To address effectively the risks faced by the organization, CAS has an integrated risk management process through which corporate risk profiles are developed and used to update its Enterprise Risk Management Framework for the fiscal year. This process is applied consistently throughout CAS and engages the most senior levels of the organization—the Chief Justices of the Courts, the Departmental Audit Committee, the Executive Committee, and the Senior Management Committee—in the identification and evaluation of the most pertinent risks for the organization, and the determination of appropriate response strategies to manage these risks effectively. Assigned risk owners are responsible for monitoring risks and the effectiveness of mitigation strategies, and presenting quarterly reports to the Executive Committee.
There is a risk that the funding model for the Courts could compromise access to justice and impact judicial independence.
This risk was driven by a number of factors in 2019–20 including the scope and complexity of the federal courts system; the increasing workloads faced by the Courts; technological advancements; public demands for online services; the non-discretionary work associated with the escalation in the number of multi-day hearings; the yearly increases in the number of documents received by the Courts; and increases in the number of self-represented litigants.
As part of its response to this risk, CAS was able to secure funding for priority initiatives necessary for the Courts’ long-term sustainability. This included funding for the translation of court decisions, the relocation of the federal courthouse in Montréal, and for the procurement, implementation and ongoing operation of a modern CRMS. Also, CAS in consultation with the four Chief Justices of the Courts have endorsed a proposed funding model for the Courts that would support the minimum requirements of judicial independence while respecting the statutory provisions relative to federal appropriations. CAS will continue to engage central agencies concerning an appropriate funding model for the Courts.
The mitigation strategies adopted successfully kept the likelihood and impact of this risk stable at the end of 2019–20.
There is a risk that system applications and infrastructure will be unable to respond to the evolving requirements of the Courts, litigants and CAS, impacting service delivery efficiency and access to justice.
Ongoing inefficiency of legacy systems to meet current needs, a growing public demand for digital service, and susceptibility to system failure and potential of IT security incidents continued to drive this risk during the 2019–20 fiscal year. While CAS was able to secure funding for a new CRMS, and made progress with the definition phase of that project, in light of the continued risks associated with current systems, it was determined the likelihood and impact of this risk were increasing at the end of 2019–20.
There is a risk that a lack of adequate resources could negatively impact change management, succession planning, resource capacity, work culture and environment and wellness and productivity of employees.
The requirement for succession planning, insufficient staff capacity, high staff turnover, workload pressures, and the need to improve work culture and provide a safe and healthy work environment for employees were all factors that drove this risk in 2019–20.
Several mitigation strategies were implemented during the fiscal year to address this risk. This included measures to ensure the long-term sustainability of CAS’s workforce by developing an HR strategic plan; launching My CAS Career and Express Staffing; and continued progress on the succession planning strategy and work description review. Training improvements were made including assigning dedicated resources to oversee the strategic review of operational training, and prescribing additional mandatory training for employees. To improve workplace wellness a Triennial Strategic Plan for a Respectful Workplace was approved. In addition, to build resilience within the organization, change management training was provided to the management cadre and employees.
The mitigation strategies adopted were successful in decreasing the likelihood and impact of this risk by the end of 2019–20.
There is a risk of loss, damage or inability to access records of business value or historical jurisprudence which may in turn, impact decision-making.
Several factors drove this risk during the past fiscal year. These included the absence of backup for paper court records; a lack of resources to safeguard original document in an alternative format; the potential impact of the loss of information of business value; the precedent-setting nature and historical importance of information held by CAS; and repeated public demands for electronic services and the corresponding need to share information electronically.
This risk was mitigated through the continued rollout and onboarding of staff to the corporate document management system to allow for better storage, management and access to corporate documents; and conducting thorough business analysis to assess the feasibility of implementing a digitization system for better management and preservation of the Courts’ paper records.
The mitigation strategies adopted were successful in decreasing the likelihood and impact of this risk by the end of 2019–20.
There is a risk that the security of information and IT infrastructure could be compromised.
CAS’s IT security risk was driven in 2019–20 by several factors including the increase in the number of files that are sensitive; the ongoing need for enabling infrastructure and tools to support security, confidentiality, integrity and privacy of information; the need to protect the safety and security of the critical IT infrastructure of the Courts and CAS; repeated calls for e-service in doing business with the Courts; results of various assessments of CAS’s network, architecture and computing environment conducted over the past few years; and the emergence of new technology (including Artificial Intelligence and quantum computing).
To mitigate this risk, CAS continued to implement a number of projects and activities that improve the organization’s security posture vis-à-vis the CSE Top 10 IT Security Actions.
The mitigation strategies adopted were successful in decreasing the likelihood and impact of this risk by the end of 2019–20.
There is a risk that the physical security of the members of Courts, court users, employees and facilities could be compromised.
The evolving security requirements and the results of a number of threat analyses continued to drive this risk in 2019–20.
A variety of mitigation strategies were implemented over the course of 2019–20 to respond to this risk. These included completing the national TRA of the federal courts system; continuous evolution and adjustment of the security posture in accordance with security risks identified; finalizing operational contingency plans to complement CAS’s BCP; and maintaining solid partnerships that strategically position the organization within various high-level committees that enhance security-related initiatives.
The mitigation strategies adopted were successful in decreasing the likelihood and impact of this risk by the end of 2019–20.