Effective date: February 23, 2012
Responsibility: Vice-President and Chief Financial Officer
- Statement of Policy
- Risk Management Objective
- CBC/Radio-Canada’s Risk Appetite
- Roles and Responsibilities
- Person Responsible for Interpretation and Application
- Department Responsible to Update This Webpage
- Appendix A – Risk Management Procedures and Guidelines
As Canada’s national public broadcaster, CBC/Radio-Canada occupies an important place in the Canadian broadcasting system and faces a unique set of risks to its plans and operations. Like all broadcasters, the Corporation must adapt to technological changes, shifts in demographics and evolving consumer demands, as well as structural changes in the industry. As a public broadcaster with a statutory mandate to serve all Canadians, CBC/Radio-Canada also faces unique financial challenges and risks.
It is CBC/Radio-Canada policy to develop, implement and practice effective risk management to ensure risks and opportunities that impact the Corporation’s strategies, objectives and operations are identified, assessed and managed appropriately.
CBC/Radio-Canada’s risk management objective is to support the achievement of the Corporation’s strategic and operational objectives by:
- Ensuring risks and opportunities are properly identified, assessed, managed and reported;
- Aligning risk appetite and strategy;
- Embedding risk management in decision making;
- Allocating resources to effectively and efficiently manage risks; and
- Ensuring that the risk management process is robust and evolves with best practices.
CBC/Radio-Canada’s risk management objective is not to eliminate risk, but rather to manage risk in relation to CBC/Radio-Canada’s risk appetite.
Additional guidance is provided in the Procedures and Guidelines.
The Corporation’s risk appetite is influenced primarily by its role as Canada’s national public broadcaster whose mandate, object, powers and financial authorities are set out in the Broadcasting Act. It is the Corporation’s policy to identify, prioritize and manage the risks of the Corporation and to report to the Audit Committee of the Board on the actions to address any significant risks using the Corporation’s risk appetite as context.
The present policy applies to all CBC/Radio-Canada employees. Managers and staff have a responsibility to identify, assess and manage risk. This includes monitoring risks and related controls to continually optimize the control of risks across the entire organization.
CBC/Radio-Canada’s Risk Management Program is part of an enterprise-wide approach integrated into business processes. Responsibility for risk management is shared amongst the following groups: CBC/Radio-Canada’s Board of Directors; the Board’s Audit Committee; the Senior Executive Team; Internal Audit; and operational units.
The Board oversees CBC/Radio-Canada’s key risks at a governing level, approves major policies and ensures that the processes and systems required to manage risks are in place. The Board is ultimately accountable for the risk management process, including the risk culture, risk appetite and alignment of the Corporation’s risk management practices with strategy, risk appetite and stakeholders’ expectations.
The Audit Committee of the Board discharges its stewardship and oversight responsibilities over risk management by monitoring key risks, discussing their status with management at quarterly Audit Committee meetings, and ensuring that management has programs for evaluating the effectiveness of internal controls.
The Senior Executive Team identifies and manages risks, reports on CBC/Radio-Canada’s key risks to the Audit Committee and the Board, recommends policies, and oversees financial reporting and internal control systems. The Senior Executive Team is also responsible to help resolve cross-component risk issues and challenges.
Internal Audit plans its audits in accordance with the results of the risk assessment process and provides assurance that major risks are covered on a rotational basis by the annual audit plan. Internal Audit is responsible for assessing the effectiveness of risk management practices and processes.
Media and support business units initially identify and assess risks through the annual business plan process, and develop and execute detailed plans to manage risks. Risks are prioritized based on their potential impacts and their likelihood of occurring. The status of risk mitigation on these identified risks as well as any emerging risks are reported to the Board’s Audit Committee on a quarterly basis.
Every manager is responsible for integrating sound risk management planning and process into the business processes they are responsible for and for reporting risks with causes, impacts, or mitigations beyond their scope of responsibility to their supervisor.
Every employee is responsible for applying sound risk management within the scope of their duties and responsibilities and reporting risks with causes, impacts, or mitigations beyond their scope of responsibility or available resources to their supervisor.
Risk Management and Insurance within Corporate Finance and Administration is responsible to coordinate, review and manage the overall key risk identification and reporting process.
COSO Enterprise risk Management – Integrated Framework
ISO 31000 – Risk Management – Principles and Guidelines
- 2.2.16 Occupational Health, Safety and Environment
- 2.2.18 Crisis Management
- 2.2.21 Code of Conduct
- 2.3.8 Delegation of Financial Authorities
This policy, which is a formalization of the process that has been in practice since 2007, was approved by the Board of Directors on February 23, 2012.
All questions pertaining to the interpretation or application of this policy should be referred to the Director, Insurance & Risk Management. The responsibility for interpretation of this policy ultimately resides with the Vice-President and Chief Financial Officer.
“Enterprise Risk Management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” (COSO)
Risk is defined as the effect of unexpected positive or negative events or consequences on objectives. Risks include business environment, process, strategic and financial risk.
“Risk appetite is the amount and type of risk that an organization is willing to pursue or retain” (ISO Guide 73). Risk appetite is influenced by external legislation and policies, stakeholder expectations and CBC/Radio-Canada’s Board of Directors’ guidance.
RISK IDENTIFICATION AND ASSESSMENT
Risk identification and assessment is integrated into the annual business plan process.
Risk assessment and management is a process to determine the threats and opportunities that components must identify and effectively manage to achieve component business objectives, successfully execute component strategies, and meet component performance goals. The risk assessment considers all forms of risk, including business environment, process, strategic and financial risk.
Within CBC/Radio-Canada, the risk assessment and management process begins with the Environmental Outlook presented to the Board of Directors.
The process then moves to the annual business plan process within which each component identifies and assesses their component risks to achieving component objectives and highlights their action plans to mitigate these key risks. Risks are evaluated and ranked by components using a common set of evaluation criteria and risk definitions provided in the Business Plan Guidelines. The ranking is determined by risk score, which is a function of the assessed risk’s impact and likelihood of occurrence, each measured on a scale of 1 (low) to 5 (high).
In order to assist components in completing the risk assessment and action plans, the following resources are attached:
- Schedule 1 – CBC/Radio-Canada Business Risk Definitions
- Schedule 2 – CBC/Radio-Canada Risk Assessment Definitions
- Schedule 3 – CBC/Radio-Canada Risk Management Model
The component risks are aggregated into a risk register. The risks identified by the components and forming the risk register are categorized by commonality. The corporate ranking of the key risks is compiled and presented to the Senior Executive Team for approval. Risks assessed with a corporate risk score below 12 continue to be reviewed and managed by components but are not reported on in detail at the Board level.
The business risk definitions are provided as reference to assist in the identification of risks by media and the support business units. The CBC/Radio-Canada’s business risk definitions are organized into three primary risk categories:
- Strategic and Financial Risks
Strategic risks are the risks of failing to achieve strategic objectives. Strategic objectives are high-level goals, aligned with and supporting the CBC/Radio-Canada’s mission/vision. Financial risks are the risks of failing to allocate scarce resources to meet strategic objectives and investment decisions and/or failing to manage financial pressures.
- External Environment Risks
External environment risks are external influences and matters outside of the Corporation’s control impacting the Corporation’s ability or potential to achieve corporate goals. Structural changes in the conventional television industry are an example of such a risk.
- Process Risks
Process risks encompass operations, people and information process and technology. Process risks are the risks of failing to achieve operational objectives. Operational objectives relate to the effectiveness and efficiency of the CBC/Radio-Canada’s basic operations, including the safeguarding of resources against loss.
The annual business plan process culminates in the Annual Risk Report that is presented to the Audit Committee in February and to the Board of Directors in March of each year. The risks assessed with a score below 12 continue to be reviewed and managed by media and support business units but are not reported on in detail at the Board level. The Annual Risk Report is made up of two sections:
- Status Update of the Key Risks as at December 31 of the fiscal year in question; and the
- Key Risks and Mitigation Strategies for the upcoming fiscal year starting April 1st.
Risk Management updates are a standing agenda item at quarterly Audit Committee meetings. These Risk Management updates provide the status of the identified key risks and action plans as well as identify changes is risk levels and any emerging risks. The Risk Management Updates are provided to the full Board as an information item.
RISK MANAGEMENT PROCESS COORDINATION
Risk Management and Insurance within Corporate Finance and Administration is responsible to coordinate and manage the overall data gathering process and report preparations for the Annual Risk Report as well as the Quarterly Risk Management Updates.
SCHEDULE 1: Business Risk Definitions
| Advertising Revenue/Competitor |
| Operations |
News Information and Programming
| Strategy, Budget and Planning |
Investment Evaluation/New Revenue Initiatives
| People |
Change in Leadership
Health & Safety/Wellness
| Information Process/Technology |
Information Technology Infrastructure
EXTERNAL ENVIRONMENT RISK
|1||Advertising Revenue/ Competitor||Events such as programming schedule performance, ongoing industry fragmentation, shift in advertising vehicles, economic downturn/upturn or change in audience demographics, may result in a change to advertising revenues.|
|2||Technological Innovation||Leveraging emerging technologies resulting in operational efficiencies or inefficiencies. Multi-media program offering to attract audience does not achieve targets. Risk that content provided by third parties is attributed to CBC/Radio-Canada.|
|3||Government/Political||The government or any future government may affect CBC/Radio-Canada's mandate and operational and capital funding levels impacting its ability to create programming and maintain current service levels to Canadians. Continuing risk related to annual funding vs. multi-year commitments. Federal deficit reduction agenda may continue to influence future appropriation levels.|
|4||Catastrophic Loss||Chemical, biological or contagious contamination incident(s), damage to the Corporation's files and owned or leased assets resulting from a fire, disruption of power supply, explosion, earthquake, terrorism or any other incident may disrupt the operations of the Corporation, result in liability to third parties and/or damage the Corporation’s reputation.|
|5||Regulatory||Ability to meet CRTC requirements/conditions of licences; compliance with the Broadcasting Act, Industry Canada, Labour Canada, Income Tax Act, etc. requirements/ regulations may impact the Corporation's capacity to efficiently conduct business and its competitive position. The Canadian Media Fund and/or the Local Programming Improvement Fund rules may affect the Corporation's share of the fund's budget thus impacting its ability to create programming.|
|6||Industry||Changes in the Radio, Television and New Media industry such as changes to copyright laws and to the definition of "broadcast", changes in value for signal rules, vertical integration or consolidation of industry players or new means of creating and delivering content, may affect the way the Corporation does its business.|
|7||Financial Markets/Economy||Movements in interest rates may affect the returns on the Corporation's investments and its capacity to re-invest the returns into programming activities. Movements in interest rates also impact the pension plan’s funding and solvency position and where there is a deficit, the Corporation must fund that deficit. Movements in foreign exchange rates may affect payments denominated in foreign currencies, such as foreign bureau operations and rights payments as well as the Corporation's capacity to contain costs. Inflation impacts the Corporation's operating and capital expenses.|
|8||Compliance/Multiple Stakeholders||Compliance with one of its multiple stakeholders' requirements, union agreements, corporate policies and procedures, rights contracts, or laws may result in penalties or other costs. Ability to comply with or respond to Access to Information legislation or personal information and privacy protection legislation.|
|9||Efficiency||Ability to leverage our assets; successfully implement new processes and technologies; achieve benefits from site consolidations or other initiatives.|
|10||Partnering/Outsourcing||Alliance or partnering agreements (i.e., Sirius, Profac/SNC O&M, internal audit (Deloitte & Touche), independent producers etc.) impact the operations of the Corporation.|
|11||Business Interruption||Business interruptions arising from: industrial relations such as labour disputes and contract negotiations; terrestrial collection and distribution network failure; satellite failure; broadcasting and/or business information systems failure; ageing corporate real-estate portfolio, and ageing radio transmitter portfolio.|
|12||Environment||Ability to comply with all applicable environmental regulations and/or response to changes in environmental standards which may result in fines, penalties, legal action and/or loss of reputation.|
|13||News Information and Programming||Ability to adhere to journalistic practices policy. Ability to effectively apply editorial/content management.|
|14||Change in Leadership||Turnover of members of the Senior Executive Team, key members of the component management team or members of the Board may create uncertainty for CBC staff and the public regarding expectations and vision and may affect the Corporation's competitive position and reputation. Change in support from Senior Management and work force changes may impact attainment of business objectives.|
|15||Succession Planning||Ability to plan for the succession of key employees and managers may impact operations.|
|16||Workforce Composition||Experience level of staff and training of staff to deal with new corporate initiatives, such as major new technology project implementations and post-implementation demands, may impact the Corporation's operations. Optimizing the work force environment and capabilities may result in change in productivity, creativity, resilience and efficiency.|
|17||Health & Safety/Wellness||Ability to provide a safe working environment for the Corporation's employees impacts compensation liabilities, business reputation and other costs. Wellness issues such as psychological distress impacts well being, morale and performance. Workload issues created when employees are required to do more with fewer resources.|
|18||Communications||Internal communications may result in a change in employee efficiency, performance and motivation and may contribute to labour disruption. External communications, as well as the use of Social Media by staff, may affect the image and reputation of the Corporation to its stakeholders.|
|19||Change Readiness||Implementation challenges and successes of major initiatives (like news renewal or the consolidation projects), due to factors such as planning or receptiveness of employees may affect the image and reputation of the Corporation.|
|20||Management/Employee Fraud||Fraudulent activities perpetrated by employees against the Corporation, such as misappropriation of assets, may expose the Corporation to financial loss or impair its reputation.|
|21||Information Technology Infrastructure||Information technology infrastructure (e.g., LAN, Desktop Television and Radio, internet bandwidth, web sites) meeting the needs of its users in an efficient and cost-effective way. Breach of information technology security.|
|STRATEGIC AND FINANCIAL RISK|
|22||Strategy, Budget & Planning||Clarity of vision and strategy (positioning) of the Driving Towards 2015. Relevance, reliability and/or completeness of information being used to establish business plans and operating and capital budgets impacts financial conclusions and decisions. Ability to allocate scarce resources to meet strategic objectives and manage financial pressures. Adequacy of financial contingency planning compounding the impact of certain risks, if they materialize – change in advertising revenue, change in production costs to cover special events, change in government funding, etc.|
|23||Investment Evaluation/New Revenue Initiatives||Ability to evaluate major investments made by the Corporation (e.g. accelerated digital television transmission rollout, broadcasting rights contracts, external productions and co‑productions, real-estate and other cost savings initiatives, etc.) to support investment decisions. Assessment of new revenue opportunities.|
|24||Financial Reporting||Ability to assess whether adjustments to or disclosures in the financial statements are required to fairly present the financial position of the Corporation, the results of its operations and its cash flows. Implementation of IFRS. Implementation of external quarterly financial reporting and reporting to CRTC on Local Programming Improvement Fund (LPIF). Existence and adequacy of internal controls on financial reporting. Failures may negatively affect the Corporation's reputation or may result in criminal liability to the Corporation.|
SCHEDULE 2: Risk Assessment Definitions
|Description / Example|
|5||Severe||Multiple deaths and/or significant asset loss with extreme consequences and/or total service cessation for a day or more and/or severe revenue or cost impact and/or severe impact on the Corporation’s reputation.|
|4||Major||Single death and/or multiple injuries and/or loss of asset(s) with high consequences and/or total service cessation for the number of hours and/or serious revenue impact or cost and/or major impact on the Corporation’s reputation.|
|3||Moderate||Individual injury and/or loss of asset(s) with medium consequences and/or partial service cessation and/or significant revenue or cost impact and/or moderate impact on the Corporation’s reputation.|
|2||Minor||First aid and/or loss of asset(s) with minimal consequences and/or minor service interruption and/or small revenue or cost impact and/or minor impact to the Corporation’s reputation|
|1||Insignificant||No injuries and/or minor loss of asset(s) and/or negligible revenue or cost impact and/or insignificant impact on the Corporations Reputation.|
|Description / Example|
|5||Almost Certain||The event is expected to occur in most circumstances.|
|4||Likely||The event will probably occur in most circumstances.|
|3||Possible||The event should occur at some time.|
|2||Unlikely||The event could occur at some time.|
|1||Rare||The event may occur only in the exceptional circumstances|
CBC/Radio-Canada's Risk Management Model