Day One: Tuesday, February 1, 2022
10:30 EST
15 minWelcome and Opening Remarks from the Chair
10:45 EST
60 minZero Trust
- Defining Zero Trust
- Why Zero Trust
- Architecture and Concepts of Zero Trust
- Approach to Zero Trust
11:45 EST
60 minCommunicating Risk in the Public Sector
What do we need to consider when communicating risk in the public sector? In this presentation, we’ll talk about risk communication from various aspects, such as the language we use, the sender-receiver model of communication, the context in which we discuss risk, and, of course, the public sector environment. We’ll draw on some previous presentations to highlight successful communication techniques and settings, and finally, we’ll propose some indicators of good risk communication.
12:45 EST
45 minBreak
13:30 EST
60 minThe Great Resignation
We have all heard about “The Great Resignation” and its possible implications on the economy. But what is it? What risks does it hold for you and your organization? This session will examine its impacts and implications, but also provide helpful tools and discussion to assist you both now and in the future.
14:30 EST
60 minStriving for ERM Excellence Using a Risk Maturity Lens - Presentation and Workshop
Anna Maria Campbell, ERM Manager, Ministry of Finance, Government of British Columbia
Jeff Milne, ERM Manager, Ministry of Finance, Government of British Columbia
The Government of British Columbia’s ERM Program has been in place since 2002 and includes formal risk reporting from over 20 provincial ministries who oversee an additional 100+ public sector organizations (PSOs) including crown corporations, public school districts, postsecondary institutions and health care agencies.
Establishing a risk maturity baseline and identifying areas of strength and improvement assist in driving risk management practices within the BC Government and PSOs. From working with clients to develop risk management frameworks, program level risk assessments, to cross government initiatives, integrating the risk conversation into senior decision making is key to an effective risk management program.
In this session, Anna Maria and Jeff will:
- Introduce the risk maturity model used by the Government of British Columbia
- Explore the model’s five pillars of risk management excellence
- Outline strategies to encourage “optimized” risk management performance
- Demonstrate how this model aligns with the ISO 31000 standard
- Facilitate discussion and breakout activities
15:30 EST
60 minRansomware is Rising: Managing Risks with Simulations and Simplicity
- What is Ransomware going to do in 2022?
- Why will it get worse, before it gets better?
- How can Simulations Help?
- What other shockingly simple things the public sector does to manage their risk?
16:30 EST
45 minNavigating Third Party Risk: A Railway Case Study
- Freight rail risk management from 1996 to present
- Passenger rail risks in a high frequency environment
- Deregulation and Regulation as risk environments
17:15 EST
Closing Remarks from the Chair
Day Two: Wednesday, February 2, 2022
10:30 EST
minWelcome and Opening Remarks from the Chair
10:30 EST
60 minBusiness Continuity: It’s about Risk (not Emergency) Management!
Traditionally business continuity has been strongly linked to disaster and emergency management. While there is a case to be made that they have similar origins and shared goals, continuing to view Business Continuity within the emergency management framework tends to lead to an overemphasis on emergency response. By creating a stronger link to enterprise risk management and re-organizing business continuity within the corporate services envelope, the emphasis shifts towards mitigation and planning, which ultimately can create stronger organizational resilience and the achievement of the organization’s mandate.
- Discuss and contemplate the distinction (i.e. differences and similarities) between Business Continuity Management and Disaster Management and why this distinction is important
- Discuss Business Continuity Management as a corporate function and how to integrate risk management practices
- Explore a case study on applying a risk management lens to business continuity
- Consider possible changes to one’s own business continuity program by strengthening the application of risk management
11:30 EST
45 minFrom Seed to Apple Pie: Growing the Risk Management Advantage
Rodrigo Rosales-List, Director, Results, Risks and Resources, Indigenous Services Canada
Panel discussion on maturing the organisation along the risk management maturity model and how this could be a game change for an organization. Session will include a panel of public sector leaders who will share their perspectives and experiences, whilst discussing both challenges and opportunities.
12:15 EST
45 minBreak
13:00 EST
60 minThe Critical Need for Predictive Insider Threat Prevention Programs
- What exactly is an insider threat and why does it matter to you?
- Definition of an insider threat
- Role of dark triad personality traits
- Role of social bonds and life-course theory
- Is your business providing protection against Insider Threats?
- Insider threats in the government of Canada
- Impact of Insider threats in business
- Current reactive approach to insider threat programs
- Defining the critical need for preventative insider threat programs
- How will this be done?
- What are the ethics
- What it might look like
14:00 EST
60 minCanada Revenue Agency’s Approach to Risk Tolerance
Alec Keyes, Enterprise Risk Management Analyst, Canada Revenue Agency
15:00 EST
60 minRisk Management in Cybersecurity
- What is Risk Management
- Definition of terms : Risks, threats, vulnerabilities
- Risk Management in Cybersecurity (relates to CIA triad – confidentiality, Integrity & Availability)
- Approaches to treating Risks related to cybersecurity – Basis . Consideration for costs and likelihood
- A look at the NIST Risk Management Framework as a basis to addressing cybersecurity risks
16:00 EST
60 minBuilding a Risk Aware Culture
Rosemary Rutherford, Senior Risk Manager, Business Integrity, Export Development Canada
- Leadership (Top Down Ethics)
- Foundation (Building a risk management framework)
- Transparency and Communication
- Ongoing monitoring and training (practice, review, make it a habit)
- Support with Technology
17:00 EST
Closing Remarks from the Chair