Enterprise Risk

Management User Guide

Approved 2017

The Saskatchewan School Boards Association (SSBA), League of Educational Administrators, Directors
and Superintendents of Saskatchewan (LEADS) and Saskatchewan Association of School Business
Officials (SASBO) organizations have jointly developed the Enterprise Risk Management Framework
as a common ERM system for use in all school divisions across the province. This user guide will
lead the Board and it’s employees through the steps required to adopt, implement and monitor an
Enterprise Risk Management system within their division.
Table of Contents
PURPOSE .................................................................................................................... 2

BACKGROUND ............................................................................................................ 2

DEFINITIONS............................................................................................................... 3

ROLES AND RESPONSIBILITIES ................................................................................... 5

DEVELOPING AN ENTERPRISE RISK MANAGEMENT FRAMEWORK ........................... 8

STEP 1: Board Enterprise Risk Management Policy Development ............................ 8

STEP 2: Risk Identification .......................................................................................... 9

STEP 3: Risk Assessment .......................................................................................... 11

STEP 4: Risk Mitigation / Management ................................................................... 15

STEP 5: Risk Monitoring ........................................................................................... 17

STEP 6: Risk Reporting ............................................................................................. 18

1 |Page
PURPOSE
The purpose of the Enterprise Risk Management (ERM) administrative procedure is to
establish ERM roles and responsibilities as well as the strategy of the school division to
manage its risks. The division will identify and manage its enterprise risks in support of its
vision, values, guiding principles, goals and strategic plan. The division cannot seek to
eliminate risk; rather, it will support that existing and emerging risks are identified,
communicated, and effectively managed.

BACKGROUND
The school division is committed to ensuring that risk management practices are embedded
into key processes and operations to drive consistent, effective and accountable actions,
and decision making in management practice and Board governance. The school division’s
ERM framework is consistent with the practices suggested by generally accepted global ERM
standards frameworks, and has at this time adopted a common framework endorsed by the
SSBA, LEADS and SASBO.

ERM is designed to identify potential events/risks that may significantly affect the division’s
ability to achieve its vision, values, guiding principles, goals, and strategic plan. Through the
ERM process, identified risks are assessed based on likelihood and impact. Management
processes and controls are used to provide reasonable assurance that significant risks are
sufficiently mitigated to support the achievement of the division’s objectives.

ERM assists to assess the division’s appetite for risk (risk tolerance) and identifies gaps
where identified risks are either over or under mitigated. This leads to identification of
opportunities and strategies to either close gaps where residual risk is higher than risk
appetite or to reallocate resources from areas where residual risk is lower than risk appetite.

The end product of ERM includes a ranked risk register used in developing the annual
strategic plan and budget. ERM is an ongoing process with administrative procedure and
outcomes revisited and reported at least annually.

2 |Page
DEFINITIONS
The following definitions will apply for the purpose of this administrative procedure:

Enterprise Risk Management (ERM): ERM is an integrated enterprise‐wide process

established over time which links the management of risk to strategic objectives in order to
improve organization performance. It creates a formal process for managing the myriad of
risks an organization faces. While ERM is not the same as a risk assessment, the
assessment of risk is an integral part of an ERM process.

Risk: An internal or external event, activity or situation that impacts the ability of the
division to achieve its vision, mission, outcomes and goals.

Enterprise‐wide Risks: For identification purposes, risks may occur in any one of the
following categories: environment, facilities, financial, governance, government relations,
human resources, information technology & support areas, managerial effort / capacity,
operations, reputation, strategy & vision and student outcomes. Risks rated as high using
division tolerance levels will be deemed enterprise‐wide risks.

Financial Risk: The ability for the division to achieve its financial objectives.

Reputational Risk: Real or perceived event that has the ability to impact the public
confidence in the division.

Inherent Risk: The possibility that risks will prevent an organization from achieving its
objectives before the consideration of processes and controls are in place to manage or
mitigate the risks.

Impact: Significance of a particular risk to the entity. The significance of a particular risk
can range from insignificant to severe/catastrophic. Magnitude of impact is determined
with respect to an organization’s risk appetite, risk capacity, and organizational objectives.

Likelihood (of Occurrence): Probability that a particular risk will occur. These probabilities
range from rare to almost certain.

Manage: To control or take charge of a risk in order to avoid or minimize its adverse impact
on the division and to maximize its opportunity.

Mitigate: To lessen or minimize the adverse impact of a risk through specific management
processes or internal control activities.

Optimize: To balance potential risks versus potential opportunities within the division’s
stated willingness or appetite and capacity to accept risk. This may require an organization
to increase or decrease the amount of risk relative to the potential opportunity.

3 |Page
Residual Risk: Risk remaining after considering the effectiveness of management responses
optimize(i.e., processes and controls used to manage or mitigate the risks).

Risk Identification: The process of identifying and understanding potential risks to the
division.

Risk Management: The process of identifying, evaluating, selecting and implementing an

action plan to avoid or mitigate threats and to leverage and maximize, where possible, risk
opportunity.

Risk Monitoring: The process of reviewing and evaluating the effectiveness of the action
plan implemented through the risk management process and identifying opportunities to
minimize future reoccurrence of similar risk.

Risk Opportunity: The return which may be realized if risk is assumed but managed in a
manner that maximizes its potential benefit.

Risk Appetite: Level of risk an organization is prepared to accept to achieve its goals and
objectives (i.e., the level of tolerance for risk in a company).

Risk Owner/Leader: An individual that has been given the authority to manage a particular
risk and is accountable for doing so.

Management Effort: The use of resources and implementation of processes to support the
division achieving its strategic objectives.

4 |Page
ROLES AND RESPONSIBILITIES
The following defines roles, accountabilities and responsibilities for: Identifying and
evaluating key risks; Documenting and managing the response to key risks; Facilitating
appropriate risk/reward decisions at all levels of management; Communicating risks, and
management’s responses and priorities to all relevant staff; and for Governance of risk
management at the division.

Board of Trustees
The Board has ultimate responsibility for risk in the school division and therefore, the Board
should provide governance oversight of the division’s ERM program. This responsibility is
demonstrated through review of at least the following items:

❖ The division’s ERM framework (initially with updates as required).

❖ Management’s risk appetite/tolerance levels, if formally developed (annually).
❖ Management’s risk register and risk assessment results for the division’s top
enterprise‐wide risks (annually).

The Board must determine how involved it is going to be in the various ERM activities
outlined in this guide. This decision may weigh many factors including human resource
capacity within the division, and then general degree of Board involvement in other division
activities. The Board may be very involved in some or all of these activities.

The Board may also delegate certain oversight responsibilities of the ERM program to their
own Audit and Risk Committee, or may choose to provide oversight as a “committee of the
whole”.

The SSBA Governance Handbook, found at [Link]

includes the Chapter: What Board Members Need to Know about Governance and Risk
which in turn includes the section entitled “Key Questions the Board Should Ask About
Governance and Risk”.

Audit and Risk Committee

The Audit and Risk Committee (as a subcommittee of the Board) may have certain delegated
responsibilities for oversight of the ERM program from the Board. The Audit and Risk
Committee is responsible for reviewing, and presenting to the Board as required, the
following:

❖ Changes to the division’s ERM framework.

❖ Changes to management’s risk appetite/tolerance levels, if formally developed.
❖ Management’s risk register and risk assessment results for the division’s top
enterprise‐wide risks.
❖ Action plans to address risk mitigations and opportunities identified as high priority.

5 |Page
Director of Education
The Director is accountable to the Audit and Risk Committee and Board of Trustees with
respect to ERM, and is responsible for ensuring the ERM framework approved by the Board
is implemented and operational through:

❖ Championing risk management within the division to ensure the division remains
focused on risk management.
❖ Integration of ERM into the strategic, business and operational planning and
decision-making.
❖ Ensuring effective risk identification, risk assessment, risk management and risk
monitoring processes within the division.
❖ Consulting, as required, with the division’s employees or external consultants to
effectively manage all aspects of risk.
❖ Providing ERM status updates (either directly or via a designate) at every Audit and
Risk Committee, and at least once per year to the Board of Trustees, on risk
management activities, as well as if any significant risk changes or issues arise.

Budget and Audit Manager (CFO)

The Budget and Audit Manager is accountable to the Director of Education and is
responsible to managing the implementation and maintenance of the ERM administrative
procedure and framework by:

❖ Developing, monitoring and revising the ERM administrative procedure.

❖ Coordinating the risk identification, risk assessment, risk management and risk
monitoring processes.
❖ Preparing status updates at least once per year to the Director of Education on risk
management activities, as well as if any significant risk changes or issues arise.

Executive and Administrative Councils

The Senior Administration team is accountable to the Director of Education and is
responsible for:

❖ Active participation in the risk assessment process, including promoting the division’s
ERM Administrative Procedure and Framework as well as expectations for the
management of risk.
❖ The formal identification of risks that impact the division’s strategic goals and
objectives.
❖ Assisting to rank risks, based on the division’s impact and likelihood criteria.
❖ Monitoring progress in managing risks and implementing improvement
opportunities.
❖ Reporting at Executive or Administrative Council meetings on the status of risk items
delegated to specific risk owners.

6 |Page
 ❖ Communicating the expectations of staff impacted by the identified ERM risks.
❖ Communicating ERM results to all staff.

7 |Page
DEVELOPING AN ENTERPRISE RISK MANAGEMENT FRAMEWORK

STEP 1: Board Enterprise Risk Management Policy Development

The first step is for the Board to decide to adopt an ERM Framework as a method to
communicate about Risk, between the Board and the Director of Education of the school
division.

Below, find a sample Board Policy establishing an ERM Framework, and some subsequent
decisions that have to be made.

ERM Policy / Board Policy: Here is a Sample Board Policy that contains language to support
the ERM role of the Board. This can be quite simple in nature, as it simply signals that the
Board will use a strategic method to manage risk.

Once a commitment to the Strategic Plan piece – the “what” – has been made, the
“Enterprise Risk Management” section delivers the “how”.

Sample:

Policy 1 – ROLE OF THE BOARD

As the corporate body elected by the voters and the ratepayers that support the school division, the Board of
Education is responsible for the development of strategic directions, goals and policies to guide the provision
of educational services rendered within the division, in keeping with the requirements of provincial legislation
and the values of the electorate.

Specific areas of responsibility are:

Strategic Plan

Provide overall direction for the school division by establishing purpose, vision, principles and belief
statements, and goals.

Annually set priorities and outcomes.

Approve annual report for distribution to the public.

Annually approve budget (driven by the Strategic Plan).

Annually evaluate the effectiveness of the school division in achievement of student learning.

Monitor progress toward the achievement of outcomes.

Provide governance oversight of the Enterprise Risk Management program.

Enterprise Risk Management

Ranking of risks to the school division

Establish processes to mitigate risk to the school division

Conduct annual review of risks and the actions taken to address those risks

8 |Page
STEP 2: Risk Identification

Once you have established an ERM Policy and have formally adopted the ERM framework,
the next step is to conduct a Risk Identification exercise focussing on your school division.

The outcome of this step is to identify any and all risks that threaten the achievement of the
Board’s strategic goals.

The Risk Identification stage is a dialogue that initially begins within the Board itself and/or
within the Senior Administration team itself using a risk category list, such as the one on the
next page.

Risks identified by the Board only or by the Administration only are likely to be skewed to
one perspective or the other, so a more rounded view will be achieved through the two
groups coming together at some point to identify a common list.

The size of the school division may have an impact on how this process is conducted, so it
will be a task for your Board to determine the best option in your environment.

The Board may be heavily involved in risk identification in all categories, or may focus only
on certain categories – like governance or finance for example – and then rely on the
Administration team to identify risks in other areas that would impact their ability to achieve
the strategic goals set by the Board.

This flexibility in process demonstrates how easy it is to adapt the ERM Framework to any
size of school division.

For at least the initial identification process, it could be very valuable to engage a group
facilitator.

When identifying risks, your school division should consider:

❖ Current and future expected risks.

❖ Risks associated with recent internal changes in the business.
❖ Risks associated with external change in the business or political environment.
❖ The root causes for the risks (i.e., the source of the risk: why, how, and where the
risks originates, either outside the organization or within its processes or activities) in
order to achieve a more rigorous risk assessment and to better position the school
division to manage the risks.

9 |Page
Using the risk categories below as a guide, the identification process can work down to
highlight the unique circumstances of your school division. This list is not exhaustive.

❖ Environment Health and Safety

❖ Facilities
❖ Financial (ex: government funding formula and the ability for the division to
achieve its financial objectives)
❖ Human Resources
❖ Information Technology & Support Areas
❖ Governance (ex: Board Authority)
❖ Government Relations
❖ Managerial Effort / Capacity (ex: Human Resources Teacher’s ability to teach all
students)
❖ Operations
❖ Reputational (ex: protecting privacy and cyber security)
❖ Strategy & Vision
❖ Student Outcomes

After the initial identification process, best practice seems to be to continue with the
identification cycle on an on-going basis (at least annually) and on an ad-hoc basis as
required for significant changes or new processes, programs and initiatives.

The cycle identifies key risks on a functional or strategic basis which are then integrated to
derive key enterprise-wide risks.

You will find the best risk identification practice for your Board as you work the process, but
ensure that a review of the risk list is on the Board’s agenda at least once per year.

An Appendix at the end of this user guide contains specific examples of Education sector
specific risk categories to be used as a starting point in your risk identification process.

10 | P a g e
STEP 3: Risk Assessment
The Risk Assessment step identifies the significance of those risks that might affect the
achievement of the school division’s objectives.

Risk assessment considers both the likelihood that an identified risk will occur and the
impact that risk would have, if it did occur, on the achievement of the division’s objectives.

This step can be completed by the Board and/or the Senior Administration team through
some form of voting system, such as weighted voting.

The key result is that the risks identified are all placed on the heat map using an agreed
upon system. The “hotter” the placement of the risks, the more immediacy is attached to
the risk.

Likelihood:

First, assign a “likelihood” of happening to each of the identified risks by estimating the
probability of the risk occurring during the planning horizon:

Rare Unlikely Moderate Likely Almost Certain

Has occurred
Extremely Has happened Periodic Extremely
previously and
rare: less than occasionally: occurrence is likely to occur:
could reasonably
once every 10 once in 5-10 possible: once multiple times
occur again: once
years at school years at school in 3 years at per year at
in 1-2 years at
division division school division school division
school division

Impact:

The impact of the identified risk is assessed by estimating how the impact would be
characterized if the risk occurred:

Insignificant - The consequences are dealt with by routine day-to-day operations.

Minor - The consequences would threaten the efficiency or effectiveness of some aspects of
the school division, but would be dealt with internally.

Moderate - The consequences would not threaten school division, but the administration of
the school division’s strategy would be subject to significant review or changed ways of
operating.

11 | P a g e
 Major – The consequences would threaten the survival of the school division in its current
form or the continued effective function of a strategic area, or would require the
intervention by the Director of Education or the Board.

Catastrophic – The consequences would likely result in significant organizational or

structural changes at the school division, or would likely cause major problems for the
school division’s stakeholders or the Ministry of Education.

The impact of identified risks is to be assessed by considering the following criteria, all of
which would be rewritten to reflect your particular school division.

Impact
Factors
Insignificant Minor Moderate Major Catastrophic
Impact
Categories
Financial impact
Financial impact Financial impact
Financial impact of event exceeds Financial impact
of event exceeds of event exceeds
Financial of event is less $2.5M, but is less of event exceeds
$100K, but is less $500K, but is less
than $100,000 than $15M $25M
than $500K than $2.5M

Long term
Short term negative media
One negative Negative articles Stakeholders lose
negative media focus and
article in more than one faith in
Reputational focus and sustained
in one publication management or
concerns raised concerns
publication Trustees
by stakeholders raised by
stakeholders
Impact can be Some Can be managed Potential
With significant
absorbed management under normal to lead to the
Managerial Effort / management
through normal effort is required circumstances collapse of the
Capacity effort can be
activity to manage the with moderate organization
endured
impact effort
School division’s
Routine In-depth Concerns raised Ministry loses
Government ability to deliver
ministerial ministerial by Ministry of faith in the
Relations on mandate is
inquiries inquiries Education organization
questioned
Jail term of any
Civil action Criminal action Criminal lawsuit length for a
Legal action commenced / threatened / commenced / Trustee / Director
Legal
threatened small fine moderate fine significant fine multiple
assessed assessed assessed significant fines
assessed
Immaterial Student Parent’s Overall student Inability to
impact on achievement complain about competency satisfactorily
Student Outcomes
student metrics begin to student levels are below deliver curriculum
achievement show a decline achievement standards or key programs

12 | P a g e
 Heat Mapping:

Each risk is mapped according to its likelihood of occurring and the impact of it occurring:

Heat Map

5
5 10 15 20 25
Almost Certain

4
4 8 12 16 20
Likely

3
3 6 9 12 15
Moderate

2
2 2 6 8 10
Unlikely

1
1 2 3 4 5
Rare

Likelihood
1 2 3 4 5
Insignificant Minor Moderate Major Catastrophic
Impact

For example: a “snow day” is an event that is almost certain to happen (5), but has an
insignificant impact (1) on achieving the Board’s strategic goals and so would be rated as a 5
X 1 = 5 , or yellow level risk.

The value of this process is that each Board will use the map in the same way, but may
assign different values to the same risk. Consider forest fire risk. One Board is “almost
certain” to be impacted by a Forest Fire in the next year, and the impact it would have on
student attendance could be “moderate” depending on the time of year and the duration of
an evacuation event. This risk would be assessed as a 5 x 3 or “15” and is within the
orange section. Your Board would want to ensure that there are some risk mitigation plans
in place to manage the attendance issue arising from forest fires. For most Boards in the
province, forest fire risk is not significant.

An example of a human resources risk is that the teachers in your school division may not be
prepared or able to teach the diverse members of the student body and also achieve good
educational outcomes for all students (FNIM, EAL, special needs). The Board may assess

13 | P a g e
the likelihood of this as “unlikely” due to the quality of your hiring practices, but if it did
occur, the impact could be “major”, resulting in a Risk Score of “8”, or yellow level risk.

Each identified risk will be assessed using this heat map. The outcome of the risk
assessment will clearly show which risks need the most attention. Your risk assessment
process can be conducted in three ways:

❖ collaboratively between the Senior Administration team and the Board, or

❖ in parallel, with each group conducting separate assessments and then comparing
outputs, or
❖ solely through the Senior Administration team to assess the risks and report the
outputs to the Board.

Regardless of how your Board arrives at the ranked risk listing or risk register, there now is a
list to focus on in terms of Risk Mitigation / Management.

14 | P a g e
STEP 4: Risk Mitigation / Management
One of the Board’s roles in the ERM process is to set the risk tolerance for the school
division. The Board should review the following guidance chart to ensure it properly
captures the level of risk appetite so as to guide the Senior Administration team in
developing appropriate risk responses.

After plotting risks on the Heat Map in the previous step, the Administration team can now
establish an appropriate “response option” for each, in order to optimize risk management.

The Guidance chart below shows how the four risk responses correlate to the Heat Map:

Guidance on Risk Mitigation / Management

Risk Rating Action Required

Mitigate, transfer or avoid.

Extreme
Immediate attention required.
(16-25)
Action plan developed by risk owner

Mitigate or transfer.
High
(10-15) Action plan for mitigation or transfer developed by risk
owner/leader.

Moderate Accept or mitigate.

(5-9) Action plan for mitigation developed by risk owner/leader.

Low Accept and monitor.

(1-4) No further action required.

Accept – school division accepts, manages and monitors the level of risk and takes no action
to reduce the risk (e.g. cost of mitigation is greater than the benefit).

Mitigate – school division accepts some risk by implementing control processes to manage
the risk within established tolerances.

Transfer – school division transfers the risk to a third party (e.g. obtaining insurance).

Avoid – school division feels the risk is unacceptable and will specifically avoid the risk (e.g.
cease the activity).

15 | P a g e
The Board’s ongoing role in this section is to monitor activity, through receiving reporting, in
order to support the Administration team with budgets and decision making to manage risks
properly, and to advocate within the community and the Ministry for other resources to
manage these identified risks.

The Administration’s role is to develop risk controls, or risk mitigation plans and report on
the implementation and impact of those controls.

Further, these risks should be assigned “Risk Leaders” from amongst the administration
team who take responsibility for specific mitigation activities and the related reporting
functions. Depending on the capacity of the division, there may be a few or many Risk
Leaders.

The Risk Register or Risk Control List

This tool lists and describes all of the top enterprise-wide risks in a register. With the risk
register, the school division should also identify the key risk mitigation processes or controls
that are in place to address the top enterprise-wide risks. This should take the form of a
succinct description of what is actually being done to manage the risk, and should only
include key controls that comprise actions and processes which are demonstrably managed
and clearly relate to the risk in question.

Business Planning Process Integration

The school division will ensure that the top enterprise-wide risks, and corresponding action
plans, mitigating processes and controls, as documented in the risk registry are formally
discussed and considered during the development of school division’s strategic, business
and operational plans.

16 | P a g e
STEP 5: Risk Monitoring
ERM requires periodic monitoring and updating of the school division’s risk profile to
identify and react to changes in key risks affecting the organization on a timely basis.

Such a monitoring process also helps ensure that risks are being analyzed to identify
patterns and accumulations of risk, and help ensure that enterprise-wide responses are
effectively planned and implemented where necessary.

Your school division should engage in a high-level review of the risk register once per year
(approximately six months after the last annual risk assessment) to identify whether new
key risks have emerged or changes in existing key risks (in terms of likelihood or impact) or
in the mitigation processes have arisen since the last annual risk assessment.

In general, the ERM oversight function provided by the Board can be achieved in one of two
ways, depending on the will of your Board. Both practices are common, and regardless of
which method is used, it is important that all members of the Board review the reports at
some time:

❖ A subcommittee of the board that monitors ERM activity and reports to the Board.
The subcommittee receives reports from the Senior Administration as part of a
regular and ongoing monitoring process, and in turn reports to the whole Board; or

❖ A “Committee of the Whole” that conducts the monitoring activity and directly
receives reports from Senior Administration or Risk Leaders.

17 | P a g e
STEP 6: Risk Reporting

The Board’s main function is to provide oversight for the school division, and so one of the
most important aspects of ERM is in the formal or annual reporting process. Completion of
the reporting cycle demonstrates that the Board has engaged the school division in the ERM
process.

Internal reporting

At a minimum, upon the completion of the annual risk assessment process, as noted in the
Roles and Responsibilities for ERM section above, the following is reported to the Board of
Trustees:

❖ Prioritized risk register displaying the top organization-wide risks;

❖ The corresponding key risk mitigation processes or controls; and
❖ Any strategies that were developed to address key risks that were determined to be
insufficiently mitigated.

Status Reporting:

At least once per year, the school division will engage in high-level reviews of the risk
register. The following is reported to the Board:

❖ That the review has been undertaken;

❖ Any new risks that have been identified, including ranking the new risk based on the
likelihood and impact heat map; and
❖ Significant changes in existing key risks or mitigations processes.

External Reporting

Any discussions of risk that occur within externally facing reports, such as the Annual Report
or Strategic Plan, should be consistent with the annual risk assessment results. That is, the
identification of risks for external disclosure purposes should not be a completely separate
process from the regular risk management process with different key risks being identified
in external reporting.

18 | P a g e
 APPENDIX A – RISK EXAMPLES

Category Short Title Risk Description

1 Financial Government There is a risk that the government's education funding

funding formula formula does not provide a predictable, stable funding
level, and may not appropriately reflect the school division's
needs based upon its diverse makeup of students compared
to other school divisions.

2 Human Teachers ability to There is a risk that teachers may not be prepared or able to
Resources teach all students teach the diverse members of the student body and also
achieve good educational outcomes for all students (FNIM,
EAL, special needs).

3 Operations Supporting FNIM There is a risk the school division may not have sufficient
students tools and resources to support FNIM (First Nations, Inuit
and Metis) students to achieve desired educational
outcomes.

4 Operations Delivery of The current growth and change in makeup of student

Quality Education population (diversity; EAL; French immersion; special
needs) results in a variety of risks to the delivery of quality
education to all students (facility capacity, busing, class size,
front-line staff equipped to teach diverse students, parent
and society expectations, etc.).

5 Governance Board authority There is a risk that the Board remains responsible for
operations and educational outcomes, but has lost
significant information and autonomy to act given that
much decision making authority has transferred to the
provincial and municipal governments (e.g., funding model;
setting mill rates; Ministry strategic plan; setting school
calendar and total hours of instruction).

6 Reputation Ethical breaches There is a risk that ethical breeches by teacher or other
by teachers front-line staff will result in reputation damage, possible
legal or financial penalties, or parents switching students to
other school divisions.

7 Facilities Facility There is a risk the school division may not have the
maintenance operational resources (funding or staff) to adequately
capacity maintain all of its schools in the future, resulting in further
facility degradation, a sub-optimal teaching environment,
and higher capital costs over the long-term for major
repairs and replacements.

19 | P a g e
8 Operations Child safety risk There is a risk that incidents regarding the safety of
children, including violence and threats, within care takes
significant resources to prevent and manage, and could
result in reputational damage, financial costs or legal
action. (For example, prekindergarten transportation)

9 Facilities Quality of There is a risk that space constraints in, and overall facility
facilities quality of, schools may result in a lower quality of education
delivered to students (i.e., many schools over-capacity;
teaching is occurring in spaces not intended for
classrooms).

10 Human Front line There is a risk the school division will not be able to hire a
Resources succession sufficient number of high-quality administrators (i.e.,
planning Principals and Vice-principals), teachers, education
assistants and other front-line staff as long-tenured staff
retire.

11 Operations Performance There is a risk the school division may not have effective
management - and robust processes or tools to measure student outcomes
student outcomes (from students, parents and staff) in order to keep
improving good practices and cease ineffective practices.

12 Reputation Privacy and cyber There is a risk the school division may be the subject of a
security cyber security breech or internal leak resulting in the loss of
private or confidential information, resulting in reputational
damage, loss of credibility and possible legal action.

13 Operations Demonstrating There is a risk the school division may not appropriately
educational understand the outcomes required to achieve the
performance curriculum and demonstrate that it is truly being taught in
order to achieve its educational goals and pass ministry
assessments.

14 Support Areas Continuity There is a risk the school division may not be able to
(including IT & planning provide appropriate educational continuity or emergency
Admin) response to manage plausible events (hazards;
catastrophes; pandemics) while managing the cost of
continuity planning.

15 Facilities School closures There is a risk that if the school division had to close all or a
for safety reasons significant portion of one of more schools for safety or
structural reasons, there would be significant challenges
getting students to, and accommodating them at, other
facilities.

20 | P a g e