4th E Practice Guide
1. Guidance for Identification of Environmental Risks: One-Pass Planning
Assessing an entity's major risks is the starting point of effective long-term audit planning. In the Office this is referred to as one-pass planning. As part of this process, auditors consider environmental risks along with other business risks. This guide provides direction for conducting the analysis.
Teams assess environmental risks by completing an Entity Environmental Risk Profile, organized by strategic outcomes and key program activities. The environmental risks then are reflected in the overall OPP Entity Risk Profile as appropriate.
The Office has committed to ensuring that audit teams systematically identify environmental risks and assess their significance when developing audit plans. By employing this guide, teams will be helping to meet the Office's commitment.
The basic requirements are to
- identify program activities and key related policies, regulations, programs, projects, and operations;
- identify the potential associated environmental effects; and
- assess the risks associated with the potential effects to determine whether they are significant.
The result could be
- a finding of no significant environmental risks in the entity;
- planning of a full performance audit of an environmental risk issue in the entity;
- planning of an environmental line of enquiry within a broader performance audit of the entity;
- planning of a wider-focus Tier II audit in co-operation with other audit teams whose entities have similar environmental risk issues; or
- planning to incorporate a line of enquiry on the environmental risk issue within a broader Tier II performance audit.
For one-pass planning purposes, the Office has defined significant risks as those that would result in widespread failure to achieve the entity's mandate, loss of significant resources, or serious threats to personal safety. For the purposes of this guide, significant risks also include serious threats to natural resources, the natural environment, or human health and well-being. Also to be considered are risks associated with missed opportunities.
Careful judgment must be exercised to reach conclusions about environmental risk. Familiarity with the entity along with assistance from the Internal Specialist will be valuable for this analysis. The Internal Specialist is available to work with audit teams to identify significant environmental risks.
Instructions for completing the Entity Environmental Risk Profile for One-Pass Planning
Note: Provide a copy of the completed Entity Environmental Risk Profile to the Internal Specialist.
Before you begin, remember to
- focus on identifying strategic considerations at a high level, and
- describe the overall scope and nature of the environmental effects.
The Entity Environmental Risk Profile included in this guide can be applied to a wide range of entities and their activities. The Internal Specialist should be consulted, where appropriate, to develop an environmental risk profile that is more detailed or that can be tailored to the circumstances of a specific entity to be audited.
The following are the steps for completing the profile:
Step 1: Create a working version of the risk profile. Do this by photocopying the risk profile, or by using the electronic form on the INTRAnet.
Step 2: Identify the entity's strategic objectives and related program activities and sub-activities. Enter this information in the first two columns of the Entity Environmental Risk Profile.
Note: Consult the entity's Sustainable Development Strategy as well as other documents, such as the yearly Reports on Plans and Priorities (see Exhibits 1 and 2 for links). Another important source of information is an environmental issues report commissioned in 2001 by Audit Group 4 (Commissioner of the Environment and Sustainable Development). This summarizes key environmental issues and federal vulnerabilities. It also analyzes the federal mandate for each key issue and identifies the main departments concerned. The report is available from the Internal Specialist.
Step 3: Identify key related policies, plans, programs, projects, or operations for each program sub-activity. Stick to a high level. Focus only on major items. Describe these very briefly in column 3.
Step 4: Identify and describe potential environmental effects. The next section of the risk profile helps audit teams identify and describe potential environmental effects associated with the entity's policies, programs, projects, or operations. It has several components.
The first three deal with effects on air, water, and land. These could result from releases into the environment (e.g., pollution) or physical changes.
- Air effects include climate change and other air quality issues (e.g., ozone depletion, smog, acid rain).
- Water effects cover freshwater and the marine/coastal environments. They include changes to water quality and quantity, as well as effects on biodiversity, or habitat.
- Land effects include changes to soil, habitats, and biodiversity. They also cover contaminated sites.
The fourth component covers substances or emissions that are known to have harmful effects on the environment and human health.
The fifth component deals with environmental emergencies, such as shipping accidents, or industrial or land-based emergencies.
The last component focuses on resources. It includes consumption as well as activities linked to resource extraction and harvesting. Natural resources can be affected directly, by an entity's own operations (e.g., procurement) and/or indirectly, by the control or influence that it exerts on the activities of others. Not all the issue areas on the profile will necessarily apply, and there may be others not identified here. If necessary, consult the Internal Specialist to tailor the risk profile to the entity being reviewed.
Step 5: Analyze the risk. This section generates an overall risk rating for the potential environmental effect identified.
Please refer to the next section on assessing the significance of environmental risks.
Assessing the significance of environmental risks
Risk is typically defined as the combination of the probability of an event and its consequences. For each potential environmental effect identified, the audit team should assess the likelihood or probability of occurrence and the consequence or severity. The overall risk rating will be the product of these two elements.
Severity
Characteristic |
Description |
---|---|
Magnitude |
Level of effect: number or volume affected |
Location |
Where the effect occurs |
Scale |
Local, regional, national, or global |
Timing |
During construction or operation, or during migration: seasonal factors, immediate or delayed effects |
Duration |
Short-, medium-, or long-term: intermittent or continuous |
Reversible or irreversible |
Extent of recovery and length of time required |
Ecological context |
Percent of population affected, size of population, number of generations to recovery, implications for other environmental components and the food chain |
Socio-economic context |
Socio-economic and health effects derived from environmental effects |
To assess severity of the effect, use the following definitions and enter the rating on the worksheet:
- High—Serious environmental effect and impairment of ecosystem function. Potentially long-term impact on the environment.
- Medium—Moderate effect on biological or physical environment. Impact over the medium term or widespread impact.
- Low—No lasting effect. Low-level impact on biological or physical environment.
Likelihood
To determine the likelihood or probability of the environmental effect, use the following definitions and enter the rating on the worksheet.
- High—Effect is occurring or is imminent.
- Medium—Effect is likely to occur at some time.
- Low—Effect may occur but only under exceptional circumstances.
Rating overall risk and significance
The overall risk rating is the product of the two factors you have just rated—severity and likelihood/probability. Plot the intersection of the ratings as shown in the following table.
Any effect that yields a risk rating in the darkest boxes of the table should be considered significant, and would warrant further consideration and analysis in the one-pass planning process.
Significance Classification Table
Degree of Entity Influence
Identify the extent to which the entity has influence or control over the program outcome or activity, by applying the following guidance.
Level of Control or Influence |
Description |
---|---|
Low |
The entity is involved but has limited responsibility for this activity. |
Medium |
The entity has shared responsibility for this activity. |
High |
The entity has direct responsibility within its mandate for this activity. |
Step 6: Provide comments or additional analysis in the appropriate space. For example, you could note any relationship between the potential environmental effects and commitments in the entity's sustainable development strategy. You are encouraged to use endnotes to include as much information as possible. If possible, give a rationale for the final risk rating.
Next Steps
When significant environmental risks are identified, they need to be considered together with other business risks identified during the one-pass planning process.