Explore CBC/Radio-Canada
- Our vision for the future
  
  Discover our vision for what a strong public broadcaster, fuelling the growth of a strong cultural sector, looks like.
  More
- WHAT’S YOUR STORY, CANADA?
  
  CBC/Radio-Canada is putting the national public broadcaster at the heart of Canada’s 150th anniversary celebrations, helping inspire our nation to define itself for the next century.
  More
- Strategy 2020: Canada’s public space
  
  We are transforming the way we engage with Canadians. Creating connections with our audiences that are more personal, more relevant, more vibrant. Here's how we continue to modernize our public broadcaster.
  More
Reporting to Canadians
- Accountability Plan
  
  Further to the commitment set out in Budget 2016, CBC/Radio-Canada shares its Accountability Plan for the Government’s reinvestment in the public broadcaster.
  More
- Environmental Performance Report 2015-2016
  
  Our corporate environmental story is about sustainability. Sustainable actions lead to sustainable growth and, most importantly, result in sustainable measures to preserve our environment and protect the planet.
  More
- 2015-2016 Annual Report
  
  Through our many services, we are a place for conversations about issues that matter in our communities, across our country and around the world.
  Read
Media Centre
Commercial Services
Ombudsmen

Policy 2.3.32: Risk Management

Effective date: February 23, 2012
Responsibility: Executive Vice-President and Chief Financial Officer

Statement of Policy
Risk Management Objective
CBC/Radio-Canada’s Risk Appetite
Application
Roles and Responsibilities
References
History
Person Responsible for Interpretation and Application
Department Responsible to Update This Webpage
Appendix A – Risk Management Procedures and Guidelines

STATEMENT OF POLICY

As Canada’s national public broadcaster, CBC/Radio-Canada occupies an important place in the Canadian broadcasting system and faces a unique set of risks to its plans and operations. Like all broadcasters, the Corporation must adapt to technological changes, shifts in demographics and evolving consumer demands, as well as structural changes in the industry. As a public broadcaster with a statutory mandate to serve all Canadians, CBC/Radio-Canada also faces unique financial challenges and risks.

It is CBC/Radio-Canada policy to develop, implement and practice effective risk management to ensure risks and opportunities that impact the Corporation’s strategies, objectives and operations are identified, assessed and managed appropriately.

RISK MANAGEMENT OBJECTIVE

CBC/Radio-Canada’s risk management objective is to support the achievement of the Corporation’s strategic and operational objectives by:

Ensuring risks and opportunities are properly identified, assessed, managed and reported;
Aligning risk appetite and strategy;
Embedding risk management in decision making;
Allocating resources to effectively and efficiently manage risks; and
Ensuring that the risk management process is robust and evolves with best practices.

CBC/Radio-Canada’s risk management objective is not to eliminate risk, but rather to manage risk in relation to CBC/Radio-Canada’s risk appetite.

Additional guidance is provided in the Procedures and Guidelines.

CBC/RADIO-CANADA’S RISK APPETITE

The Corporation’s risk appetite is influenced primarily by its role as Canada’s national public broadcaster whose mandate, object, powers and financial authorities are set out in the Broadcasting Act. It is the Corporation’s policy to identify, prioritize and manage the risks of the Corporation and to report to the Audit Committee of the Board on the actions to address any significant risks using the Corporation’s risk appetite as context.

APPLICATION

The present policy applies to all CBC/Radio-Canada employees. Managers and staff have a responsibility to identify, assess and manage risk. This includes monitoring risks and related controls to continually optimize the control of risks across the entire organization.

ROLES AND RESPONSIBILITIES

CBC/Radio-Canada’s Risk Management Program is part of an enterprise-wide approach integrated into business processes. Responsibility for risk management is shared amongst the following groups: CBC/Radio-Canada’s Board of Directors; the Board’s Audit Committee; the Senior Executive Team; Internal Audit; and operational units.

The Board oversees CBC/Radio-Canada’s key risks at a governing level, approves major policies and ensures that the processes and systems required to manage risks are in place. The Board is ultimately accountable for the risk management process, including the risk culture, risk appetite and alignment of the Corporation’s risk management practices with strategy, risk appetite and stakeholders’ expectations.

The Audit Committee of the Board discharges its stewardship and oversight responsibilities over risk management by monitoring key risks, discussing their status with management at quarterly Audit Committee meetings, and ensuring that management has programs for evaluating the effectiveness of internal controls.

The Senior Executive Team identifies and manages risks, reports on CBC/Radio-Canada’s key risks to the Audit Committee and the Board, recommends policies, and oversees financial reporting and internal control systems. The Senior Executive Team is also responsible to help resolve cross-component risk issues and challenges.

Internal Audit plans its audits in accordance with the results of the risk assessment process and provides assurance that major risks are covered on a rotational basis by the annual audit plan. Internal Audit is responsible for assessing the effectiveness of risk management practices and processes.

Media and support business units initially identify and assess risks through the annual business plan process, and develop and execute detailed plans to manage risks. Risks are prioritized based on their potential impacts and their likelihood of occurring. The status of risk mitigation on these identified risks as well as any emerging risks are reported to the Board’s Audit Committee on a quarterly basis.

Every manager is responsible for integrating sound risk management planning and process into the business processes they are responsible for and for reporting risks with causes, impacts, or mitigations beyond their scope of responsibility to their supervisor.

Every employee is responsible for applying sound risk management within the scope of their duties and responsibilities and reporting risks with causes, impacts, or mitigations beyond their scope of responsibility or available resources to their supervisor.

Risk Management and Insurance within Corporate Finance and Administration is responsible to coordinate, review and manage the overall key risk identification and reporting process.

REFERENCES

COSO Enterprise risk Management – Integrated Framework
ISO 31000 – Risk Management – Principles and Guidelines
Management Policies:

HISTORY

This policy, which is a formalization of the process that has been in practice since 2007, was approved by the Board of Directors on February 23, 2012.

PERSON RESPONSIBLE FOR INTERPRETATION AND APPLICATION

All questions pertaining to the interpretation or application of this policy should be referred to the Director, Insurance & Risk Management. The responsibility for interpretation of this policy ultimately resides with the Vice-President and Chief Financial Officer.

DEPARTMENT RESPONSIBLE TO UPDATE THIS WEBPAGE

Corporate Secretariat.

APPENDIX A: RISK MANAGEMENT PROCEDURES AND GUIDELINES

DEFINITIONS

RISK MANAGEMENT

"Enterprise Risk Management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives." (COSO)

RISK

Risk is defined as the effect of unexpected positive or negative events or consequences on objectives. Risks include business environment, process, strategic and financial risk.

RISK APETITE

"Risk appetite is the amount and type of risk that an organization is willing to pursue or retain" (ISO Guide 73). Risk appetite is influenced by external legislation and policies, stakeholder expectations and CBC/Radio-Canada’s Board of Directors’ guidance.

INHERENT RISK

Inherent risk is the risk to an entity in the absence of any actions management might take to alter either the risk’s likelihood or impact, ie the level of risk prior to taking into account existing controls and any existing risk responses.

RESIDUAL RISK

Risk remaining after risk treatment, ie. the remaining risk level after taking into account existing controls and any existing risk responses.

RISK IDENTIFICATION AND ASSESSMENT

Risk identification and assessment is integrated into the annual business plan process.

Risk assessment and management is a process to determine the threats and opportunities that components must identify and effectively manage to achieve component business objectives, successfully execute component strategies, and meet component performance goals. The risk assessment considers all forms of risk, including business environment, process, strategic and financial risk.

Within CBC/Radio-Canada, the risk assessment and management process begins with the Environmental Outlook presented to the Board of Directors.

The process then moves to the annual business plan process within which each component identifies and assesses their component risks to achieving component objectives and highlights their action plans to mitigate these key risks. Risks are evaluated and ranked by components using a common set of evaluation criteria and risk definitions provided in the Business Plan Guidelines. The ranking is determined by risk score, which is a function of the assessed risk’s impact and likelihood of occurrence, each measured on a scale of 1 (low) to 5 (high).

In order to assist components in completing the risk assessment and action plans, the following resources are attached:

Schedule 1 – CBC/Radio-Canada Risk Management Framework
Schedule 2 – CBC/Radio-Canada Risk Definitions
Schedule 3 – CBC/Radio-Canada Risk Assessment Definitions
Schedule 4 – CBC/Radio-Canada Risk Management Model

The component risks are aggregated into a risk register. The risks identified by the components and forming the risk register are categorized by commonality. The corporate ranking of the key risks is compiled and presented to the Senior Executive Team for approval. Risks assessed with a corporate risk score below 12 continue to be reviewed and managed by components but are not reported on in detail at the Board level.

RISK CATEGORIES

The business risk definitions are provided as reference to assist in the identification of risks by media and the support business units. The CBC/Radio-Canada’s business risk definitions are organized into three primary risk categories:

Strategic Risks
Strategic risks are the risks of failing to achieve strategic objectives. Strategic objectives are high-level goals, aligned with and supporting the CBC/Radio-Canada’s mission/vision.
Financial Risks
Financial risks are the risks of failing to allocate scarce resources to meet strategic objectives and investment decisions and/or failing to manage financial pressures.
Business Risks
Business risks encompass content, operations, people and information process and technology. Business risks are the risks of failing to achieve operational objectives. Operational objectives relate to the effectiveness and efficiency of the CBC/Radio-Canada’s basic operations, including the safeguarding of resources against loss.

RISK REPORTING

The annual business plan process culminates in the Annual Risk Report that is presented to the Audit Committee in February and to the Board of Directors in March of each year. The risks assessed with a score below 12 continue to be reviewed and managed by media and support business units but are not reported on in detail at the Board level. The Annual Risk Report is made up of two sections:

Status Update of the Key Risks as at December 31 of the fiscal year in question; and the
Key Risks and Mitigation Strategies for the upcoming fiscal year starting April 1st.

Risk Management updates are a standing agenda item at quarterly Audit Committee meetings. These Risk Management updates provide the status of the identified key risks and action plans as well as identify changes is risk levels and any emerging risks. The Risk Management Updates are provided to the full Board as an information item.

RISK MANAGEMENT PROCESS COORDINATION

Risk Management and Insurance within Corporate Finance and Administration is responsible to coordinate and manage the overall data gathering process and report preparations for the Annual Risk Report as well as the Quarterly Risk Management Updates.

Schedule 1 – CBC/Radio-Canada’s Risk Management Framework

Schedule 2 – CBC/Radio-Canada Risk Definitions

Strategic Risks	Business Risks	Financial Risks
Political Policies and Mandate	Content and Services	Self-Generated Revenue
Competitive Environment	Quality and Distinctiveness of Content Offering	Financial Markets/ Economy
Technological Innovation	Journalistic Standards and Conflict of Interest	Financial Reporting
Strategy Development/ Refresh & Execution	Content that Responds to Changing Consumption Patterns	Budgeting & Planning
Reputation and Brand Management	Rights & Copyrights Management	Fraud
	*Operations*	Government Funding
	Efficiency
	Partnering/Outsourcing
	Implementation of Major Projects
	Business Interruption
	Regulatory/Legislative Environment
	Organisational and Governance Structure
	People
	Change in Leadership
	Succession Planning
	Engagement
	Change Readiness
	Health & Safety/Wellness
	Diversity
	*Infrastructure*
	Information and Cybersecurity
	Infrastructure Portfolio Optimisation

Risk Category	Risk Description	Examples
Strategic Risks
Political Policies and Mandate	The government or any future government may: change CBC/Radio-Canada's mandate, impacting programming and service levels to Canadians and their associated costs to implement; and/or introduce legislation that impacts operations, costs and/or the attainment of our strategic objectives.	Government legislative changes eg: (Access to Information, CMF, copyright) Government debt reduction agenda Broadcasting Act, S.C. 1991, c. 11 Commitment to public broadcasting and culture
Competitive Environment	Increased competition from vertically integrated BDUs and well-capitalized global players providing content (Google, Apple, Amazon, Netflix, Facebook) could impact CBC/Radio-Canada’s ability to achieve brand visibility and strategic objectives. Traditional broadcasting advertising continues to migrate from conventional to other platforms impacting the Corporation’s attainment of advertising revenue targets.
Technological Innovation	Failure to anticipate the next big trends in technology, content development, content delivery and/or content consumption, could threaten our connection with audiences and achievement of our strategic objectives.
Strategy Development/Refresh & Execution	Development of a strategic plan that is agile and can adapt to changing circumstances is critical to long-term sustainability and viability of the Corporation. Successful execution of our A space for us all strategy is critical to enable the long term success and relevance of our business.	Clarity of vision and strategy (positioning). Relevance, reliability and/or completeness of information being used to establish strategic plans impacts financial conclusions and decisions.
Reputation and Brand Management	Inability to respond swiftly, reasonably and proportionately to significant events or criticisms could impact our reputation. There is a risk that negative perception of CBC/Radio-Canada may decrease credibility, stakeholder support and funding.
Business Risks
Content and Services
Quality and Distinctiveness of Content Offering	Failure to continue to improve the quality, distinctiveness and innovation of our output in all genres while delivering a streamlined CBC/Radio-Canada could limit our ability to meet Canadian’s needs and expectations in an ever more competitive marketplace.
Journalistic Standards and Conflict of Interest	Failure to uphold our editorial values and standards in all our content could affect our ability to maintain high levels of Canadian’s trust, damage our brand or lead to legal exposure.
Content that Responds to Changing Consumption Patterns	Failure to deliver content when and how it is demanded, or to anticipate future consumption patterns could threaten our connection with, or relevance to, Canadians.
Rights & Copyrights Management	Failure by CBC/Radio-Canada to obtain, create and retain the rights and copyrights related to popular programming could adversely affect the Corporation’s revenues and relevance.
Operations
Efficiency	Ability to leverage our assets, successfully implement new processes and technologies, achieve benefits from organization redesign or site consolidations or other efficiency initiatives could impact the achievement of strategic or cost reduction targets.
Partnering/Outsourcing	Alliance or partnering agreements impact the operations, costs and/or reputation of the Corporation.	SNC Lavalin PricewaterhouseCoopers (PwC) Independent Producers Rogers Bell
Implementation of Major Projects	Delayed and ineffective implementation of major projects could compromise the delivery of the CBC/Radio-Canada’s strategic objectives.
Business Interruption	Inadequate business continuity and disaster recovery planning may increase disruption to operations, increase costs and damage the reputation of the Corporation.	Technical failure Catastrophic event Labour disruption Actions of third parties, including suppliers
Regulatory/Legislative Environment	Changes to regulatory or legislative requirements may: impact the Corporation's capacity to efficiently or effectively conduct business; impact the Corporation’s competitive position; may impact the Corporation’s costs and/or obligations; may impact its access to production funding and therefore its ability to create/license programming	Broadcasting Act CRTC requirements/conditions of licences; Industry Canada; Human Resources and Skills Development Canada; Income Tax Act; The Canadian Media Fund rules; The Office of the Superintendent of Financial Institutions (OSFI) may change the rules for federal pension plans and that may affect our pension liabilities and future contribution requirements; The Personal Information Protection and Electronic Documents Act (PIPEDA); Environmental regulations and standards; OCOL/CRTC joint jurisdiction over programming-related complaints.
Organisational and Governance structure	Failure to deliver a flexible and agile management and governance structure could limit our ability to respond quickly to new challenges and impact delivery of strategic priorities.
Infrastructure
Information and Cybersecurity	Cyber threats (hacking, computer viruses, denial of service attacks, industrial espionage, unauthorized access to confidential, proprietary or sensitive information or other breaches of network or IT security) are constantly evolving and IT defences need to be constantly monitored and adapted. Vulnerabilities could harm our brand and reputation as well as our stakeholder relationships.	Network operating failures and service disruptions may affect our ability to maintain normal business operations and deliver services The theft, loss or leakage of confidential information, including partner or employee information, that could result in financial loss, exposure to claims of damages by partners and employees, and difficulty in accessing materials to defend legal cases
Infrastructure Portfolio Optimisation	There is a risk that: Ownership of buildings with maintenance deficits increases operating costs, puts pressure on the capital budget and impacts the residual values of the property; Excess space and infrastructure affects operating and capital budgets as more space than required generates excess costs; Outdated infrastructure reduces flexibility to adapt and affects operating costs; and Cumbersome governance and approval process may impact project viability.	Infrastructure includes: Production facility and equipment; IT and telecom infrastructure; Transmission and distribution infrastructure; and Real estate
People & Culture
Change in Leadership	Turnover of members of the Senior Executive Team, key members of the component management team or members of the Board may create uncertainty for CBC/Radio-Canada staff and the stakeholders regarding expectations and vision and may affect the Corporation's competitive position and reputation and impact operations.
Succession Planning	Ability to plan for the succession of key employees and managers may impact operations.
Engagement	Ability to attract, retain, develop and engage qualified employees to achieve long-term goals.
Change Readiness	Ineffective change management and the failure to successfully integrate operations under revised structures could adversely affect our business and our ability to achieve our strategic objectives.
Health & Safety/Wellness	Inadequate controls could endanger the health and safety of individuals, the natural environment and our reputation.
Diversity	Failure to improve the demographic representation (diversity) of the workforce may influence the Corporation’s ability to maintain or improve the Corporation’s relevance.
Financial Sustainability
Self-Generated Revenue	Volatility in revenues will affect the ability to balance budgets and achieve strategic objectives.	Impacts of Regulatory decisions such as Let’s Talk TV (skinny basic, pick and pay) Increased global competition from well-capitalized players providing content (Google, Apple, Amazon, Netflix, Facebook) and BDUs Change in consumption patterns (cord-cutting, cord-shaving, cord-stacking, cord-nevers, cordless-contemplators, over-the-top programming) Shift in advertising vehicles from conventional broadcasting to digital and mobile Economic upturn/downturn Ongoing industry fragmentation Ad blocking technologies
Financial Markets/Economy	Movements in interest rates may affect the returns on the Corporation's investments and its capacity to re-invest the returns into programming activities. Movements in interest rates may impact the pension plan’s funding and solvency position and the Corporation's capacity to contain costs. Movements in foreign exchange rates may affect payments denominated in foreign currencies as well as the Corporation's capacity to contain costs. Inflation impacts the Corporation's operating and capital expenses.	Lower Canadian dollar against the United States dollar will increase the costs of US operations/bureaus, commitments in US currency and/or the cost of purchases contracted in USD. The Corporation must fund pension plan’s funding and solvency deficits.
Financial Reporting	Failure to ensure accuracy of financial reporting (fairly present the financial position of the Corporation, the results of its operations and its cash flows) may negatively affect the Corporation's reputation or may result in criminal liability to the Corporation.	Adequacy of adjustments to or disclosures in the financial statements Existence and adequacy of internal controls on financial reporting.
Budgeting & Planning	Ability to adequately plan for the range of potential changes to our funding model (contingency planning) could impact the delivery, scope or timing of our strategic objectives and/or result in further cost reductions. Ability to allocate scarce resources to meet strategic objectives and manage financial pressures.	Change in advertising revenue beyond that planned for, Change in production costs to cover special events, change in government funding, etc.
Fraud	Fraudulent activities perpetrated by management or employees against the Corporation may expose the Corporation to financial loss or impair its reputation.	Misappropriation of assets
Government Funding	The government or any future government may affect operational and capital funding levels impacting its ability to create programming and maintain current service levels to Canadians.	Government debt reduction agenda Commitment to public broadcasting and cultural institutions

Schedule 3 – CBC/Radio-Canada Risk Assessment Definitions - Impact Descriptors

		People	Financial	Operational	Reputation	Regulatory
5	Severe	Multiple deaths	Revenue or cost impact over $50 million	Significant asset loss with extreme consequences Total service cessation for a day or more Game-changing loss of market share	Severe impact on the Corporation's reputation Example: Sustained negative perception or loss of stakeholder support;	Regulatory or legal implications of material importance. Example: Significant prosecution and fines, litigation including class actions, incarceration of leadership
4	Major	Single death and/or multiple injuries	Revenue or cost impact of $25 to $50 million	Loss of asset(s) with high consequences; Total service cessation for a number of hours Significant loss of market share	Major impact on the Corporation's reputation. Example: long-term negative media coverage	Regulatory or legal implications of major importance. Example: Report to regulator requiring major project for corrective action
3	Moderate	Individual injury	Revenue or cost impact of $10 to $25 million	Loss of asset(s) with medium consequences Partial service cessation Moderate loss of market share	Moderate impact on the Corporation's reputation. Example: short-term negative media coverage	Regulatory or legal implications of moderate importance. Example: Report of breach to regulator with immediate correction to be implemented
2	Minor	First aid	Revenue or cost impact of $5 to $10 million	Loss of asset(s) with minimal consequences; Minor service interruption Minor loss of market share	Minor impact to the Corporation's reputation Example: Local reputational damage	Regulatory or legal implications of minor importance. Example: Reportable incident to regulator, no follow up
1	Insignificant	No injuries	Revenue or cost impact up to $5 million	Insignificant loss of asset(s)	Insignificant impact on the Corporation's reputation Example: Local media attention quickly remedied	Regulatory or legal implications of insignificant importance.

Likelihood Descriptors

		Description	Example - Probability
5	Almost Certain	The event is expected to occur in most circumstances.	90% or greater chance of occurrence
4	Likely	The event will probably occur in most circumstances.	65% up to 90% chance of occurrence
3	Possible	The event should occur at some time.	35% up to 65% chance of occurrence
2	Unlikely	The event could occur at some time.	10% up to 35% chance of occurrence
1	Rare	The event may occur only in exceptional circumstances.	Less than 10% chance of occurrence

CBC / Radio-Canada

Policy 2.3.32: Risk Management

Effective date: February 23, 2012
Responsibility: Executive Vice-President and Chief Financial Officer