risk and compliance departmentbusiness plan 2012-2014

Table OF COnTenTs

1. Our Services 1.1 Our Mandate 1.2 Lines of Business

2. Accomplishments

3. Implementing Sustainability 3.1 Strategy 1 3.2 Strategy 2 3.3 Strategy 3

4. The Measures of Our Performance

5. Operating Budget

It is my pleasure to present to you Risk and Compliance Department’s business plan for 2012-2014. Our Department was established in March 2008 to enable the efficient and effective governance of significant risks and related opportunities to the organization and its departments. The Risk and Compliance Department assists the Municipality to accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the integrity and effectiveness of the Municipality’s systems of risk management and control for governance, management and operational functions.

As Director of the Department, I am accountable to enable the corporation to balance risk and reward through the Insurance Services, Compliance and Control, and Enterprise Risk Management (ERM) branches. As we progress through the strategies, actions and initiatives of our 2012-2014 Business Plan, I will guide the Department’s activities to ensure alignment with the priorities of the Municipal Development Plan, in particular

the priority to Enhance and improve corporate responsibility and governance. A fundamental of good governance is that sound legislation, administrative, monitoring and service delivery systems exist to help establish accountability for results. As a Department, we will delivery strategies, actions and initiatives that support the directions and strategies of the Municipal Development Plan.

Our Department strategy to improve corporate identification of and response to operational risk will support the Municipal Development Plan (MDP) strategy to promote effectiveness in service provision. Our strategy to enhance efficiency and effectiveness of business performance will likewise support the MDP strategy to promote the efficient use of resources in service delivery. Lastly, our strategy to develop and promote a systematic governance approach to setting the best course of action – which includes the implementation of Enterprise Risk Management, will support the MDP strategy to pursue advanced administrative practices and structures.

As we move forward with developing the new branches, I look forward to establishing best practices and high standards of excellence that support not only the MDP, but other Council and corporate priorities – in addition to the Municipality’s needs and requirements in risk management and compliance.

Sincerely,

Ralph Timleck, CMA, CIA, CISA Director, Risk and Compliance DepartmentRegional Municipality of Wood Buffalo

Message FrOM The DireCTOr

our SERVICES

Our Mandate1.1The Risk and Compliance Department will assist the corporation in creating a healthy organization with a strategic focus on resource management and planning for the future. To achieve this we will work towards embedding an organizational enterprise risk management culture throughout the organization. The department will concentrate on effectively assessing and addressing strategic, reputational, operational, financial, and legal or compliance related risks to the Regional Municipality of Wood Buffalo as well as assisting Municipal management in enhancing efficiency and effectiveness of business performance through reviews of business processes and activities of the Municipality.

our SERVICES

Our Mandate Lines of Business1.2risk Management (insurance services)

Improve corporate identification of and response to operational risk.

• Develop policies and processes to identify, document, insure, monitor and communicate risks.

• Promote risk awareness and stakeholder roles in operational risk.

Compliance and Control

Enhance efficiency and effectiveness of business performance.

• Create mandates, procedures and processes to support the functions of audits in Compliance and Controls Branch

• Conduct audits in accordance with the annual audit plan

enterprise risk Management

Developing and promote a systemic governance approach to setting the best course of action.

• Implement Enterprise Risk Management (ERM) as a method to balancing risks with opportunities

• Develop policies and processes to identify and communicate risks

• Educate Municipal management team on departmental function and Enterprise Risk Management

ACCOMPLISHMENTSThe Risk and Compliance Department continued to evolve in 2011 with the Insurance Services, Compliance & Control and Enterprise Risk Management branches.

The Insurance Services branch is now fully staffed allowing their attention to be focused on the ongoing processes and procedures to help provide risk management services to the organization and customer service to our clients. The development and implementation of the intranet and internet pages ensures that our citizens as well as internal clients have the tools to ensure that various stakeholder risks are identified and addressed.

The Compliance and Control branch is currently staffed with a Senior Auditor and an Auditor with plans to fill the positions of Manager and another Auditor by the end of 2011. In December 2010 a review of current risk assessment practices across all departments of the municipality was done in

preparation of the 2011 Audit Plan. The assessment was based on key areas within the Departmental Business Plans: organizational structures, business objectives, project control, risk management polices and processes including services, staffing need and other resources required to achieve their business objectives. Other areas covered included the Municipality’s property management, exposure to potential liabilities in the course of conducting their activities, cost saving opportunities, and sound risk management techniques. Eight audits have been completed to date with more on the horizon.

The Enterprise Risk Management branch is in the process of filling the Manager position. In September of 2010 a training session for the ERM Framework was done. The ERM Methodology – ISO 31000 was introduced and steps to further educate the organization are ongoing.

ACCOMPLISHMENTS

implementing SUSTAINABILITY

In 2012-2014, the Risk and Compliance Department will support the implementation of the Municipal Development Plan through the delivery of Strategies, Actions and Initiatives that support many areas of the MDP. Some of the key points of alignment between the MDP and the Department’s 2012-2014 Business Plan are as follows

promote effectiveness in service provision

6.2.1

MuniCipal DevelOpMenT plan sTraTegy

promote the efficient use of resources in service delivery

6.2.2

MuniCipal DevelOpMenT plan sTraTegy

promote Community safety

6.1.5

MuniCipal DevelOpMenT plan sTraTegy

risk anD COMplianCe DeparTMenT 2012-2014 sTraTegy

In 2012-2014, the Department will

promote the efficient use of resources in

service delivery by creating mandates,

procedures and processes to support

the functions of audits in Compliance

and Controls Branch. By conducting

audits in accordance with the annual

audit plan, the Department will

enhance efficiency and effectiveness

of business performance.

Enhance efficiency and effectiveness of business performance

2risk anD COMplianCe DeparTMenT 2012-2014 sTraTegy

The Risk and Compliance Department

will support the MDP strategy of

promoting effectiveness in service

provision by improving the Corporation’s

identification and response to

operational risk. Department actions

in support of this will include: the

development of policies and processes to

identify, document, insure, monitor and

communicate risks; and the promotion of

risk awareness and stakeholder roles in

operational risk.

Improve corporate identification of and response to operational risk

1risk anD COMplianCe DeparTMenT 2012-2014 sTraTegy

The Department’s strategy to develop

and promote a systematic governance

approach to setting the best course of

action involves the implementation of

Enterprise Risk Management (ERM) as

an advanced administrative practice.

Initiatives in support of ERM will include

the development of a Corporate Risk

Profile and the establishing of process

compatibility with ISO31000.

Developing and promote a systematic governance approach to setting the best course of action

3

sTraTegiC plan priOriTy

Demonstrate leadership in climate change adaptation and mitigation

10

sTraTegiC plan priOriTy

Demonstrate leadership in climate change adaptation and mitigation

10

sTraTegiC plan priOriTy

Demonstrate leadership in climate change adaptation and mitigation

10

sTraTegy 1

Improve corporate identification of and response to operational risk

3.1

ACTION 1.1 Develop policies and processes to identify, document, insure, monitor and communicate risks

INITIATIVE 1.1.1Investigate the possibility of self-insurance of specific assets

INITIATIVE 1.1.4Investigate the possibility of providing physical risk/hazard inspection services to departments

INITIATIVE 1.1.2Create a Risk Management Manual

INITIATIVE 1.1.5Create a Motor Vehicle Usage Risk Management Strategy

INITIATIVE 1.1.3Create a Claims Manual

INITIATIVE 1.1.6Develop a process for managing evidence of insurance

INITIATIVE 1.1.7Review the Risk Management Policy for required updates

ACTION 1.2 Promote risk awareness and stakeholder roles in operational risk

INITIATIVE 1.2.1Create a Risk Management Communication Strategy for external stakeholders

INITIATIVE 1.2.2Develop an internal training plan for municipal employees

INITIATIVE 1.2.3Develop and maintain relationships with internal stakeholders

sTraTegy 2

Enhance efficiency and effectiveness of business performance

3.2

ACTION 2.1 Create mandates, procedures and processes to support the functions of audits in Compliance and Controls Branch

INITIATIVE 2.1.1Develop audit programs, processes and procedures

INITIATIVE 2.1.4Develop Standard Reporting Plans

INITIATIVE 2.1.2Develop required audit templates

INITIATIVE 2.1.3Acquire and implement audit software

ACTION 2.2 Conduct audits in accordance with the annual audit plan

INITIATIVE 2.2.1Conduct an Organizational Risk Assessment in conjuction with Enterprise Risk Management

INITIATIVE 2.2.2Develop an audit plan based on organizational risk assessment

INITIATIVE 2.2.3Train staff on specific technical requirements needed to support the yearly audit plan

INITIATIVE 2.2.4Conduct risk and compliance reviews of vendor’s processes and projects

sTraTegy 3

Develop and promote a systematic governance approach to setting the best course of action

3.3

ACTION 3.1 Implement Enterprise Risk Management (ERM) as a method to balancing risks with opportunities.

INITIATIVE 3.1.1Continue with development of the Corporate Risk Profile

INITIATIVE 3.1.4Ensure continuous Risk Management learning both in the Department and across the Municipality

INITIATIVE 3.1.2Establishing an Enterprise Risk Management process compatable with the requirements of ISO31000.

INITIATIVE 3.1.3Promote, monitor and guide the practice of Enterprise Risk Management

ACTION 3.2 Develop policies and processes to identify and communicate risks

INITIATIVE 3.2.1Prepare Whistleblower Policy

INITIATIVE 3.2.2Prepare Code of Conduct / Code of Ethics Policy

INITIATIVE 3.2.3Develop and implement Enterprise Risk Management policy

INITIATIVE 3.2.4Research best practices to identify further required policies

ACTION 3.3 Educate Municipal management team on departmental function and Enterprise Risk Management

INITIATIVE 3.3.1Develop and implement a communication plan for the department

INITIATIVE 3.3.2Implement Enterprise Risk Management training plans

the measures of OUR PERFORMANCEIn 2012-2014, the Risk and Compliance Department will measure the results of programs and activities on an annual basis. These measures will be a combination of output measures and outcome measures. Output measures support budgeting and planning processes by measuring the volume of work, and the demand for our services. Outcome measures based on client satisfaction allow us to determine if our work is meeting the expectations and needs of our internal clientele. The following is a listing of some of our performance measures in 2012-2014.

STRATEGY,

ACTION OR

INITIATIVE

PERFORMANCE MEASURE

2011

2012

2013

2014

1 Client satisfaction with the Municipality's Securing of insurance for assets TBD TBD TBD TBD

1 Client satisfaction with Claims adjusting services provided by Risk Management Branch TBD TBD TBD TBD

1.1 Number of policies and processes developed to identify, document, insure, monitor and communicate risks TBD TBD TBD TBD

1.2Client satisfaction with Risk and Compliance Department's Promoting business risk identification and

awarenessTBD TBD TBD TBD

2Level of agreement with the statement: The overall business performance of the Municipality is effective.

(Employee Survey of Internal Department Services)TBD TBD TBD TBD

2.1.1Level of agreement with the statement: The overall business performance of the Municipality is effective.

(Employee Survey of Internal Department Services)TBD TBD TBD TBD

2.2 Number of audits conducted TBD TBD TBD TBD

2.2.4 Number of risk and compliance reviews completed TBD TBD TBD TBD

operating BUDgETRISK COMPLIANCE

2009 2010 2011 2011 2012 2013 2014Actual Actual Budget Projection* Budget Plan Plan

REVENUES Taxes - - - - - - - Grants in lieu - taxes - - - - - - - Sales to other Governments - - - - - - - Sales/Goods - Services 639 - - - - - - Other Revenue From Own Services - - - - - - - Sale of Fixed Assets - - - - - - - Conditional Grants - - - - - - - Other Transfers - - - - - - - TOTAL REVENUES 639 - - - - - -

EXPENDITURES Salaries, Wages & Benefits 493,495 1,103,547 1,146,898 1,124,505 1,838,267 1,925,839 1,990,767 Contracted & General Services 916,373 1,124,352 2,103,884 2,181,386 2,146,920 2,152,000 2,156,216 Purchases from Government - - - - - - - Materials, Goods, Supplies & Utilities 4,354 10,913 12,500 12,500 11,500 11,845 12,200 Fixed Asset Acquisition - 8,482 4,000 4,000 10,000 10,300 10,609 Transfers & Grants - - - - - - - Financial Services Charges 50 135 200 200 300 309 318 Other Expenditures - - - - - - - TOTAL EXPENDITURES 1,414,272 2,247,429 3,267,482 3,322,591 4,006,987 4,100,293 4,170,111

OPERATING SURPLUS (DEFICIT) (1,413,633) (2,247,429) (3,267,482) (3,322,591) (4,006,987) (4,100,293) (4,170,111)

Contribution to Capital - - - - - - - Transfer from Reserve - - - (237,502) - - - Transfer to Reserve - 237,502 - - - - - PAYG - - - - - - -

SURPLUS/(DEFICIT) (1,413,633) (2,484,931) (3,267,482) (3,085,089) (4,006,987) (4,100,293) (4,170,111)

* Projection as of September 30, 2011

RISK & COMPLIANCESUMMARY OF REVENUES AND EXPENDITURES