December 14 2023 –
Today, Vancouver’s Auditor General Mike Macdonell released a report on his audit of enterprise risk management (ERM) at the Vancouver Police Department.
The audit examined the Vancouver Police Board’s (Board) governance of ERM and the Vancouver Police Department’s (Department) approach to ERM.
ERM refers to the coordinated, ongoing application of management processes for risks that could affect the ability to achieve an organization’s mission. It is different than the management of operational day-to-day risks carried out to keep officers and the public safe, which was not the focus of this audit.
The audit determined that the Department had a range of management and operational processes, roles and expertise that could be the building blocks for effective enterprise-wide risk management, however overall, an effective ERM framework was not in place. An effective ERM framework would include documented policies, procedures, defined roles and tools such as a risk register, complete with mitigation strategies and assessment of residual risks. ERM is an important tool not just for effectively managing risk, but also in supporting the Department’s accountability to the Board and in facilitating the Board’s oversight role.
The report contains nine recommendations directed at both the Board and the Department. The Board and Department have accepted all of the Auditor General’s recommendations and have provided action plans in response.
Quotes
Faye Wightman, Vice-Chair Vancouver Police Board
“The Vancouver Police Board appreciates the Auditor General’s objective assessment and the guidance his report offers us to improve what is a key governance responsibility. We accept all the recommendations for the Board and have begun taking steps to implement actions that will ensure the same level of excellence the VPD brings to managing the day-to-day operational risks of policing to how we manage enterprise risks.”
Mike Macdonell, Auditor General
“We found that the Vancouver Police Department had placed considerable focus on operational risk management, but largely lacked the structured and documented system of risk identification, assessment, prioritization, mitigation, communication, and evaluation associated with effective ERM. Potential benefits of implementing a comprehensive ERM system include improved decision making, enhanced consistency and awareness of risks across an organization, increased efficiency, and improved accountability and transparency with governance bodies,” Macdonell said.
Macdonell concluded, “I am very pleased that the Board and Department have collectively accepted all nine of my recommendations and look forward to seeing their respective actions plans brought to life in the coming months.”