Risk Management

Background:

The continuous improvement – and even maintenance – of a high quality aviation security program requires ongoing management of risk to ensure public funds and program activities continue to be tied to the greatest security benefit.  Risk management integrates risk assessment into an organization’s planning and decision-making processes (e.g. business planning, policy and program development, regulatory and operational decisions).

Risk assessment is one element of risk management.  While the general concepts of risk management are constant, there are fundamental differences between assessing / managing security risks and assessing / managing safety risks.  Safety risks come from unintended failures, errors or misfortunes.  Security risks come from deliberate or malicious attempts to disrupt, disable or destroy.  Security risk assessments generally involve the combination of threat (i.e. likelihood of an event), vulnerability (i.e. likelihood of success), and impact analysis (i.e. the consequences of an event).  

Transport Canada regularly conducts risk assessments across and within the various transportation modes on an ongoing basis.  For example, in 2004 TC began applying a strategic security risk assessment methodology to assess the marine mode and then applied it to the other modes shortly thereafter.   In October 2005, in collaboration with key federal partners, the department also conducted a multi-modal risk assessment of the Canadian transportation system.    

Current Status:

Transport Canada continues to pursue security risk assessments at three different levels:

  • Strategic: assessing risk within or across the modes, primarily for policy development.  In 2010, TC’s Strategic Risk Assessment Methodology was used for a G8 / G20 multi-modal assessment held in Toronto. 
  • Operational: assessing risk within the modes to identify areas / sites of greater concern, for example to better prioritize the allocation of resources (e.g. inspectors). 
  • Tactical: assessing risk at the level of a facility or for critical infrastructure protection. 

In addition, TC is looking at exploring greater commonality in risk assessment terminology and processes; better tracking of risk assessment results, mitigation strategies and implementation plans; and engaging industry.

Date modified: