Audit of NRCan's Emergency Management Activities

Presented to the Departmental Audit Committee (DAC)
April 10, 2019

Table of Contents

• Executive Summary
  • Introduction
  • Strengths
  • Areas for Improvement
  • Internal Audit Conclusion and Opinion
  • Statement of Conformance
  • Acknowledgements
• Introduction
  • Audit Purpose and Objectives
  • Audit Considerations
  • Scope
  • Approach and Methodology
  • Criteria
• Findings and Recommendations
  • Governance and Planning Processes
  • Emergency Management Responsibilities
• APPENDIX A - Audit Criteria

Executive summary

Introduction

Natural Resources Canada (NRCan) has specific accountabilities for contributing to the safety and security of Canadians and the international community during emergency events by providing scientific, technical, and/or policy leadership. Public Safety’s Federal Emergency Response Plan identifies NRCan as a primary department when responding to energy supply disruption emergency events. A primary department is a federal government institution with a mandate related to a key element of an emergency^{Footnote 1}.

In May 2018, NRCan finalized its three-year Strategic Emergency Management Plan (SEMP), whose purpose is to establish an organizational structure and procedures for response to major emergencies. The Department has also developed specific emergency management plans (EMPs) defining departmental roles and responsibilities. For all departmental EMPs besides energy supply disruption, NRCan plays a significant supporting role to other government departments, but does not lead the federal response.

Within NRCan, emergency management is coordinated by the Security and Emergency Management Division (SEMD), within the Corporate Management and Services Sector (CMSS). This includes the secretariat function for two Security, Emergency Management, and Intelligence Committees (SEMIC) governance bodies that are at the Assistant Deputy Minister and Director General levels, respectively.

Although SEMD oversees the coordination of the Department’s overall emergency response, event-specific EMPs are managed by the individual Sector with responsibility for the particular event type. Sectors are required to work together with SEMD to enable a coordinated departmental response, and NRCan works with other departments, such as Public Safety Canada, to contribute to an overall federal response.

The objective of the audit was to assess the adequacy and effectiveness of NRCan’s emergency management activities.

Given the significance of NRCan’s emergency planning activities, this audit was included in the 2018-2021 Risk-Based Audit Plan, approved by the Deputy Minister on April 12, 2018.

Strengths

Since the last EM audit in 2014, the Department has established a new governance structure to support the strategic planning of NRCan’s emergency management activities, and various EM planning and guidance documents. The Department has also developed its own Standard on Emergency Management, a good practice among federal departments, and Sector emergency management plans that detail the procedures and activities to follow in the event of an emergency.

Through live activation of plans during actual emergencies, the Department is able to gather lessons learned to improve its EM processes and procedures. Active participation in government-wide committees and national exercises also increases awareness and preparedness for emergencies.

Areas for improvement

Although governance structures exist, they are not being used to their full potential to effectively support the management of EM activities. There are opportunities to further reinforce the role of the Security, Emergency Management, and Intelligence Committees (SEMIC) to incorporate more strategic discussions, to establish common criteria for developing emergency management plans, and to monitor and report on the Department’s progress on its three-year EM planning cycle.

There is a need for Sectors to clarify their roles and responsibilities, and review and update existing emergency management plans to ensure alignment with the recently endorsed Strategy Emergency Management Plan and new Standard on Emergency Management.

There are opportunities for NRCan to actively train employees on their EM roles and to have regular internal exercises to fully test EM plans.

Internal Audit conclusion and opinion

In my opinion, while significant work has been completed in implementing processes for the management of EM activities, there are several opportunities to improve the adequacy and effectiveness of these processes. The increasing frequency of national emergencies and the significant involvement and role of the Department demonstrate the importance of addressing the areas identified in the audit.

Statement of conformance

In my professional judgement as Chief Audit and Evaluation Executive, the audit conforms with the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing and the Government of Canada’s Policy on Internal Audit, as supported by the results of the Quality Assurance and Improvement Program.

Christian Asselin, CPA, CA, CMA, CFE
Chief Audit and Evaluation Executive
December 13, 2018

Acknowledgements

The audit team would like to thank those individuals who contributed to this project and particularly employees who provided insights and comments as part of this audit.

Introduction

The Emergency Management Act (EMA) defines emergency management (EM) as the “prevention and mitigation of, preparedness for, response to, and recovery from emergencies.” The EMA also defines the accountabilities of federal Ministers and their responsibilities relating to emergency management: to identify the risks that are within or related to their areas of responsibility; to prepare, maintain, test, and implement emergency management plans in respect of those risks; and to conduct training and exercises in relation to those plans.

The federal government is committed to working collaboratively with provinces and territories to support communities when disasters strike, such as during earthquakes, floods, and forest fires. The scope of an emergency will determine the various roles of federal government institutions. Under the EMA, Public Safety Canada is the federal coordinating department based on the legislated responsibility of the Minister of Public Safety.

Natural Resources Canada (NRCan) has specific accountabilities for contributing to the safety and security of Canadians and the international community during emergency events by providing scientific, technical, and/or policy leadership. Public Safety’s Federal Emergency Response Plan identifies NRCan as a primary department when responding to energy supply disruption emergency events. A primary department is a federal government institution with a mandate related to a key element of an emergency. These key elements are grouped into thirteen Emergency Support Functions most frequently used in providing federal support to provinces and territories or federal-to-federal assistance in response to a request for assistance during an emergency. The scope of the emergency support function for energy supply disruption includes producing, refining, transporting, generating, transmitting, conserving, repairing/building, distributing, and maintaining energy systems and system components for petroleum products (oil), natural gas, and electricity. In addition, this emergency support function collects, evaluates, and shares information on energy system damage and estimations on the impact of energy system outages within affected areas.

In May 2018, NRCan finalized its three-year Strategic Emergency Management Plan (SEMP), whose purpose is to establish an organizational structure and procedures for response to major emergencies. The Department has also developed hazard specific emergency management plans (EMPs) defining departmental roles and responsibilities related to: nuclear and radiological incidents; offshore oil and gas incidents; energy supply disruption; non-fuel mineral and metal commodities production shortages support; wildland fires; geological hazards; space weather; nuclear explosion monitoring; and the provision of emergency geomatics services. EMPs related to cyber and IT security and national security are under development. For all departmental EMPs besides energy supply disruption, NRCan plays a significant supporting role to other government departments, but does not lead the federal response.

The Security and Emergency Management Division (SEMD), within the Corporate Management and Services Sector (CMSS), coordinates the Department’s emergency management activities and acts as the secretariat function for two Security, Emergency Management, and Intelligence Committees (SEMIC) governance bodies that are at the Assistant Deputy Minister and Director General levels, respectively.

Although SEMD oversees the coordination of the Department’s overall emergency response, hazard specific EMPs are managed by the individual Sector with responsibility for the particular emergency event. The activation of an EMP and the coordination of a federal response is not conducted unilaterally. Sectors are required to work together with SEMD to enable a coordinated departmental response, and NRCan works with other departments, such as Public Safety Canada, to contribute to an overall federal response. As such, it is important that EM roles and responsibilities are clearly understood and communicated to all parties.

This audit was included in the 2018-2021 Risk-Based Audit Plan, approved by the Deputy Minister on April 12, 2018.

Audit Purpose and Objectives

The objective of the audit was to assess the adequacy and effectiveness of NRCan’s emergency management activities. Specifically, the audit assessed whether:

• The Department has established and implemented adequate governance processes to support the management of its EM activities;
• There is effective management, communication, and coordination of EM plans with partners and stakeholders; and
• The Department has appropriate resources and training programs to fulfill its EM responsibilities.

Audit Considerations

A risk-based approach was used in establishing the objectives, scope, and approach for this audit engagement. The following areas were identified as having significance in the achievement of the Department’s EM objectives, and were therefore assessed as increased areas of risk for this audit:

• Governance and strategic direction over the Emergency Management program, including roles and responsibilities of key players in the activation of emergency management plans;
• Testing, communication, and coordination of EM plans with partners and stakeholders in order to implement processes and procedures during an emergency; and
• Allocating resources and training staff for emergency management to enable the Department to fulfil its EM responsibilities and to meet EM needs in the event of sustained or prolonged emergency events.

Scope

The audit focused on Emergency Management activities within the Department, including an examination of the roles and activities of both CMSS (as the Office of Primary Interest) and Sectors with EM responsibilities. It also examined the work of EM governance committees, such as DG-SEMIC and ADM-SEMIC, including how they contribute to the Department’s emergency management function.

The scope of this audit includes relevant departmental and Sector processes, procedures, and tools used to plan, conduct, monitor, and report on EM activities. The audit focused on the period from April 1, 2016 to September 30, 2018, in order to examine recent emergency activities and processes.

The scientific research the Department conducts on natural resources may impact emergency management activities; however, the audit focused on NRCan’s responsibilities under the Emergency Management Act to respond to an emergency. In addition, although an audit on emergency management was conducted in 2014, the continued importance of this function supported the need to conduct the current audit. The audit team avoided duplication with previous audit work and focused on areas that have undergone changes since the last audit.

The audit considered previous audit work done by external assurance providers on the offshore oil and gas incidents EM plan and protocols. In addition, the audit had a limited focus on cyber and IT security as well as physical security, as recent internal audits have been conducted in these areas. The audit did not focus on business continuity related to building emergency and security processes; however, the audit team reviewed business continuity plans pertaining to emergency management functions.

As NRCan interfaces with other federal departments and agencies in the EM domain, other government departments such as Public Safety were consulted during the Planning and Conduct phases of the audit to understand EM activities from a horizontal perspective; however, it is not within the mandate of the Audit and Evaluation Branch to audit the activities of these departments.

Approach and Methodology

The approach and methodology followed the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing and the Government of Canada’s Policy on Internal Audit. These standards require that the audit be planned and performed in such a way as to obtain reasonable assurance that audit objectives are achieved. The audit included tests considered necessary to provide such assurance. Internal auditors performed the audit with independence and objectivity as defined by the International Standards for the Professional Practice of Internal Auditing. The audit approach included the following key tasks:

• Interviews with key personnel and committee representatives;
• Review of selected EM documents, business processes, and case studies;
• Testing a sample of emergency management response after-action activities;
• Obtaining expert advice from an EM consultant on the adequacy of departmental EM planning processes; the appropriateness of review, testing, and communication of EM plans; and the level of departmental participation in government-wide exercises.

The conduct phase of this audit was substantially completed in September 2018.

Criteria

Please refer to Appendix A for the detailed audit criteria. The criteria guided the audit fieldwork and formed the basis for the overall audit conclusion.

Findings and Recommendations

Governance and Planning Processes

Summary Finding

NRCan has established and implemented governance processes to support the management of its EM activities. There is a need to finalize and implement roles, responsibilities, and accountabilities for NRCan’s EM activities, and for governance committees to have discussions that are more horizontal and strategic for EM planning. In addition, there is a need for a monitoring and reporting mechanism to provide senior management with relevant information for EM decision making.

Supporting Observations

A governance structure where senior management provides leadership and strategic direction supports the Department in planning and fulfilling its legislated EM responsibilities. The audit sought to determine whether NRCan has established and implemented governance committees that provide adequate strategic direction and oversight, and clearly defined and communicated roles, responsibilities, and accountabilities for departmental emergency management activities.

In addition, the audit team expected that the Department has developed adequate EM planning documents and processes; has assessed and defined EM resource requirements; and has conducted appropriate monitoring and reporting of results aligned with government requirements.

Departmental EM Governance Committees

The audit team found that NRCan has established two EM governance committees: the Security, Emergency Management, and Intelligence Committees (SEMIC) at the ADM and DG levels. ADM-SEMIC supports the Executive Committee and the Deputy Minister by providing overall guidance, oversight, advice, and recommendations on NRCan’s broader security, emergency management, and intelligence activities. DG-SEMIC supports ADM-SEMIC by providing operational guidance, oversight, strategic advice, and recommendations regarding NRCan’s broader security, emergency management, and intelligence activities.  It also acts as a decision-making body for operational initiatives, products, or issues, as well as provides a forum for cross-Sectoral information sharing.

A review of the function of SEMIC meetings found that there are opportunities for both ADM- and DG-SEMIC meetings to be more effective forums for strategic, department-wide direction setting in EM planning. ADM-SEMIC has had limited meetings, five times within the last three fiscal years. Audit interviews indicated that the Committee has not met frequently due to the lack of a clear purpose for convening, and limited strategic topics to discuss. The audit team also found that most discussion items are “for information only”, such as briefings on government-wide activities; however, a few items did involve making key decisions, including recently reviewing and endorsing the Standard on Emergency Management and accompanying Guiding Principles. The Department intends to update the other EM planning documents and to conduct a senior management exercise for validating the Strategic Emergency Management Plan in the fall and winter, 2018-2019.

The audit team found that the purpose and mandate of DG-SEMIC was not always clear to its members. While the Committee met at regular intervals, meeting discussions focused on providing updates on the various government-wide committees in which NRCan actively participates, and Sector-specific discussions were not always relevant to all meeting participants. Key EM planning documents were provided to Committee members to solicit their comments prior to endorsement at ADM-SEMIC. DG-SEMIC’s terms of reference was updated in 2017 to reflect a move towards a more strategic role for this Committee.

Participation in Government-wide Committees

There are several intergovernmental emergency management committees led by Public Safety Canada in which NRCan is an active participant and occasional Co-Chair. These include the DG Emergency Management Policy Committee (DG EMPC), the DG Emergency Response Committee (DG ERC), and the ADM Emergency Management Committee (ADM EMC). NRCan contributes largely to these EM-related committees in areas including National Security Exercise design, consultations for implementation of a standardized Incident Management System, and the development of an Emergency Management Strategy for Canada. Through these committees, NRCan also actively participates in national EM exercises, such as a National Security tabletop, Exercise Pacific Quake, and the Staunch Maple exercise.

Strategic Emergency Management Planning

The audit found that the Department has developed adequate EM planning documents and processes, aligned with government and legislative requirements. One of the key documents that provides the framework for NRCan’s EM activities is the Strategic Emergency Management Plan (SEMP). It establishes an organizational structure and procedures for the activation of NRCan’s emergency management plans. It also provides a comprehensive, integrated, and coordinated approach in all areas of emergency management (prevention/mitigation, preparedness, response, and recovery).

The SEMP identifies eleven hazards pertaining to NRCan’s mandated emergency management responsibilities. The identification of these hazards was based on an all-hazards risk assessment process conducted by the Security and Emergency Management Division (SEMD) in 2013-14, and updated and validated in 2017. Following an all-hazards approach aligns with central agency guidance; however, documentation illustrating the details of how the risk assessment process was applied to identify hazards was not available to the audit team for review.

To manage identified hazards, there are currently nine Sector-specific emergency management plans (EMPs). At the time of the audit, EMPs for The final decision regarding whether identified hazards and risk events require an emergency management plan is made by ADM-SEMIC; however, the audit team was unable to determine if there are common criteria for assessing and determining whether the existing list of emergency events/hazards are still relevant to NRCan’s environment. There is also a lack of clarity on whether an identified hazard requires an emergency management plan and/or a business continuity plan (BCP); and what resources and supporting infrastructure are needed.

Although the audit scope did not include a full review of NRCan’s Business Continuity Program, the audit team reviewed business continuity plans (BCPs) related to emergency management functions. The SEMP indicates that all emergency management functions are deemed critical and require a business continuity plan. The audit found that each EMP in place has an accompanying BCP. Within each BCP, there is a business impact analysis that identifies critical IT assets (if relevant for the EMP). However, there is not a clear link between these assets and consequences of a service disruption in the BCPs.

The audit found that roles, responsibilities, and accountabilities for departmental emergency management, such as the authority of CMSS vis à vis the role of Sectors during an emergency, are not always clearly defined and communicated.

Following the update of the SEMP in 2017, the Department also developed a Concept of Operations for the Departmental Emergency Operations Centre (DEOC) and a Standard on Emergency Management. The DEOC is the principal location for the conduct of Emergency Management-related functions. DEOC staff ensures that there is effective coordination with Government of Canada and other outside agencies involved in NRCan’s emergency response. The DEOC Concept of Operations outlines a plan for the activation and continuity of the DEOC and accompanying processes required to support interdepartmental and inter-stakeholder coordination with other key federal departments during an emergency.

The Standard establishes a consistent approach to the maintenance, testing, and implementation of emergency management plans and procedures that support the Minister’s responsibility to exercising leadership relating to emergency management. Developing an internal Standard on Emergency Management is not currently a common practice among federal departments and private sector EM agencies. The Department may consider sharing this document to promote good practices.

Within the Standard, there is a set of Guiding Principles indicating that SEMIC governance will provide guidance, advice, and decision-making authority on emergency management plans, policies, and protocols. It also outlines the roles for CMSS and Sector ADMs during an emergency. It is important for senior management to be in agreement with and to communicate clearly the roles and responsibilities within the Standard, as audit interviews indicated a lack of clarity and common understanding among Sectors regarding the leadership and authority of CMSS during an emergency situation. As mentioned, the Standard was recently endorsed by ADM-SEMIC, so there is currently limited awareness of its requirements throughout the Department.

A three-year EM planning cycle is depicted in the Standard. It outlines specific steps to help determine emergency management plan objectives, risk analyses, gaps and priorities, as well as steps for development, implementation, and exercise of plans. The processes in this cycle are more in-depth and rigorous than the current process outlined in the departmental SEMP. Additionally, the role of SEMD is described, including ongoing assessment and monitoring of the status of the three-year SEMP to ensure progress against plans.

Resource Planning

In addition to governance committees and procedures for planning emergency management activities, it is important for NRCan to allocate adequate resources to fulfil its emergency management responsibilities. The audit team reviewed the organizational structure of SEMD, which coordinates the Department’s EM activities. Comparative analyses show that the number of staff have grown over the last three years. However, audit interviews indicated that there is limited capacity within SEMD to provide oversight and guidance to Sectors, in addition to serving as secretariat for SEMIC and actively participating in government-wide committees.

The audit team noted that Sectors have adequately staffed EM teams, according to requirements outlined in the standard operating procedures (SOPs) for their EMPs. There are also rotating schedules of staff who are required to be on-call for duty. However, it was observed that not all Sectors have a formal process for human resource planning. Sectors have also indicated that although there is sufficient human resource capacity for day-to-day activities, there are concerns that there may be resource constraints during extended periods of emergencies, especially if subject matter experts are deployed to other government departments as liaison officers.

The recent Audit on Human Resource Planning, completed in October 2018, emphasizes the importance of establishing appropriate HR planning processes. Implementing recommendations from the audit will enable Sectors to define their resource needs to help fulfil their EM responsibilities.

Monitoring and Reporting to Senior Management

The audit found that, currently, there is no central monitoring and reporting over departmental EM activities. Although SEMD serves as a hub for coordination of information and resources during an emergency event, neither SEMD nor the SEMIC Committees conduct monitoring of whether Sectors maintain, update, and exercise their respective emergency management plan

The new Standard on Emergency Management indicates that the Assistant Deputy Minister, CMSS is responsible for annually monitoring and reporting on the implementation of the Department’s three-year EM planning cycle. Additionally, the Federal Policy on Emergency Management requires departments to submit information on their EM planning activities, and to submit, upon request, copies of their EMPs to Public Safety for review and evaluation.

The audit found that NRCan does not currently submit its SEMP to Public Safety for review and assessment. Public Safety is undergoing an update and revision of its framework for the assessment of departmental emergency management plans. Once the new assessment framework is implemented, departments will be requested to submit EMPs for review. This exercise is intended to enable Public Safety to have an overall perspective of government-wide EM planning activities and to provide guidance and feedback to departments on improving and refining their EM planning.

Risk and impact

The absence of strategic discussions to provide oversight on EM decision-making at governance committee meetings may create challenges in fulfilling the Department’s EM responsibilities. In addition, Sector EM activities may not align with the Department’s Strategic Emergency Management Plan.

The lack of a formal process and common criteria for determining the requirement for establishing and/or discontinuing emergency management plans may affect the Department’s ability to identify and address gaps in emergency management activities.

Limited monitoring and reporting on the Department’s emergency management activities may impair senior management’s ability to make informed decisions and to meet government reporting requirements on the Department’s EM activities.

Recommendations

Recommendation 1: It is recommended that the Co-Chairs of the Security, Emergency Management, and Intelligence Committees (SEMIC):

1. Refocus SEMIC meetings to align the purpose and discussions to their stated mandates in order to have meaningful engagement on key EM issues;
2. Develop common criteria for assessing and determining whether identified hazards and risk events require emergency management plans.

Recommendation 2: It is recommended that the ADM CMSS, in collaboration with ADM-SEMIC, implement a mechanism for monitoring and reporting on Sector EM activities to track progress against strategic and operational plans, in order to provide senior management with relevant information for strategic direction setting.

Management response and action plan

Management agrees with Recommendation 1.

1. The SEMIC co-chairs, with the support of the SEMIC secretariat, will establish a process to ensure sectors are bringing key EM issues, and files to the committee for strategic discussion and direction.
   • The Audit recommendation will be presented to SEMIC members at the first meeting in 2019, including time for a strategic discussion to establish criteria on how to identify what a “key EM issue” is and to seek a commitment from sector representatives to bring these issues forward. (Criteria to be endorsed and implemented by ADM SEMIC by September 30, 2019).
   • SEMIC secretariat will reach out to members on a quarterly basis to populate the forward agenda and meet with co-chairs to review the agenda to ensure it meets the mandate of the committees. (Process will be in effect as of June 30, 2019).

   Positions responsible: Co-Chairs, SEMIC

2. CMS will lead the development and implementation of a hazards and risk assessment, including clear methodology, and a common criteria for assessing and determining the requirements for emergency management plans. All Sectors will be consulted and included in the process.
   • Hazard and risk assessment, as well as criteria for assessing EMPs to be presented to DG-SEMIC for endorsement by September 30, 2019.

   Position responsible: Director, SEMD

Management agrees with Recommendation 2.

In accordance with new Standard on Emergency Management SEMD- CMSS will coordinate the tracking and reporting of EM activities with the collaboration of Sectors who have an Emergency Management Plan.

• SEMD will establish a reporting cycle, and template to ensure sector representatives can provide input.  A dashboard, criteria and reporting cycle will be brought to DG-SEMIC for endorsement by June 30, 2019.

Position responsible: Director, SEMD

Emergency Management Responsibilities

Summary Finding

Sectors have developed hazard-specific emergency management plans that outline the Department’s EM responsibilities. The plans are managed, communicated, and coordinated with partners and stakeholders. The audit identified a need to conduct regular updates and testing of emergency management plans and to ensure that employees receive appropriate EM training.

Supporting Observations

Sector emergency management plans provide details for the procedures and activities that the Department should follow in the event an emergency. The audit sought to determine whether the Department’s emergency management plans are appropriately approved and regularly reviewed, updated, tested, and communicated The audit also sought to determine whether the Department participates in government-wide testing of emergency management plans, and whether there is effective management, communication, and coordination of EM plans with partners and stakeholders. In addition, the audit assessed whether employees with EM responsibilities have received appropriate training and support.

Sector Emergency Management Plans

The Emergency Management Act requires departments to identify the risks that are within or related to their areas of responsibility; to prepare, maintain, test, and implement emergency management plans (EMPs) in respect of those risks; and to conduct training and exercises in relation to those plans. The audit selected three Sector emergency management plans for review and case study:

• EMP of Energy Supply Disruption – NRCan (Energy Sector-ES) is the lead federal department responsible for monitoring, assessing, and providing advice and guidance to the Governor-in-Council, as well as other government stakeholders on any energy-related emergencies.
• EMP of Geological Hazards - Geological hazards, such as earthquakes, have great impacts and are considered extremely high risk. This EMP is led by one of NRCan’s larger Sectors (Lands and Minerals Sector-LMS).
• EMP of Wildland Fires - The Canadian Forest Service (CFS) conducts and disseminates scientific and technical analysis on fire behaviour, provides regular status updates, and considers lessons learned from previous years’ fire seasons. This information is intended to assist fire managers, first responders and others who have a role in managing fire-related emergencies.

The audit found that all three selected EMPs adequately outline a framework for the Department’s response in the event of an emergency. In addition, these plans have accompanying business continuity plans that were updated within the past year. The audit observed that the Energy Supply Disruption EMP and the Wildland Fires EMP have been updated and approved by senior management within the last two years, while the Geological Hazards EMP was last updated in 2013. It is understood that the technical aspects of the plans may not change frequently; however, regular review of the plans and update of contact information helps ensure that roles, responsibilities, and procedures are maintained and communicated to all staff with EM responsibilities, especially if there have been staffing changes since the last update.

In addition, the audit team reviewed standard operating procedures (SOPs) that accompanied the selected EMPs and found that the documents provide a comprehensive and detailed description of specific processes for Sector staff to follow during emergencies. The SOPs included detailed roles and responsibilities of subject matter experts at various levels of activation of the EMP, and contact lists with on-call schedules. For example, the SOPs for the Wildland Fires EMP explain CFS’ involvement as a member agency of the Canadian Inter-agency Forest Fire Centre (CIFFC), the definition of the various CIFFC preparedness levels and requirements for CFS at those levels, and the activities that CFS undertakes for pre-fire season planning. The SOPs for the Geological Hazards EMP describe the systems that the Canadian Hazards Information Service (CHIS, within LMS) uses to monitor earthquakes and tsunamis, the detailed processes that the Seismologists on Call should follow during a seismic event, and a contingency plan for the loss of functionality of one or more data centres.

The audit team observed that the Energy Supply Disruption EMP does not have standard operating procedures. Sector staff indicated that the procedures outlined in the DEOC Concept of Operations are being used in the activation of this EMP. The audit found that although the emergency response for the Energy Supply Disruption EMP is more policy-driven and less technical than those of other EMPs, it may be beneficial to regularly exercise the plan and evaluate whether more detailed procedures are warranted to outline the specific roles and responsibilities of subject matter experts.

Communications

The audit found that the Department effectively communicates and coordinates with partners and stakeholders when planning for and responding to emergency events. The Communications and Portfolio Sector (CPS) has developed a Crisis Communications Protocol to promote strategic approaches for NRCan to respond to the communications demands of a crisis or emergency situation and information-sharing. The Protocol was last updated in 2014, and includes detailed checklists and basic templates for communications products.

In light of the recent SEMP update, the development of the DEOC Concept of Operations, and the NRCan Standard on Emergency Management, the Crisis Communications Protocol is currently outdated and does not have a clear link with these EM planning documents. Additionally, audit interviews indicated that although there have been regular exercises for the Business Continuity Plan related to crisis communications, no tests have been designed specifically for the implementation of the Protocol.

Communications has played a role in recent departmental emergency responses, for example, during the 2016 Fort McMurray wildfires. CPS monitored media coverage, developed communications products in anticipation of inquiries, and worked with CFS to coordinate and respond to over one hundred media calls. Additionally, they actively participated in daily interdepartmental conference calls with other government departments and provided ministerial briefings.

The audit team also observed that, within the Sectors, there are mechanisms to communicate emergency information to the public. For example, CFS provides regular situation reports through the Canadian Wildland Fires Information System, as part of the NRCan external website. The public can also access pertinent information regarding the most current fires and any forecasts. CFS’ subject matter experts also use social media to share information on current wildfires with the public.

Similarly, the Canadian Hazards Information Service provides information on earthquakes in and around Canada through the Earthquakes Canada website, also as part of the NRCan external website. The public can access information, such as the most recent significant earthquake reports, a map of earthquakes that took place in the last thirty days in Canada, and other resources such as seismograms and earthquake preparedness material.

Although ES’ role in emergency management is not directly related to the provision of public information, the Sector has agreements in place with all companies that own and operate refineries in Canada, for the purpose of obtaining information during times of energy supply disruption. This allows NRCan to fulfill its emergency management role, as specified in the Energy Supplies Emergency Act.

Exercises and Training

The SEMP indicates that SEMIC should approve an annual exercise calendar, and that at least two emergency management plans will be tested each year at the senior management level. Departmental coordination for emergency management planning, plan development and maintenance, training, and emergency responses is supposed to be managed by the NRCan Emergency Management Working Group. At the time of the audit, this working group had been dormant for several years and has not been re-established.

Conducting exercises of EMPs (whether a live exercise or a discussion-based tabletop exercise) provides key players with an overview of the required steps during an activation of the plan. Those with roles and responsibilities during an activation have the opportunity to perform their EM duties in a fictitious situation, and to be informed and trained on the procedures to follow during an activation. Exercising also identifies strengths and weaknesses of the plan and related procedures, where lessons learned are documented in After Action Review reports and are integrated into planning documents. Ultimately, training and exercising improves preparedness and strengthens the capability to respond to emergency events.

The SEMP requires NRCan to test and validate Sector EMPs annually, and to participate in at least one national-level exercise each year. The audit found that NRCan’s annual exercise calendar has not been developed, and that emergency management plans are not regularly tested and exercised. Of the three EMPs that the audit reviewed, there had been no exercises designed to test these plans. 

However, the audit team found that NRCan has participated in external emergency exercises in the last two years. For example, ES was involved in the North American Electric Reliability Corporation’s grid security exercise and helped to design a similar exercise for the oil and gas industry. Additionally, LMS was an active participant in a City of Ottawa emergency exercise based on an earthquake scenario. The Sector collaborated with the city to provide technical expertise in the design and development of this exercise. However, neither of these exercises were specifically designed to fully test NRCan’s EMPs.

Simulations and exercises are also good tools to train employees and to raise awareness of EM roles and responsibilities. The SEMP requires that Sectors conduct education and training in relation to their respective EMPs. The audit found that Sectors are providing training opportunities to employees with tactical and technical EM responsibilities, such as through courses, job shadowing, and on the job training. However, there is currently no training available for the incident management system, which is a standardized governance system used during the activation of the DEOC and/or a Sector-specific EMP.

Audit interviews indicated that there is limited capacity within SEMD to manage, design, and administer training. The audit team was informed that the Department has signed a Letter of Intent to participate in a federal approach for EM training. At the time of the audit, there had been no further developments on this initiative, which is being led by other government departments.

The audit team also found that NRCan is an active participant in the Federal Exercise Working Group (co-chaired by Public Safety Canada). This working group developed the National Exercise Program Framework, and identified exercises that meet government-wide strategic EM objectives to incorporate into a national exercise calendar. Through involvement with this working group, NRCan has participated and plans to continue to participate in several national exercises annually.

In addition to national exercises, the live activation of an EMP provides the opportunity to assess readiness to respond to emergencies and to identify lessons learned. An example of multiple Sectors collaborating and cooperating to provide a coordinated departmental response occurred in 2016, when NRCan’s DEOC activated the Energy Supply Disruption EMP and the Wildland Fires EMP, when wildland urban interface fires were discovered near Fort McMurray. In this situation, CFS provided up-to-date assessments and forecasts of fire weather and fire behaviour for all of Canada. ES liaised with industry, the National Energy Board and Public Safety‎ on infrastructure developments and provided updates on energy supply when available. Other Sectors provided geospatial capabilities, produced situation reports with internal partners, and liaised with the Government of Alberta to monitor and assess the threat to critical energy infrastructure, and ensure the collaboration of federal and provincial communications efforts.

Following this event, SEMD produced an After Action Report that captured the roles, responsibilities, and involvement of NRCan’s participating Sectors. The Report also identified lessons learned and areas for improvement that Sectors used to update their EMPs and accompanying standard operating procedures. The audit noted that the lessons learned from the After Action Report were incorporated into updates of EMPs and Standard Operating Procedures.

It was noted that for certain emergency management plans, such as the one for Wildland Fires, there is an annual live activation (during fire season). Lessons learned from these activations are considered when revising and updating the EMPs and SOPs. For such plans, the decision to conduct formal exercises or to consider the live activation as an exercise itself is within the discretion of senior management, to accept the risk of not conducting regular testing and exercising. However, for all other EMPs, in particular where NRCan is the primary department responsible for the plan, it is critical to maintain, test, and exercise plans on a regular basis.

Risk and impact

A lack of updated planning documents and a lack of regular testing of Sector EMPs may impact the Department’s ability to adequately respond in an emergency.

Limited EM training may hinder staff from fulfilling their EM roles and responsibilities.

Recommendations

Recommendation 3: It is recommended that the Co-Chairs of ADM-SEMIC, in collaboration with all Sector ADMs with EM responsibilities, ensure that their respective emergency management plans and procedures are regularly reviewed, updated, and tested.

Recommendation 4: It is recommended that the ADM CMSS ensure that a training program is established and implemented to provide adequate training on the incident management system to staff with EM responsibilities.

Management response and action plan

Management agrees with Recommendation 3.

The Emergency Management Working Group (EMWG) under the SEMIC governance will be re-established by March 31, 2019.

The EMWG will develop a 3 year exercise calendar to include activities linked to the Emergency Management Plans under the Strategic Emergency Management Plan. Template and implementation plan will be brought to SEMIC for endorsement by June 30, 2019.

Furthermore, CMSS, in collaboration with sector leads will prepare and present to the ADM-SEMIC an annual progress report for the Deputy Minister in relation to Planning, Training and Exercise activities related to emergency management (first report to be provided to the Deputy Minister by December 31, 2019).

Position responsible: Director, SEMD

The Communications and Portfolio Sector (CPS) has recently hired a communications manager for corporate files who is updating CPS’ Crisis Communications Protocol.

In October 19, 2017, CPS also took part in a business continuity exercise up the ADM-level, whereby employees with a critical function assumed their functions remotely, based on the Crisis Communications Protocol. This exercise demonstrated CPS’ ability to deliver necessary functions, in the event of an emergency affecting NRCan buildings.

The Crisis Communications Protocol will be revised by March 31, 2019 and reviewed yearly thereafter.

Position responsible:
Communications Manager responsible for Corporate files and DG, Public Affairs.

Management agrees with Recommendation 4.

The Security Emergency Management Division will work with Human Resources to create positions to support this recommendation.  This function will look at developing and implementing emergency management training specific to NRCan’s mandate that will compliment the work being done by Public Safety for a whole of government training program. Resource to be staffed by September 30, 2019.

NRCan has signed a Letter of Intent to leverage emergency management training that is being established by Public Safety and the Canada School of Public Service as part of the Government Operations Centre’s Modernization Plan.  NRCan employees will have access to a suite of learning tools, and activities.

• The EMWG will establish a learning matrix that will outline the learning activities to be developed or leverage in order to ensure that NRCan employees, with an emergency management function, understand the fundamental the principles of incident management, as well as an their roles and responsibilities during an emergency.  The learning matrix will be presented to DG SEMIC for endorsement by September 30, 2019.

Position responsible:  Director, SEMD

APPENDIX A - Audit Criteria  

The criteria were developed primarily from the key controls set out in the TBS Core Management Controls, and Public Safety’s Emergency Management Planning Guide. The criteria guided the fieldwork and formed the basis for the overall audit conclusion.

The following audit criteria were used to conduct the audit:

Audit Sub-Objectives	Audit Criteria
Audit Sub-Objective 1: To determine whether the Department has established and implemented adequate governance processes to support the management its EM activities.	1.1 It is expected that EM governance committees have been established and implemented, including adequate strategic direction and oversight of emergency management activities.
	1.2 It is expected that roles, responsibilities, and accountabilities for departmental emergency management are clearly defined and communicated.
	1.3 It is expected that the Department has developed adequate EM planning documents and processes, (e.g., Emergency Management Plans, risk assessment methodology), aligned with government and legislative requirements.
Audit Sub-Objective 2: To determine whether there is effective management, communication, and coordination of EM plans with partners and stakeholders.	2.1 It is expected that the Department’s Emergency Management Plans are appropriately approved and regularly reviewed, updated, tested, and communicated.
	2.2 It is expected that the Department participates in government-wide testing of emergency management plans.
	2.3 It is expected that the Department effectively communicates and coordinates with partners and stakeholders when planning for and responding to emergency events.
Audit Sub-Objective 3: To determine whether the Department has appropriate resources and training programs to fulfill its EM responsibilities.	3.1 It is expected that EM resource requirements, including capacity, required skills and competencies, have been appropriately assessed and defined.
	3.2 It is expected that required employees have received appropriate training and support to enable the Department to fulfill its EM responsibilities.