Risk management is embedded into strategic decision-making and resource allocation within CATSA, thereby allowing the organization to make informed decisions at the corporate and operational levels. Risk management allows an organization to be more innovative and adaptable in its approach to operations and meeting strategic objectives. This is particularly true in a sector that is as fluid as civil aviation.
CATSA’s risk attitude and risk culture allow the organization to accept certain levels of risk, enabling CATSA and its workforce to respond to the changing environment in creative ways.
Mandated Services Risk
Detection capabilities and maintaining care and control of screening checkpoints
Due to the evolving, unpredictable nature of the aviation security threat environment, there is a risk that CATSA may not have the technology, threat and risk information, processes or human factor capability to detect all high risk threat items or new and emerging threats, and prevent screening circumventions at operating screening checkpoints. This may result in substantial consequences to the civil aviation system.
Risk Mitigation and Controls:
CATSA has established programs, processes, procedures and systems, which support its overall detection capabilities. CATSA monitors the effectiveness of all its operational programs on a continuous basis through the use of testing, oversight programs and performance measurement. The organization also ensures that it remains apprised of Transport Canada regulations, and any aviation security equivalency requirements stemming from its national and international counterparts.
Service Delivery through Third Party Risk
Legal and Illegal labour disruption
Given CATSA’s third party service provider model, there is a risk that CATSA may have limited influence to prevent a legal labour disruption event, or to maintain service levels during an illegal labour disruption event initiated by the unionized screening officer workforce. Labour disruptions of this nature may result in longer wait times, increased passenger complaints and harm to CATSA’s reputation with its stakeholders.
Dependence on outsourced screening services, equipment maintenance services or major suppliers
In the event that a contractor may no longer be able or willing to provide the agreed upon contracted services or goods, there is a risk that CATSA’s dependence on outsourced screening services, equipment maintenance services, or major suppliers may result in negative service delivery impacts.
Risk Mitigation and Controls:
CATSA conducts continuous monitoring of labour market conditions in all of its regions in order to identify potential labour disruption events. The organization also has existing policies and procedures related to procurement and contracting that provide it with recourse should a contractor or service provider become unable to provide the agreed-upon services. CATSA also continually monitors for any potential impacts related to vulnerabilities to the organization’s supply chain, as well as industry consolidation of key vendors.
Capacity Risk
CATSA staff capacity
There is a risk that CATSA’s current staff capacity, in certain areas, may be inadequate to sustain workloads and to support a healthy work environment resulting in employee dissatisfaction and a decrease in corporate performance over time. Similarly, CATSA’s screening contractors have experienced recruitment and retention challenges, which is a reflection of the broader commercial aviation industry and a volatile global labour market. These challenges have been further exacerbated as a proportion of laid off screening officers furloughed during earlier stages of the pandemic due to low passenger traffic, opted not to return when provided the opportunity.
Level of government funding
Due to the ongoing impacts of the COVID-19 pandemic and the Government of Canada Budget process, there is a risk that the organization may not receive adequate levels of government funding to maintain operations and to effectively support the recovery and stabilization of the air transportation sector.
Risk Mitigation and Controls:
CATSA monitors employee satisfaction through regular touchpoint surveys and closely monitors vacancy levels, attrition, and turnover rates. As for ensuring adequate levels of government funding, CATSA works closely with the Government of Canada to ensure that it has the necessary resources to perform its mandated responsibilities.
Recognizing the lengthy process to hire and train new screening officers, and the volatile nature of the civil aviation industry recovery, the organization collaborated with screening contractors and Transport Canada to retain a large percentage of its screening officer workforce, and to recall screening officers who had been laid off. Screening officer recruitment has proven to be more challenging in certain regions, which has required screening contractors to take additional measures to ensure effective recruitment. In some instances, CATSA has flown in resources from other airports. CATSA continues to engage with its screening contractors to ensure they are prioritizing recruitment.
Compliance Risk
Compliance with the Financial Administration Act
There is a risk that through the failure of internal controls, CATSA inadvertently makes inappropriate financial commitments for goods and services, resulting in non-compliance with the Financial Administration Act.
Risk Mitigation and Controls:
CATSA has a comprehensive framework in place to ensure that the organization remains compliant with all legislative requirements.
Stakeholder Relations Risk
Reputational risk
There is a risk that CATSA may encounter events that the organization is not able to effectively manage, which may cause damage to its reputation with its stakeholders, resulting in loss of public trust in CATSA and/or confidence in air transportation security.
Risk Mitigation and Controls:
CATSA conducts regular passenger surveys in order to respond to the needs of the travellers across the country, and has ongoing engagement with Transport Canada and stakeholders. These mechanisms help the organization to ensure that it maintains public trust and confidence as it conducts its mandated activities.
Human Resources Risk
Employee recruitment and retention
Due to labour market conditions for talent, or due to CATSA’s overall corporate human resources strategies, there is a risk that CATSA may experience challenges in regards to recruitment and retention, resulting in a potential loss of corporate memory or a decrease in overall corporate performance.
Risk Mitigation and Controls:
CATSA’s human resources policies, frameworks and programs allow the organization to ensure that current and potential employees have all the tools and resources required to promote overall employee satisfaction, such as the Performance Management Program, talent management program, respectful workplace program, and leadership excellence program. CATSA also promotes enrolment in professional development training programs, hosts a social committee, and conducts employee surveys on a regular basis.
IT Risk
Cyber Attacks on IT Infrastructure
Due to the evolving nature of the cyber threat environment, there is a risk that cyber threats and/or attacks may negatively impact CATSA’s information technology infrastructure and/or compromise organizationally sensitive information resulting in a loss of public confidence and potential damage to CATSA’s reputation.
Risk Mitigation and Controls:
CATSA’s IT Security Program implements tools, controls, policies, processes, and security practices to protect its IT infrastructure, systems and digital assets. As part of the program, the organization remains abreast of emerging threats by conducting daily reviews of security system alerts, by monitoring newscasts and bulletins on security breaches and threats, and by collaborating with other federal partners through the Canadian Centre for Cyber Security.