Security of customer information
Agricorp is at risk of inadvertently releasing confidential customer data or having its systems compromised by unauthorized access.
Risk rating Likelihood: Impact:
Financial impact:
Medium High Low
Rationale: Confidential customer information is shared through day-to-day operations (e.g. mail, email, phone conversations and printed material). Implementation of a web portal for customers may increase the risk of releasing confidential information. In addition, increased frequency of cyber-attacks increases this risk.
Corrective action: Reduce
• Agricorp has mandatory online security awareness training for all employees. • Agricorp has security standards for internal and external documentation. • Procedures are in place for sending data outside of Agricorp:
- Data sent to AAFC or OMAFRA is sent through secured file transfer
- Data files are sent to approved partners with encryption and secure passwords. • Web portal testing includes a threat risk assessment to ensure appropriate access. • Office doors are secured so only authorized individuals have access.
• Computers automatically lock when not in use.
• Online services have been fully tested (including a penetration test conducted by an external service provider) with no significant risks identified that would compromise customer sensitive data.
• Agricorp has adopted an industry recognized security framework - ISO 17799 - with wide ranging security controls and guidelines. Agricorp has completed a security review of systems and is implementing security policies.
• Agricorp has an annual external security scan by an independent third party.
• Agricorp identifies and implements process changes and technology that improves both quality and efficiency of program delivery.
Organizational capacity
Agricorp is at risk of not having the capacity or flexibility to respond to new initiatives without negatively impacting the delivery of existing programs and services.
Risk rating Likelihood: Impact:
Financial impact:
High Medium Medium
Rationale: To deliver new and/or ad hoc programs in a timely fashion and/or respond to emerging issues, Agricorp must first draw on existing resources. To respond to these requests, Agricorp requires capacity in addition to resources dedicated to delivering existing programs and services.
In recent years, Agricorp has managed with flat funding (no budget increases for the cost of inflation). To offset inflationary cost increases, Agricorp has reduced costs, improved efficiency and reduced organizational capacity. Further, Agricorp reduced its number of staff in 2014. To respond to new priorities in a timely fashion, Agricorp will need to draw resources away from the delivery of existing programs. This could have a direct and negative impact on customers, stakeholder relations and the reputation of Agricorp and government.
Corrective action: Reduce
• Continue to work with OMAFRA to balance the right funding model to enable program and service delivery and timely response to government and stakeholder needs at a time of fiscal constraint.
• Where possible Agricorp will leverage existing infrastructure and processes to implement program change and new programs.
• Agricorp is engaged with OMAFRA early in the design and development stage for program change and new programs.
• Agricorp has processes in place to proactively identify emerging issues to facilitate a timely response.
• Agricorp will continue to build strong working relationships and have open communications with government and industry groups.
Workforce/skill shortage and compensation
Agricorp is at risk of being unable to attract and retain employees with the skills and experience needed to achieve business plan objectives.
Risk rating Likelihood: Impact:
Financial impact:
Medium Medium Medium
Rationale: Agricorp has a highly skilled workforce and relatively low turnover of staff. Workload is significant based on recent downsizing and priorities based on government and industry needs. Risk that aspects of the total rewards program do not align with the market and industry for comparable positions. This could limit Agricorp’s ability to attract capable and motivated employees at medium and high skill levels. This skill shortage could impact succession management and the ability of the organization to meet its objectives.
Agricorp has established processes to identify and monitor our compensation position in the marketplace. Although the degree of risk varies throughout the organization, it is most prevalent in technical areas such as IT and finance. Compensation job bands have been fixed and unchanged since 2007. This is consistent with the provincial government public sector compensation framework.
Corrective action: Reduce
• Agricorp contracts with an external compensation consultant to analyze information and determine competitiveness. The market survey includes information from organizations (public and private) across multiple sectors, geographic locations, size and scope. The data reflects a total rewards approach.
• Agricorp administers an annual employee engagement survey to determine areas of improvement.
• Agricorp develops current employees to prepare for internal career advancement by incorporating:
- Individual development plans that are continuously improved and identifying learning needs and interests of staff
- Ongoing employee training and development with a learning strategy to ensure staff have the necessary knowledge and skills
- Competency based talent management to enable career path development and targeted learning.
• Job tiers have been implemented to enable knowledge transfer and appropriate skill level matched to complexity of tasks.