Internal Audit of Emergency Management Planning: Leadership and Oversight

Internal Audit of Emergency Management Planning: Leadership and Oversight PDF Version (710 KB)
Table of contents

Executive Summary

Background

Under Section 3 of the Emergency Management Act (EMA), the Department of Public Safety and Emergency Preparedness is responsible for providing government-wide leadership and oversight over the emergency management (EM) activities of federal institutions – including their emergency management plans, which include the following instruments:

Specifically, the Department is expected to:

Public Safety Canada exercises its leadership and oversight role in this area through the Emergency Management and Regional Operations Branch (EM&RO). The Branch has been in existence since 2011 and has, since this time, undergone many changes to its structure, priorities and leadership. The Branch operates in a complex environment characterized by multiple inter-dependencies, numerous stakeholders with competing priorities and, as noted, change.

EM&RO delivers its mandate through a range of specific programs, implemented by its directorates, which collectively are responsible for policy, planning, program development and regional service delivery. These programs are enabled by a management regime that supports the planning and allocation of resources and the oversight of performance. Collectively, this regime is referred to as a management control framework.

Audit Objective

The audit objective was to provide reasonable assurance that the core management controls in place across EM&RO Branch are adequate and effective to:

Summary of Findings

The point of departure for this audit was an examination of the EM&RO management control framework, which collectively provides a foundation for good management, program integrity and results. The audit noted positive efforts to strengthen governance through the establishment of formal management committees and through the introduction of strategic planning. While positive, the audit also noted that more deliberate and cohesive policy dialogue on the tenets and principles of EM as well as the roles and focus of EM&RO is needed to focus the directions of the Branch.  This, coupled with needed improvements to the planning and performance management regime of the Branch will lay a stronger foundation for priority-setting and targeted resource allocation, which were also concerns.  Specifically, the audit found that resource allocation processes are not sufficiently informed by priorities, expected results, risk and past performance. Efforts to enhance these mechanisms will have positive impacts, particularly given the current fiscal challenges being faced by the Branch. Finally, the audit noted that stronger leadership, including communication and management unity is needed to support the improvements in the formal controls.

The second major line of enquiry of this audit related to the adequacy and effectiveness of the practices that Public Safety Canada has in place to lead federal institutions in the discipline of EM Planning, as well as the mechanisms they have to oversee institutional activities and results, in accordance with Section 3 of the EMA.

Public Safety Canada's leadership role is effected through the provision of guidance and through the establishment and management of fora for discussion and engagement with federal institutions. The audit found that guidance is provided to institutions in line with the EMA and Federal Policy on Emergency Management; however, opportunity exists to streamline and consolidate guidance, to enhance clarity and reduce unnecessary complexity. The audit also noted that government-wide structures are indeed in place, but, by most accounts, are in need of improvement – both from an efficiency and effectiveness perspective. These structures exist and provide a mechanism for information sharing from Public Safety Canada to federal institutions.  However, in their current form and use, there is not a sufficient forum for substantive, government-wide engagement, direction-setting or signals-checking for matters related to EM Planning.

The Department exercises its oversight role through a variety of monitoring activities, including the assessment of institutional Business Continuity Plans, Strategic Emergency Management Plans and through National Exercises of selected contingency plans. The audit found that the monitoring of federal institutions' EM planning is done in a fragmented and, in some cases, insufficient fashion.  Opportunities exist to strengthen the monitoring mechanisms by reinstating the assessment of business continuity plans, enhancing the robustness of methodologies, and examining opportunities for more streamlined and internally cohesive approaches.

In examining the national exercise program, the audit found that the national exercise calendar is developed, but concluded that the process for its development is not robust enough to ensure all necessary inputs are considered, particularly threat information. As well, we identified opportunities to strengthen internal and external coordination and dialogue around the calendar's development.

In light of the noted weaknesses in the monitoring of federal institutions, we are concerned that the Department does not have sufficient or effective mechanisms to appropriately gauge the readiness of federal institutions in the face of emergencies. As well, lack of monitoring limits the Department's ability to gain insight into the strengths and challenges within federal institutions which itself should inform Public Safety Canada's directions, policy and guidance.

Audit Opinion

In my opinion, the governance, risk management and controls in this area of departmental activity are not yet in a sufficient enough state of maturity to provide reasonable assurance that the objectives of Public Safety Canada will be achieved. Opportunity exists to build on existing practices, some of which are already being enhanced, and to strengthen the adequacy (design) and effectiveness of internal controls.   

Statement of Conformance and Assurance

The audit conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program.

In my professional judgment as Chief Audit and Evaluation Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed upon with management. The opinion is applicable only to the entity examined.

Summary of Recommendations

  1. The Assistant Deputy Minister (ADM) of EM&RO should review and re-confirm the Department's vision, policy direction and 'doctrine' in relation to EM. This effort should be horizontal in nature and should be conducted in the context of the broader departmental policy orientations. As such, the process should engage in a proactive and meaningful fashion, other key stakeholders including the Strategic Policy Branch and the National Security Branch. The Departmental Policy Committee should also be engaged.
  2. Upon confirmation of the departmental policy direction and “doctrine”, the ADM of EM&RO should conduct a fundamental review of the Branch's mission and resource levels. The goal should be to determine, definitively:
    • the functions, expected results and required resources of the EM&RO Branch; and,
    • the roles, responsibilities and accountabilities of Headquarters (HQ) functions and regional offices, under the Functional Management Model.
  3. The ADM of EM&RO, in consultation with the ADMs of Strategic Policy Branch and Corporate Management Branch (CMB) should revise the EM&RO strategic planning process so that it allows for:
    • An appropriate environmental scan to be done;
    • An achievable set of common branch-level priorities to be identified based on past performance, risk and common expected results;
    • Performance indicators and targets to be developed for the stated priorities; and,
    • Human Resources (HR) and financial resourcing strategies to be identified in line with priorities and expected results.
  4. The ADM of EM&RO should enhance Branch governance by:
    • designing and implementing a Branch performance dashboard that tracks progress against strategic and operational plans and by ensuring that it is reviewed periodically by Branch Management Committee (BMC) and Financial Management Committee (FMC) as part of formalized oversight and decision-making processes;
    • enhancing and institutionalizing the tools used by BMC and FMC to scrutinize staffing actions and other major changes (such as program directions and organizational design decisions), compelling management to present and defend the criticality, affordability and impacts (positive and negative) of these changes;
    • working with CMB to develop financial planning tools that allow for resource allocation / re-allocation to be influenced/informed by:
      • alignment with Branch and departmental priorities;
      • mitigation of departmental or corporate risks; and,
      • achievement of pre-defined expected results.
    • ensuring that records of decision are maintained for BMC and FMC meetings, to provide an appropriate history of management oversight and decisions, as well as the rationale for said decisions.
  5. The ADM of EM&RO should ensure that the new organization created for the National Emergency Preparedness Directorate is examined by Human Resources for compliance with classification standards.
  6. As part of their broader priorities to enhance the Branch work place, the ADM of EM&RO should conduct a Branch-wide work place assessment to thoroughly understand the state of the informal work environment.
  7. The ADM of EM&RO should review the suite of guidance provided to departments and confirm its alignment with the reconfirmed EM vision, mission and policy direction (see Recommendation 1). Where possible, guidance to federal institutions in relation to EM planning should be consolidated.
  8. The ADM of EM&RO should enhance the efficiency and effectiveness of the ADM and Director General (DG) Emergency Management Committees (EMC) by revisiting and focusing their mandates and membership to ensure meaningful engagement on key questions is possible. Consideration should be given to focusing membership on the institutions that comprise the Emergency Support Functions, with a broader audience being engaged on an as-needed basis.
  9. The ADM of EM&RO should enhance and streamline the monitoring of federal institutions' EM plans. To this end, they should examine the objectives and approaches for the Strategic Emergency Management Plans (SEMP) and Business Continuity Plans (BCP) assessments, seeking opportunities for streamlined and meaningful evaluation of institutional readiness, while meeting the requirements of the EMA and the Operational Security Standard for BCP.
  10. The ADM of EM&RO should enhance and document the process for national exercise calendar development, ensuring that it:
    • appropriately considers and integrates information on risk from across the Department and across government;
    • ensures that senior level representatives are appropriately engaged, either through the Inter-departmental Exercise Coordination Committee (IECC) or through some other mechanism; and,
    • takes into consideration exercise activities that are being led by others across the federal government To this end, management should maintain a current list of exercises being led across the federal government.
  11. The ADM of EM&RO should aggregate trends and themes from various lessons learning mechanisms to provide strategic input into exercise planning, policy and guidance to federal institutions.
  12. The ADM of EM&RO should put in place a process by which outstanding corrective actions committed to by federal institutions are reporting periodically to DM-EMC.

Management Response

The emergency management function is complex and bestows a unique role and critical functions for the Department and for the Government of Canada, especially with the increase in scope and frequency in emergency management events. The work of the organization is firmly built on the Emergency Management Act (2007) which provides the foundation for a comprehensive – all hazards – approach to federal emergency management in Canada. Further direction is provided through key documents such as the Federal Policy for Emergency Management, the Federal Emergency Response Plan (FERP), and the Emergency Management Guide which was revised by Federal-Provincial-Territorial Ministers Responsible for Emergency Management   in 2011. The combination of legislation and policy is intended to harmonize federal response measures with those of the provinces and territories, non-governmental organizations, and the private sector and focuses on the four pillars of prevention and mitigation; preparedness; response; and recovery. The strengths of this approach are demonstrated operationally year in and out through the Government Operations Centre (GOC)'s management of flood, fire, and weather related events. Most recently, the successful response to the floods in Southern Alberta and the explosion at Lac-Mégantic, which were unique in their own ways, give proof to the strong leadership and management of the Branch and the Department. However, despite departmental efforts to prevent and mitigate emergencies and crises, whether natural or man-made, emergencies continue to increase in frequency and severity. Through the development of national policies, response systems, and standards the organization plays a key leadership role before, during, and after emergencies ensuring that Canadians are better protected.

Following the 2009 Fall Report of the Auditor General of Canada, the department made good progress in responding to the recommendations of the Auditor General regarding the need for, among other things, the provision of policy and program advice to other federal agencies on emergency management planning and the evaluation of those plans. Further definition of the department's coordination role under the Act and updates of operational policies and plans, for other departments, are to follow. The FERP has since been approved by the government and the Department continues to enhance its own capacities and work with other government departments in the implementation of the FERP. However, this subsequent audit had identified a need to address key management gaps as a departmental priority. The recommendations outlined in this audit have all been accepted. The findings herein have informed the way forward for Branch leadership and helped to validate priority functions and issues for the short and medium-term. The audit findings also contributed to establishing a new organizational design for a new branch, Emergency Management and Programs Branch (EMPB), which was announced on December 4, 2013.

The new senior management team is committed to management excellence and adopting the recommendations in this audit. Investments in integrated human resources and business planning, risk assessments and work place improvement initiatives will be made, coupled with a thorough review of our priorities and resource requirements. This will be done with the support and guidance of key internal corporate management functions in the Corporate Management and Portfolio Affairs and Communications Branches. The department's response will ensure that EMPB becomes a stronger organization, capable of meeting the demands of today, responsive to the needs of its stakeholders, and able to meet the expectations of the future. The Branch will address its systemic budgetary shortfalls, develop an integrated risk management approach to inform decision-making, and stabilize the organization. Senior Management will focus on creating the conditions for success, including:

Chief Audit Executive (CAE) Signature

____________________________

Acknowledgements

The Internal Audit and Evaluation Directorate would like to thank the all those who provided advice and assistance during the audit.

1.0 Introduction

1.1 Background

Under the legislative authority of the Emergency Management Act (EMA) and through the Federal Policy on Emergency Management, the department of Public Safety and Emergency Preparedness (PS) has articulated an Emergency Management (EM) Framework, which is predicated on an all-hazardsFootnote 1 approach, consisting of four inter-related pillars: prevention / mitigation; preparedness; response; and, recovery. Preparedness is defined as being ready to respond to a disaster and manage its consequences through measures taken prior to an event.  Individual federal institutions are responsible under sections 3 and 6 of the EMA for developing, exercising and evaluating EM plans in support of preparedness. EM plans include a range of instruments such as:

Under Section 3 of the EMA, Public Safety Canada is responsible for providing government-wide leadership and oversight over the EM activities of federal institutions – including their plans in the above-noted categories. Specifically, the department is expected to:

In 2009, the Office of the Auditor General conducted an Audit on Emergency Management - Public Safety Canada. In it, they noted that establishing and exercising federal leadership has been a challenge, a consistent risk management approach was lacking, and lessons learned had not been used to improve emergency response. Action plans have been put in place by management, some of which relate to issues also reported in this report, indicating that some underlying concerns continue to persist. A mapping of the linkages between the two audit reports has been provided under separate cover.

Public Safety Canada exercises its leadership and oversight role in this area through the Emergency Management and Regional Operations Branch (EM&RO). According to its 2013-14 Branch Business Plan, EM&RO: “enhances the safety and security of Canadians and the resiliency of communities and federal institutions by developing policies and delivering programs across the four core elements of emergency management. In support of the leadership role of the Minister of Public Safety for emergency management, the Branch coordinates the work of federal departments and agencies before, during and after emergency events, ensuring Canadians are better protected from the effects of major disasters, accidents and intentional acts”Footnote 2.

The Branch is comprised of five Directorates, including:

Important linkages to the National Security Branch also exist, in particular in relation to Critical Infrastructure and Strategic Coordination Directorate (CID), which is mandated to strengthen the resilience of Canada's critical infrastructure. This Directorate does this by coordinating risk management and information sharing activities with critical infrastructure sectors, federal departments and agencies, provinces/territories and international allies. While the concept of resilience is presently being elaborated upon through the development of a Resilience Strategy, one element of it relates to emergency preparedness, underscoring the relevance of linkages between EM&RO and National Security.

Prior to its creation in summer of August 2011, EM functions were performed by the former Emergency Management and National Security (EMNS) Branch. In 2011, EMNS was split into two new branches, to create the National Security Branch and the current EM&RO Branch within which was vested responsibility for, among other key functions, leadership and oversight in respect of EM Planning.  At various intervals in its history, the Branch received core and sun-setting funding to support EM-related priorities.   Most of the funding received through these submissions was not “fenced”. As a result, the Deputy Minister had the authority to reallocate funds to other priorities, as required, subject to any reporting requirements. Included was:

Included Priorities

Time Frame

Submission Name

General Purpose

October 2006

Securing an Open Society Canada's National Security Policy – Implementation of Emergency Management and National Security Initiatives (Sun-setting funding)

Funding was for the establishment of a Quality Assurance Framework for Business Continuity Planning and for the development of the National Exercise Program which included a baseline study, planning and delivery of priority national exercises in support of Government priorities.

December 2006

Enhancement of core emergency management capacity (Core funding)

This included funding for Government Operations Center, Regional Capacity, Policy Capacity, International Liaison, National Exercises, and National Training.

June 2009

Augmentation of emergency management capacity within Public Safety and Emergency Preparedness (Sun-setting funding)

This included Government Operations Centre, Policy and Program Capacity, and Continuity of Government

December 2011

Renewed funding for the Continuity of Government Program (On-going funding)

Funding through this submission allows the Continuity of Government program to continue to work with federal departments to strengthen business continuity management and assist PS in fulfilling its mandate as the lead federal department for EM activities.

September 2012

Implementation of National Security and Emergency Management initiatives under the action plan for Perimeter Security and Economic Competitiveness (Sun-setting funding)

This included funding for plans and capabilities for Emergency management.

March 2012

Support for the Government of Canada's Provision of Essential Federal Services to the Toronto 2015 Pan American and Parapan American Games (Sun-setting funding)

PS is responsible for working with provincial, local and federal partners to coordinate whole-of-government multi-jurisdictional all hazard exercises prior to the event to confirm the event security structure that functions with the emergency management structures of the host community/province and to confirm the preparedness levels specific to the event.

Since its establishment as a single branch, EM&RO has undergone a number of organizational changes including the introduction of the functional management model for regional operations and a Branch restructuring in April 2012. In 2012, in the course of restructuring, the Deficit Reduction Action Plan (DRAP) was implemented and had the following implications for EM&RO:

The DRAP changes – notably the closure of the College – drove further organizational and business changes in the Branch, most significantly in the National Emergency Preparedness Directorate, where a new organizational structure was created and new directions are being planned. For this, the Directorate is developing its roadmap for change, entitled “The Way Forward”.

1.2 Audit Objective

The audit objective was to provide reasonable assurance that the core management controls in place across EM&RO Branch are adequate and effective to:

It is important to note that the audit objectives and scope were adjusted mid-way through the audit. The original audit objective was focused more heavily on the EM planning and leadership function. Audit evidence gathered in the early stage of the examination phase compelled the audit team to increase the audit's focus on the Branch's management control framework. This scope adjustment, which was approved by the Deputy Minister, led to an adjusted set of lines of enquiry, which are outlined below in 1.4.

1.3 Scope and Approach

Two broad lines of enquiry were used to target the audit. The key questions posed in relation to each are provided below:

Key Questions

Line of Enquiry

Objective

Practices Examined

Scope

EM&RO Management Control Framework

Public Safety Canada puts in place an adequate and effective management control framework to enable the achievement of program objectives.

  • Mandate, Planning and Performance
  • Governance
  • Human Resources Planning and Management
  • Financial Planning and Monitoring

Entire Branch, with some focus on National Emergency Preparedness Directorate (NEPD) & Regions given the amount of change

EM Leadership & Oversight Controls

Public Safety Canada exercises its role under the EMA by cohesively setting direction and systematically overseeing federal institutions. Lessons learned from oversight and from national exercises are shared and integrated into direction and guidance.

  • Guidance
  • Monitoring of Federal Institutions
  • National Exercises
  • Lessons Learned

Emergency Management Policy and Planning Directorate (EMPPD)

NEPD (Continuity of Government Program (CoG) and National Exercises Division (NED)

Appendix B provides a summary of the audit criteria against which the audit was conducted.

The audit generally covered the 2012-13 period, but in light of the continued evolution of a number of processes, some of the testing was done on an “under development” basis, examining the processes as they are evolving to provide management with timely advice and insight.

It is important to note that the audit focused solely on the processes and mechanisms owned by the Department.  While governance and communication mechanisms used to engage federal institutions were examined, those that were owned by parties outside the Department were outside the scope of the audit.

WindReach Consulting Services Inc., contracted through Murray Management Consulting, was retained to lead the audit and to direct the audit team. The audit was conducted in accordance with the professional standards of the Institute of Internal Auditors' International Professional Practices Framework (IPPF) and the Treasury Board Policy on Internal Audit. Audit methods included interviews, documentation review and testing to ascertain the adequacy and effectiveness of controls.  Limited consultations with other similar departments and agencies were used to gain insight into the governance mechanisms through which PS engages federal institutions. 

1.4 Risk Analysis

Public Safety Canada exerts its leadership and oversight role against the backdrop of internal and external business conditions that inherently expose the Department to a range of operational and strategic risks. Specifically:

The detailed risks to which the Department is exposed as a result of this part of its business are summarized in Appendix A. These risks were identified during the planning phase of the audit based on extensive interviews and documentation review. The goal of risk-based auditing is to focus the audit examination on the areas that are characterized by the greatest degree of inherent risk. In this way, resources are used efficiently and value to management is optimized. Guided by these risks, the audit's audit objectives, scope and lines of enquiry were identified.

1.5 Audit Opinion

In my opinion, the governance, risk management and controls in this area of departmental activity are not yet in a sufficient enough state of maturity to provide reasonable assurance that the objectives of Public Safety Canada will be achieved. Opportunity exists to build on existing practices, some of which are already being enhanced, and to strengthen the adequacy (design) and effectiveness of internal controls.   

1.6 Conclusions

Recommendations have been made throughout this report with a view to providing efficient and effective remedies to noted challenges. Going forward, in addition to responding to specific recommendations, we encourage management to bear in mind the inter-connectedness of the system of internal control. Strengths in one area will engender and reinforce strengths in others. Strong program “foundations” such as strategic policy directions and common and clear expected results need to be established to define expectations and provide the frame for important and difficult management decisions that must be taken in a complex environment. These foundations must be coupled with other important management foundations, including strong leadership, trust, communications and unity. These practices, together with more mature governance and resource management controls will enable the department to allocate its resources in the areas of greatest importance, make tough but informed decisions and make the course corrections that will inevitably be required in an ever-changing environment. Program integrity and performance will follow.

To achieve these benefits, a significant amount of senior-level reflection will be needed, possibly leading to more change. While change can be positive, it must also be managed constructively and prudently. As the Branch has already experienced a significant amount of change, we encourage management to examine the required changes cohesively and implement them systematically and in a timely fashion to manage any risk that may come from further transformation.

1.7 Statement of Conformance and Assurance

The audit conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program.

In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed upon with management. The opinion is applicable only to the entity examined.

2.0 Findings and Recommendations

2.1 Program and Management Foundations

The point of departure for this audit was an examination of the EM&RO Management Control Framework (MCF). The MCF is comprised of a range of governance, risk management and control processes that collectively provide a foundation for good management, program integrity and results.  The audit found that some recent efforts have been made to reinforce governance and control mechanisms in some areas. These efforts are positive and should be built upon. The following areas are highlighted as those that should be considered priorities going forward.

2.1.1 Mandate and Strategic Directions

A clear sense of organizational mandate and direction is vital for any complex organization and is particularly critical for organizations, such as EM&RO, which are undergoing change. Thus, the audit examined the degree to which clear, well-communicated and commonly understood directions were established for the EM&RO Branch. Directions examined included legislative authority, policy directions and plans and priorities.

The audit found that legislative foundations exist in the EMA. As would be expected, legislation provides an important, but high-level and broad frame for operations. While critical, the EMA is insufficient on its own as a program foundation, in light of its breadth. Thus, it is complemented by the federal Policy on Emergency Management (2009), which is intended to provide a policy orientation for the government, department and branch in relation to EM.   In examining the extent to which the policy acts as an appropriate directional instrument, the audit found that the federal policy does not provide sufficient strategic policy orientations that are meaningful to direct lower-level program and branch decisions. Of concern is the fact that the federal policy, which mirrors the EMA, tends to be compliance-oriented and is not directional in its focus, limiting its value to Branch and program decision-makers in helping to frame program decisions and directions.

The audit found evidence that some effort is being made within EMPPD to examine and re-define an “EM Doctrine”, including the key principles, tenets and elements of EM and how they inter-relate. As noted earlier, the four “pillars” of EM are the primary basis of EM, yet some policy thinking is underway regarding these pillars, their points of interconnection and the links to other concepts such as mitigation and resilience – some of which also relate to directions being taken in National Security Branch.  At the moment this policy dialogue is limited to a series of discussions between the Directors General of EM&RO.   In light of the significance of this discussion and its impacts on departmental policy direction, these discussions should be made more horizontal in nature, engaging other departmental players in charting the way forward.

In addition to legislative and policy directions, the audit also examined strategic and operational plans to determine if current planning instruments provide appropriate direction to operations. For the timeframe within the audit's scope, no strategic plan existed, although a three-year plan has recently been published. We are encouraged by this development and while the plan's establishment was outside the timeframe defined by our scope, its contents were examined by the auditors to provide timely insight and advice to management. We noted some areas for improvement that if made, would provide valuable guidance and direction to the EM&RO branch. Among the concerns noted include:

Thus, we are concerned that the strategic plan does not yet provide a meaningful or robust enough directional instrument.

The audit also noted that insufficient directions exist in relation to major change initiatives. Of specific concern here is the move to an enhanced regional presence and the adoption of a functional management model. While initiated in 2011 and implemented in 2012, the audit found that some key elements of the model had not been satisfactorily defined, including the expected results, the detailed concept of operations and the resource requirements. To be sure, evidence exists that at the time of the initiative, analysis was done in support of the transformation, but insufficient attention appears to have been placed on defining in detail, the end-state and the corresponding results and accountabilities. We are encouraged by recent efforts to address outstanding issues and to more explicitly define the functional management model. In pursuing these definitional questions, the Department is encouraged to define specific expected results and outcomes to be achieved, along with concrete roles, responsibilities and accountabilities. Most importantly, this must be done against a common backdrop of the Branch's mission and expected results, which the audit found were insufficiently developed.

In the absence of a common frame, strategic direction or common expected results, the audit found that program directions are being set in various pockets throughout the Branch without fulsome integration or alignment. These issues are reported below.

2.1.2 Direction-setting Mechanisms & Resource Allocation

The audit examined the mechanisms by which EM&RO sets its branch and directorate priorities and allocates resources to these priorities. We found that the Branch develops plans at various levels of the organization, but the planning processes and the resultant plans and expected results are fragmented and misaligned. Simply stated, plans at the Branch and Directorate level are being developed in relative isolation of one another, with limited cross-pollination.  As well, the explicit consideration of risk, past performance and broader priorities was not in evidence as inputs to direction-setting. Further, the audit found that some important directions are set on a one-off basis, without consultation, dialogue or scrutiny from across directorates.  These conditions greatly increase the risk of misalignment of priorities across the Branch, make it more challenging for the Branch to allocate its resources in a consistent fashion and make it more difficult for the Department to speak with one voice to the federal community. Downstream adverse impacts on efficiency, effectiveness, cohesion and credibility of the Branch and the Department are the consequences. By contrast, a powerful positive impact can be realized if efficient, informed and integrated planning mechanisms exist to develop common and internally aligned priorities. Of significant benefit is the positive impact such mechanisms have on an organization's ability to allocate its scarce resources to areas of greatest priority.   The commitment to pilot an integrated business/HR plan is a positive step forward, but we do note that the current strategic plan was developed without HR's involvement; further, we are concerned that until such time as the strategic directions of the Branch are confirmed, the identification of meaningful and targeted HR strategies will not be possible.

Complementing the Branch's planning processes, another important management practice that helps set direction is the organization's performance measurement and management processes. The processes by which an organization sets, communicates and measures its expected results are powerful mechanisms to chart the way forward, monitor progress and adjust course as necessary. The audit found that expected results and related measures and targets are specified in the annual Branch business plan but no evidence exists that they are used as the basis for operational oversight and accountability.

As noted above, the audit sought to determine the manner in which directions are set and appropriately resourced. Thus, upon examining the methods by which plans and priorities were set, we also examined the processes according to which human and financial resources were allocated to them. The goal here was to ascertain whether the Branch had systematic and regularized resource allocation mechanisms that are informed by appropriate inputs and overseen by appropriate scrutiny and challenge. These controls are vital to ensure that scarce resources are allocated fairly, objectively and appropriately (i.e., to areas of greatest need). Equally important, they ensure that activities which are not deemed to be of importance or reflective of broader priorities are not funded at the expense of other areas of priority. The importance of these controls cannot be overstated – particularly in an organization such as EM&RO where financial sustainability has been a concern for some time. Resources are finite and, in some cases, shrinking. Organizations must have mechanisms to ensure that people and dollars are appropriately targeted and in line with formally established directions and expected results. To do otherwise, exposes the organization to risks around program integrity and challenges the principles of stewardship of public funds.

While monitoring of the Branch's financial situation is increasing, the audit has concluded that current human resources and financial processes do not yet provide sufficient control from a resource allocation perspective. Specific insights are provided below.

From an HR perspective, just as the organization has not yet sufficiently defined its vision and strategic direction for the Branch, neither has it defined the core competencies and skill sets required for the new organization. While some effort has been made within some areas of the Branch to point to new competencies, requirements have not yet been formalized nor anchored on a broader, Branch strategy or direction. Further, no Branch or directorate human resources plan, tied to EM&RO's strategic or business plan, exists to guide and support the scrutiny and challenge of HR investment decisions (i.e., staffing, training, deployments, etc.). As noted earlier, the plan to pilot the development of an integrated HR-business plan in the Branch is a positive step; but again, it must be stressed that this must be preceded by a clear sense of common Branch business directions and expected results.

As noted below under Section 2.1.3, Governance and Oversight, the Branch's Financial Management Committee plays an oversight / monitoring role with respect to HR decisions, in the same way that the Departmental Management Committee exercises oversight over staffing departmentally. The audit examined the robustness of the Branch processes to scrutinize HR investments and concluded that mechanisms and tools are not adequate or effective to assess and challenge new hires. Opportunity exists to strengthen the tools to compel managers to justify the affordability, criticality and reasonableness of the hires, as well as the impacts on financial sustainability and program integrity. To be sure, the nature of the discussion at the Financial Management Committee may indeed focus on these factors; however, as no records are kept of these meetings, the audit could not conclude on this fact. More than a question of maintaining an audit trail, appropriate record keeping provides an important history of management's deliberations and decisions, which provides valuable control in a time of change and turnover.

Closely related to human resources decisions, is the Branch's approach to organizational design. As noted in the report's introduction, the Branch has undergone change in its organizational structure for many years. Within the National Emergency Preparedness Directorate, another organizational change is underway. As this was the only Directorate to have recently changed its structure, the audit examined the processes by which these decisions were taken and governed. We found that no formal processes or governance exists to ensure that organizational design decisions are reviewed, justified, approved or linked to specific, endorsed Branch business strategies. Of concern is the fact that a new NEPD organizational structure has been implemented and embedded in Branch plans, without formal justification or approval. Some dialogue has taken place with Human Resources, but no classification review of new NEPD positions has been done.  In short, more attention needs to be placed on regularizing organizational design practices to ensure that the rationale and impacts of planned organizational changes are fully scrutinized and justified – both from a business and a classification perspective.

Concerns around scrutiny and justification for resource allocation extend to financial planning. The audit found that Branch budgeting does not formally consider priorities, risks and expected results – in other words, no formal process exists to ensure that budgets are allocated to commonly understood priorities, areas of high risk or areas where performance is lagging. Notional budgets tend to be allocated in accordance with previous years' allocations, augmented by divisional budget forecasts. Any resulting budgetary shortfall is paid for evenly across directorates, regardless of risk or results to be achieved. Thus, we are concerned that the processes do not assure that the Branch's top priorities will be appropriately funded. Of equal concern, in a time of resource constraints, is the risk that areas of lower priority will receive funding that is not justified, at the expense of more pressing program results. For instance, the audit noted that in some areas of the Branch, organizational units mandated with administration and corporate business planning were created and staffed at a level higher and more senior than some areas of core programming. No concrete evidence was available to demonstrate management's consideration of the implications of these decisions. Not only does this example not pass the test of reasonableness, but it also calls into question the effectiveness of governance around such resource allocation decisions.

While improvements need to be made to the allocation processes, the audit did note that processes and controls are in place to monitor Branch budgets throughout the year. Specifically:

However, as noted above, regardless of the nature of transfers / reallocations, there is nothing formalized to consider the implications on operations, priorities or expected results.

Interviews with Corporate Management Branch and, specifically, the EM&RO FMA, did indicate that the ability to challenge and raise issues with respect to reallocations appears strong.

Finally, the other main concern in relation to financial management controls is the current approach to deficit management. At present, an unsustainable financial situation exists in EM&RO, with respect to salary expenditures. For the year within audit scope (fiscal year 2012-13), the Branch had a salary budget of $19.2M but had approximately $23.2M forecasted for indeterminate employees. The audit found that the deficit is managed by conversion of O&M monies to salary and through a reliance on temporary funding. No mechanism exists to assess the impact of the O&M conversion to salary dollars and no guidance on what is appropriate. Further, although management is transferring O&M to cover salary commitments, lapsing of funds continues. Of greater concern, the audit was unable to identify any long-term strategy of management's to fundamentally address the structural issues. This, coupled with the weak planning and resource allocation controls greatly increases the risk related to the sustainability of programming, a risk which will be further exacerbated with previously approved DRAP cuts that are planned for implementation in the coming year.

2.1.3 Internal Governance & Oversight

Another key element of an organization's management control framework is its governance structure and processes. Collectively, the governance bodies of the Branch, the information they consider and the scrutiny they provide enable oversight, due diligence and stewardship. In EM&RO, the Branch Management Committee (BMC), extended Branch Management Committee (E-BMC) and Financial Management Committee (FMC) are vested with governance responsibilities, including direction-setting, scrutiny and challenge of decisions as well as oversight and monitoring. These mechanisms are critical – particularly during times of change and resource constraints.  

The audit found that the recent creation in 2011 of the aforementioned committee structure has been positive. Membership of these committees is appropriate; however, the audit could not conclude on the effectiveness of these committees in discharging their oversight responsibilities because no records are kept of their discussions or decisions. From interviews, the audit noted that the FMC plays a review and challenge function on key decisions such as staffing, but again, we are not in a position to confirm the quality or robustness of this function.

Another important element of governance is a clear sense of organizational and functional roles and responsibilities, which sets the foundation for accountability and operational effectiveness and efficiency. Thus, the audit examined the degree to which roles and responsibilities across EM&RO are clear, aligned and well communicated. The audit found that some important roles and responsibilities of directorates are overlapping and are not always clear. This is compounded by weak internal communication and organizational silos that exist between organizational units, an issue which is discussed at greater length below, under section 2.1.4, Control Environment. Areas of overlap include:

Concerns such as those identified above increase the risk to the Department that functional authority in the area of EM planning may not be clear or cohesive, which could have consequences in terms of the Department's ability to lead federal institutions. Clarity on who speaks for Public Safety Canada is critical, as is the consistency of the message being conveyed.

The audit found that the above-noted condition may be partly caused by the existence of persistent internal silos and ineffective communication between Directorates. These issues are further discussed below.  

2.1.4 Control Environment

An important area of the management control framework is the suite of practices that collectively comprise the “control environment”.  Often referred to as “informal” or “soft” controls, elements such as trust, communication, values and “tone at the top” lay the basis upon which more formal control mechanisms operate. A strong and robust control environment enables a commitment to formal practices and often, when organizations are in a state of change or turmoil, can provide important compensating mechanisms for changing or weakened formal controls. Thus, the examination of the control environment was considered a highly important element of this audit.

The audit found that the current state of the control environment is not strong. Interviews with staff and management from across the Branch indicated a considerable lack of trust, poor communication and, of considerable concern, a lack of unity and cohesiveness in the Branch management team.  Collectively, these conditions greatly challenge the state of governance across the Branch, working against the dialogue, cooperation and communication that are needed for good oversight and operational effectiveness. Fundamentally, the current state is not in conformity with the departmental values that were formally defined and adopted in 2012. The remedy is strong and definitive leadership. Tone at the top, while challenging to measure, is vital in unifying a team, in setting expectations for appropriate behavior and for managing appropriately when expected behavior is not realized. Executive leadership, including the firmness of direction and the extent of oversight, does not appear to be commensurate with the Branch's risk profile.

The audit also noted, in large measure, a very low level of morale. This may be attributable to a range of factors, but is most likely caused by the constant state of change and the lack of clear direction. The management and leadership issues noted above may also compound this – or at a minimum, do little to address it. Of concern is the impact that low morale has on formal controls. Employee commitment and engagement is needed to ensure that formal controls and business processes are applied as intended. It is important to note that work place issues have been identified as a priority by management in the Strategic Plan and we are encouraged by this focus. However, we remain concerned that the current state of employee morale may have downstream impacts on the strength of the formal control processes across the Branch.

Recommendations

  1. The ADM of EM&RO should review and re-confirm the Department's vision, policy direction and 'doctrine' in relation to EM. This effort should be horizontal in nature and should be conducted in the context of the broader departmental policy orientations. As such, the process should engage in a proactive and meaningful fashion, other key stakeholders including the Strategic Policy Branch and the National Security Branch. The Departmental Policy Committee should be also be engaged.
  2. Upon confirmation of the departmental policy direction and “doctrine”, the ADM of EM&RO should conduct a fundamental review of the Branch's mission and resource levels. The goal should be to determine, definitively:
    • the functions, expected results and required resources of the EM&RO Branch; and,
    • the roles, responsibilities and accountabilities of HQ functions and regional offices, under the Functional Management Model.
  3. The ADM of EM&RO, in consultation with the ADMs of Strategic Policy Branch and Corporate Management Branch should revise the EM&RO strategic planning process so that it allows for:
    • An appropriate environmental scan to be done;
    • An achievable set of common branch-level priorities to be identified based on past performance, risk and common expected results;
    • Performance indicators and targets to be developed for the stated priorities; and,
    • HR and financial resourcing strategies to be identified in line with priorities and expected results.
  4. The ADM of EM&RO should enhance Branch governance by:
    1. designing and implementing a Branch performance dashboard that tracks progress against strategic and operational plans and ensuring that it is reviewed periodically by BMC and FMC as part of formalized oversight and decision-making processes;
    2. enhancing and institutionalizing the tools used by BMC and FMC to scrutinize staffing actions and other major changes (such as program directions and organizational design decisions), compelling management to present and defend the criticality, affordability and impacts (positive and negative) of these changes;
    3. working with CMB to develop financial planning tools that allow for resource allocation / re-allocation to be influenced/informed by:
      • alignment with Branch and departmental priorities;
      • mitigation of departmental or corporate risks; and,
      • achievement of pre-defined expected results.
      Where transfers are being made from one area to another, enhanced tools should compel managers to present the impact of these transfers on the program from which the money is coming.
    4. ensuring that records of decision are maintained for BMC and FMC meetings, to provide an appropriate history of management oversight and decisions, as well as the rationale for said decisions.
  5. The ADM of EM&RO should ensure that the new organization created for the National Emergency Preparedness Directorate is examined by Human Resources for compliance with classification standards.
  6. As part of their broader priorities to enhance the Branch work place, the ADM of EM&RO should conduct a Branch-wide work place assessment to thoroughly understand the state of the informal work environment.

2.2 EM Leadership and Oversight

The second major line of enquiry of this audit related to the adequacy and effectiveness of the practices that Public Safety Canada has in place to lead federal institutions in the discipline of EM Planning, as well as the mechanisms they have to oversee institutional activities and results, in accordance with Section 3 of the EMA. Findings are provided below.

2.2.1 Clarity and Cohesiveness of Guidance to Federal Institutions

The audit expected to find that the Department established clear and cohesive guidance for federal institutions in relation to EM planning. Without this, there is an increased risk that federal institutions will not fulfil their responsibilities under the EMA in an appropriate or consistent fashion.   The audit found that various types and forms of guidance are provided by Public Safety Canada to help direct EM planning activities of federal institutions, including an EM Planning Guide, a BCP Guide, the Federal Emergency Response Plan, etc.  Working from this guidance, we examined its consistency with the EMA and the degree of alignment the various pieces of guidance have with one another. We have concluded that while guidance is generally in line with EMA and Federal Policy on Emergency Management, it is fragmented in its form. Specifically, there is no overarching EM planning guidance document that outlines and links all the EM planning requirements of a given institution. This, coupled with the lack of strategic direction and definitional instruments, creates an unnecessarily complex and potentially inefficient situation for federal institutions. This is further compounded by the aforementioned concerns regarding the unclear functional roles and responsibilities within PS in relation to EM planning.

In Section 2.1.3 of this report, Internal Governance & Oversight, the audit noted that insufficient linkages of both a formal and informal nature exist between the operations and policy functions of EM&RO. While we understand that the two are separated for reasons of division of labour, more linkages are needed to ensure that lessons learned from assessments and exercises are embedded in guidance and policy.

Guidance to federal institutions is provided in many forms, not simply written guidance and direction. The inter-departmental structures that bring together all parties and provide a forum for dialogue and information sharing are equally important. The key inter-departmental fora are the committee structures that comprise the Emergency Management Committees (EMCs) which exist now at the Deputy Ministerial (DM), Assistant Deputy Ministerial (ADM) and Director General (DG) levels.  To test the effectiveness of these mechanisms, the audit team did some direct examination and enquiry in relation to these governance structures, and also relied on the results of a recent program evaluationFootnote 4 that also opined on the state of inter-departmental governance.

The audit noted that structures are indeed in place, but, by most accounts, are in need of improvement – both from an efficiency and effectiveness perspective.  The audit found that these structures exist and provide a mechanism for information sharing from Public Safety Canada to federal institutions. The relatively new DM-EMC has been cited as being particularly helpful to allow for senior executive engagement and dialogue on pressing issues and emerging priorities. The audit is concerned, however, that the lower-level committees are not working as effectively and have noted some opportunities to enhance the efficiency, focus and utility of the fora and discussions that take place at them.

Specifically, the audit found that ADM-EMC is too large to be effective as a bi-directional communication and engagement mechanism. Similar issues exist with DG-EMC. As a result, ADMs and DGs often send delegates, limiting engagement with senior personnel across government on key decisions and directions. In short, there is not a sufficient forum for substantive, government-wide engagement, direction-setting or signals-checking for matters related to EM Planning.

As well, while DG-EMC exists to engage Directors General in EM discussions, a similar, but differently composed DG committee has recently been formed, focused on emergency response (one sub-set of EM). The DG Emergency Response (DG-ERC) committee is more targeted in its membership and focused in its discussions; however, the role of this relative to the DG-EMC committee is not entirely differentiated. Opportunity exists for greater clarity so that overlap and duplication can be avoided.

Other fora exist for inter-departmental engagement, in some cases on more targeted topics, such as the planning on national exercises. The Inter-departmental Exercise Coordination Committee (IECC), chaired by Public Safety Canada is mandated with “promoting, co-ordinating and facilitating the development, design, conduct and evaluation of institutional, federal, national, and international exercises in accordance with the requirements of the Emergency Preparedness Act”Footnote 5. The audit concluded that there is an opportunity to strengthen the governance and engagement around exercises by increasing the extent of senior representation and enhancing the opportunities for substantive engagement of members on exercise planning. This issue is discussed in greater length in Section 2.2.3, National Exercises.

2.2.2 Monitoring from Federal Institutions

As with any functional authority, Public Safety Canada not only sets direction in relation to EM planning, but also is responsible for monitoring the extent to which the direction is being adhered to. Legislative authority for this function rests in Section 4 (c) of the EMA through which the Minister is mandated with “analyzing and evaluating emergency management plans prepared by government institutions”. In keeping with this mandate, the audit assessed the degree to which the Department effectively planned for and monitored federal institutions and their EM plans.   Specifically, we assessed the extent to which the Department's monitoring is planned based on risk and also tested the rigour of the monitoring practices in use.  Included in the scope of monitoring functions examined were the SEMP evaluation processes and the BCP monitoring mechanisms. The national exercise program, which is both a monitoring and a lessons learning mechanism, is discussed separately below.

The audit found that the monitoring of federal institutions' EM planning is done in a fragmented and, in some cases, insufficient fashion. From a positive perspective, the assessment of SEMPs is done on a regularized basis and prioritized based on established criteria. While the criteria are not risk-based, the process ensures that the departments with Emergency Support Functions (ESFs) are prioritized first for assessment. The audit did note some areas of concern with respect to the methodology used for the SEMP evaluations. The focus is placed on the structure, design and completeness of the SEMP document rather than the plan's operational effectiveness. While there is a requirement for the departments to test their own SEMPs, none of those sampled in our auditFootnote 6 had been tested.

As BCPs are also considered EM plans, Public Safety Canada is also responsible for monitoring federal institutions in relation to their BCP activity. Authority for this originates with the Policy on Government Security and TBS Operational Security Standard – Business Continuity Planning (BCP) Program.   Like SEMP evaluations, responsibility for the monitoring of BCP activity rests with the Continuity of Government Program, within the National Emergency Preparedness Directorate. Since 2007, the program has gathered information on departmental continuity planning through TBS's Management Accountability Framework (MAF) process. However, in 2010, TBS suspended its assessment of Area of Management 8, (Security), through which the BCP information was being assessed. Therefore, since this time, no monitoring of BCPs has been done. Despite this suspension, Public Safety Canada retains the responsibility for monitoring.

On a related note, even if the MAF process was resumed in this area, we remain concerned that monitoring via MAF self-assessment is not, by itself, methodologically sufficient for assessing the operational effectiveness of business continuity planning across government. We also note that discussions are underway to tie the SEMP evaluation to the MAF. As such, we remain similarly concerned about using the MAF assessment as the main vehicle for assessing institutions' SEMPs.

In light of the noted weaknesses in the monitoring of federal institutions, we are concerned that the Department does not have sufficient or effective mechanisms to appropriately gauge the readiness of federal institutions in the face of emergencies. As well, lack of monitoring limits the Department's ability to gain insight into the strengths and challenges within federal institutions which itself should inform Public Safety Canada's directions, policy and guidance. It is important to note that we understand that consideration is being given to “reinvigorating” the Continuity of Government Program, an effort that may include refreshing the logic model and expected results. We strongly encourage this effort and see it as a useful exercise to better define the priorities and program directions.  

2.2.3 National Exercise Program

The exercising of emergency management plans is a critical mechanism to test and assure the operational effectiveness of the plans and, where effectiveness is not optimal, to improve.  Responsibility for exercises is a shared one. Individual federal institutions are responsible for exercising their EM plans. Under section 4 (n) the EMA, Public Safety Canada has a legislative mandate to conduct exercises. In response to this requirement, the Department established in 2006, a National Exercises Program, the objective of which was to optimize the capacity and capability to prepare for, prevent and mitigate, respond to and recover from an emergency.

Thus, the audit sought to determine if the Department applied a systematic approach to planning and conducting of exercises in areas of “national interest”.   We found some important opportunities to strengthen the National Exercise Program.

First, we examined the clarity with which roles and responsibilities are defined within Public Safety Canada. As noted under Section 2.1.3, Internal Governance & Oversight, we concluded that functional direction, which ought to be effected by the National Exercises Division, can be reinforced and greater leadership exercised by this group.

The audit also found that the national exercise calendar is developed, but concluded that the process for its development is not robust enough to ensure all necessary inputs are considered, particularly threat information. As well, we identified opportunities to strengthen internal and external coordination and dialogue around the calendar's development. Within Public Safety Canada, the alignment and coordination of internal players (NEPD: NED, EMPPD, GOC, NS) is not always optimal, leading to missed opportunities for information-sharing that could be valuable for identifying plans of interest, areas of risk and thus, the plans that ought to be exercised nationally. Similarly, inter-departmentally, while information sharing and approval fora are in place (i.e., IECC and ADM-EMC), they are not enabling substantive engagement of federal institutions in developing the national exercise calendar. On a related note, insufficient mechanisms appear to exist to understand and align with established exercise programs in federal institutions.  While it is understood that Public Safety Canada cannot be active in all exercises led out of federal institutions, results of these exercises nonetheless provide important insight for Public Safety Canada in support of future calendar development and lessons learned.

2.2.4 Learning Lessons

Collectively, the SEMP evaluations, the BCP assessments and the national exercises all provide information to Public Safety Canada and federal institutions on the state of the government's readiness for an emergency. Thus, the feedback loops from these mechanisms are powerful controls that enable the Department to learn, share lessons government-wide and continually enhance the level of government of Canada readiness. In light of this, the audit examined the mechanisms that exist to learn and share lessons. Moreover, the audit assessed the extent to which these lessons are fed back into government-wide policy and direction.

As noted above under 2.2.2, Monitoring of Federal Institutions, in the last two years, no BCP assessments have been done. As a result no lessons learned, trends, or analysis have been completed or communicated. Thus, Public Safety Canada does not have any current insight into the extent to which federal institutions are prepared to continue their internal operations in the event of an emergency.

The audit did note that the results of the SEMP evaluation (including areas for improvement) are presented formally to institutional heads. Further, results are summarized in high-level, aggregate form and presented to DM-EMC as well as to the Deputy Minister of Public Safety Canada, who himself also receives detailed results on evaluated institutions. Thus, the evidence indicates that some feedback loop exists, although our earlier-noted observations around the robustness of the SEMP evaluation methodology leave outstanding concerns in relation to meaningfulness of the information being provided back to departments.

Finally, the audit also examined the degree to which lessons from national exercises are learned and shared with relevant stakeholders. The audit found that a formal process for lessons learning exists in the form of after-actionFootnote 7 reports, for which the lead department is responsible. These reports are exercise-specific and are not rolled up, compared with other reports or analyzed in the aggregate for trends or systemic issues or risks. Through Public Safety's Capability Improvement Process (CAIP), exercise-specific corrective actions committed to by lead institutions are documented by Public Safety Canada and are shared with Interdepartmental Exercise Coordination Committee. However, as with the after-action reports, no trend analysis is conducted. As well, no consolidated list of outstanding corrective actions is produced by the Department for institutional action, monitoring or for EMC oversight. It is important to note that Public Safety Canada has no authority to ensure institutional recommendations are implemented as intended.

By way of summary, the audit concluded that insufficient mechanisms exist to learn from and share insights stemming from monitoring mechanisms – which themselves are not as robust as they could be. Not only does this limit the value of the monitoring that is done, but it also limits Public Safety Canada to themselves to internalize lessons and embed insights into their direction, policy and guidance.

Recommendations

  1. The ADM of EM&RO should review the suite of guidance provided to departments and confirm its alignment with the reconfirmed EM vision, mission and policy direction (see Recommendation 1). Where possible, guidance to federal institutions in relation to EM planning should be consolidated.
  2. The ADM of EM&RO should enhance the efficiency and effectiveness of the ADM and DG Emergency Management Committees by revisiting and focusing their mandates and membership to ensure meaningful engagement on key questions is possible. Consideration should be given to focusing membership on the institutions that comprise the Emergency Support Functions, with a broader audience being engaged on an as-needed basis.
  3. The ADM of EM&RO should enhance and streamline the monitoring of federal institutions' EM plans. To this end, they should examine the objectives and approaches for the SEMP and BCP assessments, seeking opportunities for streamlined and meaningful evaluation of institutional readiness, while meeting the requirements of the EMA and the Operational Security Standard for BCP.
  4. The ADM of EM&RO should enhance and document the process for national exercise calendar development, ensuring that it:
    1. appropriately considers and integrates information on risk from across the Department and across government;
    2. ensures that senior level representatives are appropriately engaged, either through the IECC or through some other mechanism; and,
    3. takes into consideration exercise activities that are being led by others across the federal government To this end, management should maintain a current list of exercises being led across the federal government.
  5. The ADM of EM&RO should aggregate trends and themes from various lessons learning mechanisms to provide strategic input into exercise planning, policy and guidance to federal institutions.
  6. The ADM of EM&RO should put in place a process by which outstanding corrective actions committed to by federal institutions are reporting periodically to DM-EMC.

Appendix A: Detailed Risk Analysis

The following table summarizes the key risks that were identified as being inherent relevant to Public Safety Canada in the areas of policy development, priority-setting and planning.

Risk Areas & Potential Risk Event

Process Risks

Culture Risk

Information for Decision Making Risks:

Alignment Risks

Human Resources Risk:

Communications Risk

Appendix B: Audit Criteria

Audit Criteria

MANAGEMENT CONTROL FRAMEWORK
Public Safety puts in place an adequate and effective management control framework to enable the achievement of program objectives.

1. Mandate, Planning and Performance

EM&RO defines and communicates results-based directions, plans and accountabilities, aligned with its mandate and broader priorities.

2. Governance

There is a well-defined and applied governance regime at the branch, department and government level that enables information sharing, coordination, communication of direction and oversight (of both branch and government results)

3. HR planning and Management

EM&RO allocates its human resources in a manner that is aligned with established priorities and in accordance with HR policy and directives.

4. Financial planning and monitoring

Adequate and effective financial management controls exist to enable compliance with policy and legislation and to ensure alignment with directions (e.g., DRAP commitments, Mandate, and TB submission).

EM LEADERSHIP & OVERSIGHT CONTROLS
Public Safety exercises its role under the EMA by cohesively setting direction and systematically overseeing federal institutions. Lessons learned from oversight and from national exercises are shared and integrated into direction and guidance.

5. Guidance

The department establishes clear and cohesive guidance for federal institutions in relation to EM planning.

6. Monitoring of Federal institutions.

Public Safety establishes plans and mechanisms for monitoring, evaluating, and analyzing of federal institutions EM plans using a robust, risk-based methodology. Monitoring and evaluation plans are implemented.

7. National Exercises:

Public Safety Canada applies a systematic approach to enable the planning and conducting of exercises in areas of “national interest”.

8. Lessons Learned

Lessons learned from oversight and from national exercises are shared and integrated into direction and guidance.

Footnotes

  1. 1

    EM planning based on an all-hazards approach recognizes that the causes of emergencies can vary greatly (from natural disasters to intentional or malicious factors), but many of the effects do not. EM Planning based on an all-hazards approach allows planners to address emergency functions common to all hazards in the basic plan instead of having unique plans for every type of hazard.

  2. 2

    2013-14 Branch Business Plan, Emergency Management and Regional Operations Branch.

  3. 3

    After action reports are required to document the result of an exercise. In the event of an actual incident, After-incident reports are prepared.

  4. 4

    While direct provision of training was ceased as a result of DRAP, commitments were made to retain a federal role in standard-setting and promotion of EM training to federal employees, through a partnership with the Canada School of Public Service (CSPS). Responsibility for curriculum development, training and training administration now rests with the CSPS.

  5. 5

    Evaluation report http://www.publicsafety.gc.ca/abt/dpr/eval/mrgnc-prvntn-eng.aspx

  6. 6

    Inter-departmental Exercise Coordination Committee Terms of Reference.

  7. 7

    The audit sample included SEMPs from 5 of the 13 Emergency Support Functions: RCMP, TC, CNSC, CBSA and DFAIT.

Date modified: