constraints to avoid risks. 

 Corporate Risk Appetite

Internal Audit

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.  It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

Administrative Reports

Since August 1999, the City of Saskatoon has outsourced its internal audit function.  The current contracted internal audit service provider is PricewaterhouseCoopers LLP. 

 Appointment of Internal Audit Services Request for Proposal – Five Year Contract 
 Proposed Internal Audit Administration Process & Amendments to Council Policy No. C02-032 

Internal Audit Plan

The Internal Auditor is required to establish, and update on at least an annual basis, a long-range plan for assurance audits based on a risk assessment.

 Internal Audit Plan 2015-2019 
 2016 Updated Internal Audit Plan – PricewaterhouseCoopers 
 2017 Updated Internal Audit Plan - PricewaterhouseCoopers
 2018 Internal Audit Plan
 2019 Internal Audit Plan

Internal Audits

For each engagement, the Internal Auditor establishes objectives to address the risks associated with the activity under review, determines the procedures that will be performed and the scope (nature, timing and extent) of those procedures.  The engagement objectives are submitted to the Standing Policy Committee on Finance for approval.

The results of each assurance audit are documented in a formal report.  The report is discussed with management, incorporates management responses and includes target dates for implementation of recommendations.  Audit reports are tabled with and presented to the Standing Policy Committee on Finance.

Road Maintenance

 City of Saskatoon Internal Audit – Road Maintenance – Terms of Reference 
 Roads Maintenance Program Value for Money Report – PricewaterhouseCoopers 
 Administration Response and Timelines – PwC – Roads Maintenance Program Value for Money Report
 Roads Maintenance Program Audit - Update/Dashboard

Snow & Ice Management

 Statement of Work – Internal Audit Value for Money Review – Snow & Ice Management – PricewaterhouseCoopers  

 Snow & Ice Management Program - Value for Money Report - PricewaterhouseCoopers
 Snow & Ice Management Program Audit - Update/Dashboard

Operating and Life Cycle Costs

 Statement of Work - Review of Operating and Life Cycle Costs in Asset Management Plans and Annual Capital Budget Cycle
 Capital Planning and Budgeting, Life Cycle Costs and Operating Costs Report
 Administrative Response - Capital Planning and Budgeting, Life Cycle Costs and Operating Costs
 Internal Audit Follow-up: Operating & Lifecycle Costs Update

Multi-Year Business Planning and Budgeting

 Statement of Work - Multi-Year Business Planning and Budgeting Review - Consulting Project
 Multi-Year Business Plan and Budget Framework - Administrative and PwC Reports

Transit Resource Scheduling

 Statement of Work - Review of Resource Scheduling at Saskatoon Transit
 Review of Saskatoon Transit Resources and Scheduling
 Administrative Response and Timelines - PwC - Review of Saskatoon Transit Resources and Scheduling
 Internal Audit Follow-Up: Transit Resource Scheduling Update

Saskatoon Land

 Statement of Work - Saskatoon Land Division
 Saskatoon Land Audit Report - Procedures 1 through 6
 Saskatoon Land Audit Report - Procedure 7
 Administrative Response - PricewaterhouseCoopers - Saskatoon Land Internal Audit Report
 Saskatoon Land Internal Audit Implementation Progress Report

Additional Revenue Generation Options

 Statement of Work - Assess Options for Additional Revenue Generation
 Executive Summary: Assessment of Potential Options With Respect to Additional Revenue Generation
 Administrative Response - Revenue Generation Report

Human Resources (HR) Health Check Engagement

 Statement of Work - Human Resources (HR) Health Check Engagement
 HR Health Check Audit Report
 Admin Response - HR Health Check Audit Report

Business Continuity

 Statement of Work - Business Continuity Project
 Business Continuity Internal Audit Report
 Administrative Response - Business Continuity Internal Audit Report

CO2 Reduction Initiatives

 Statement of Work - CO2 Reduction Initiatives Project
 CO2 Reduction Initiatives Report
 Administrative Response - PwC - CO2 Reduction Initiatives Audit Report
 Internal Audit Follow-Up: Carbon Reduction Initiatives

Parks

 Statement of Work - Parks
 Internal Audit Report - Parks - Service Levels and Asset Management
 Administrative Response - Parks Service Levels and Asset Management Audit Report
 Internal Audit Follow-Up: Parks Services Levels and Asset Management

Access and Privacy of Information

 Statement of Work - Access and Privacy of Information Internal Audit Project
 Internal Audit Report - Access and Privacy of Information
 Administrative Response and Timelines - Internal Audit Report - Access and Privacy of Information

Workers' Compensation Board Benefits

 Statement of Work - Workers' Compensation Board Benefits - Administration Process Analysis Project
 Report Summary - Workers' Compensation Board Benefits Administration Process Analysis Project

Contract Management

 Statement of Work - Contract Management Advisory Project
 Contract Management Advisory Project
 Administrative Response - Contract Management Advisory Project

Infrastructure Investment Evaluation Process

 Statement of Work - Infrastructure Investment Evaluation Process Internal Audit Project
 Infrastructure Investment Evaluation Process Internal Audit Report
 Administrative Response - Infrastructure Investment Evaluation Process Internal Audit Report

Fraud Risk Assessment

 Statement of Work - Fraud Risk Assessment
 Fraud Risk Program Assessment 
 Administrative Response - Fraud Risk Program Assessment

Disability Assistance Program

 Statement of Work - Disability Assistance Program
 Disability Assistance Program Assessment
 Administrative Response - Disability Assistance Program Internal Audit

Policies

The purpose, authority and responsibility of the Internal Audit function is formally defined in the Internal Audit Charter.

 C02-032 Internal Audit Charter