Skip to main content

Novel Coronavirus — July 23, 2021 Update: Explore Scouts Canada’s actions as we continue to follow the direction of government and health agencies in maintaining public health. View recommendations and stay informed here.

NOTE: All Scouts Canada Staff will be on summer break from Monday, July 26 to Tuesday August 3. All offices are closed.

Risk Management Standards

Introduction

Risk management is a disciplined approach that enables an organization to identify, assess, rank, prioritise, mitigate, and monitor the risks that threaten the achievement of the organization’s strategic objectives. Every organization is susceptible to risk in many different areas: operational, market, legal, environmental, reputational, brand, liability, financial, and property. All parts of our organization are subject to risk with varying degrees of impact and likelihood.

No organization, including Scouts Canada, can develop a comprehensive set of guidelines or procedures that will cover all possible risks. Scouts Canada has identified the need to address specific higher-risk program areas such as shooting sports, swimming, aquatics, transportation, watercraft etc. In these instances, separate standards and guidelines are provided for specific reference. However, when activities and programs fall outside of these specific guidelines, the responsibility of identifying, evaluating, and executing a safe program belongs to the Scouting entities wanting to conduct the activity or program.

For the purposes of application in Scouts Canada – we identify two key components in risk management:

  • Risk Identification and Assessment: Risks are identified and assessed in a consistent and systematic manner in order to enable the application of consistent and appropriate risk management strategies.
  • Risk Mitigation and Review: Risks are prioritised, assigned mitigation strategies and monitored in a consistent and systematic manner in order to reduce risk to acceptable levels and ensure sustained performance at all levels of the Scouts Canada organization.

Our Standards

  1. These standards apply to the National Leadership Teams, National Key 3 (NK3), National Operations and major events (“High Risk Event” classification).
    1. These standards are not intended for councils, functions, groups or sections (at this time).
    2. For the purposes of clarity: National Operations in this context includes: Property Operations, Business and Field Services, Finance, Information Technology, Retail, Asset Management, Human Resources, Safe Scouting, Communications, Fundraising, Philanthropy (Revenue Development) and Program Design.
  2. The objective of these standards are to consistently identify and assess risks, to prioritise risk mitigation actions to reduce or eliminate risks within our organization to within acceptable levels, and to develop risk monitoring strategies to ensure sustainability.
  3. Accountable volunteers and employees are responsible for ensuring risks are effectively identified and assessed to enable effective management in the areas of: personal health & safety, child & youth safety, environment, regulatory, property, assets, financial and reputation (brand).
    1. We identify and assess risks before deciding on controls and mitigation.
    2. We apply a formal risk identification and assessment process consistent with the Scouts Canada Risk Management Procedure to identify and assess risks.
    3. We assess each risk identified using the Scouts Canada Risk Matrix and rank risks before we decide how to reduce.
    4. We plan, risk mitigation / control measures to reduce risks to a level we can accept using the risk management hierarchy.
    5. We implement actions based on risk controls and risk mitigation.
    6. We monitor risk mitigation in a timely manner and ensure risk controls are effective before using them.
    7. We ensure competent review of risk controls to ensure all risks are eliminated or managed to acceptable levels and improve the plans as risks change.
    8. We close risks as mitigations are effectively implemented.
    9. We document risks in a risk register or other appropriate tool and monitor changes to ensure all risks have a management strategy to acceptable levels.
    10. We communicate risks and mitigation / controls them to anyone affected.
  4. We use formal processes to identify, evaluate and manage risk:
    1. Identify Risks
      1. Risk identification and assessment shall be conducted by competent individuals representing relevant program (technical) disciplines and with appropriate experience.
      2. All sources of risk must be considered including:
        1. People (e.g. competency, training, organization, leadership)
        2. Process (e.g. planning and management processes)
        3. Equipment (e.g. supply, quality assurance/inspections, maintenance, access to expertise, critical documentation, etc.)
        4. Change (e.g. impact to objectives or conditions such as legislative or regulatory change)
      3. For properties and equipment owned or operated by Scouts Canada: risk identification and assessment shall identify critical processes, equipment and associated information.
    2. Assess Risks
      1. Risk assessment shall use the Scouts Canada Risk Matrix. Which shall be used to evaluate if risk exceeds an acceptable risk tolerance level.
      2. Each risk shall be assessed based on its potential impact and likelihood of occurrence in order to determine the risk level.
      3. Consideration shall be given to relevant external significant events and Scouts Canada enterprise-wide experience to assign impact and likelihood.
      4. Residual risks evaluated as ‘high’ and ‘extreme’ must be given priority to determine if additional risk treatment strategies are required.
    3. Plan and develop risk mitigation controls (treatment)
      1. At a minimum, risks with high or extreme risk levels as defined in accordance with the Scouts Canada Risk Assessment Matrix, are assigned an appropriate risk control, mitigation plan or action with a dedicated risk owner and agreed timeframe for closure.
      2. A formal risk management hierarchy is used to evaluate and implement risk mitigation controls (treatments): eliminate the risk, reduce the risk, lessen the impact of the risk and limit severity of the consequence.
      3. Risk controls shall be reviewed and approved by competent individuals representing relevant program (technical) disciplines and with appropriate experience.
    4. Implement risk mitigation controls (treatment)
      1. Risk controls shall be implemented as per the agreed plan and schedule.
      2. Risk controls reviewed and approved by competent individuals representing relevant program (technical) disciplines and with appropriate experience.
    5. Monitor risk
      1. Risks assessment shall be updated when change occurs including a change in significant assumptions, operating environment or operating objectives.
    6. Improve Risk Assessment is iterative
      1. At a minimum, risk identification and assessment shall be reviewed annually or as specified by regulatory or legislative requirements.
      2. Risk assessments shall include personnel familiar with the project, or in the case of a Scouts Canada property, personnel familiar with that property.
    7. Close Risks
      1. Risk controls shall be closed when:
        1. The risk is no longer relevant.
        2. The time during which the risk could occur has passed.
        3. The risk has occurred.
        4. The risk has been fully managed.
      2. Risk controls shall be closed and approved by competent individuals (usually the risk owner) representing relevant program (technical) disciplines and with appropriate experience.
    8. Document Risks
      1. Risks shall be formally documented including significant assumptions, current implemented risk controls and mitigation, the inherent and residual risk rating, and if applicable, proposed risk mitigations (actions).
      2. All risks will be documented according to the Scouts Canada Risk Management Procedure and in a Risk Register (or appropriate alternative).
      3. At a minimum, the Risk Register will be reviewed annually.
    9. Communicate Risks
      1. As required, the risk or designated action owner shall be accountable to escalate and communicate risk information consistent with the requirements outlined in the Scouts Canada Risk Management Procedure.
      2. Risks and outcomes of assessment shall be communicated as defined within the Scouts Canada Communication Standards.

Uncontrolled When Printed: When printed, document cannot be guaranteed to have the current information and should be used with caution. This document is marked “uncontrolled” and the user is responsible for determining if the current version is active. To find the most updated version, please refer to Scouts Canada BP&P on Scouts.ca.