October 20, 2022
An enterprise risk management framework and corresponding risk registry are important foundational elements in managing risk from an organizational governance perspective. The Ontario Public Health Standards (OPHS) specifies that “the board of health shall have a formal risk management framework in place that identifies, assesses, and addresses risks”. The Ministry of Health (MOH) requires yearly reporting on the highest residual risks to the organization and the related operations. Residual risks are defined as the assessed risk level after consideration of associated mitigation strategies.
The Windsor-Essex County Health Unit (WECHU) maintains a corporate risk registry; this risk registry monitors 26 risks across 12 risk categories. Based on the categorization and reporting requirements by the MOH, 7 of these risks were identified as being high residual risks. The high residual risks to be reported to the MOH for 2022 are related to: People/Human Resources, Knowledge/Information, Technology, Security, and Privacy. Each identified high risk includes documentation of current and future mitigation approaches.
Whereas, the Ontario Public Health Standards requires the identification, assessment, and mitigation of enterprise risks; and
Whereas, the Ministry of Health requires yearly reporting on the highest residual risks to the organization; and
Whereas, the Windsor-Essex County Health Unit identifies and establishes risk mitigation approaches;
Now therefore be it resolved that the Windsor-Essex County Board of Health accepts the risk assessment outlined in the WECHU Risk Registry and the proposed mitigation approaches;
FURTHER THAT, risk mitigation approaches will be adopted and monitored by the organization and reported to the Board of Health on a yearly interval