Risk management is embedded into strategic decision-making and resource allocation within CATSA, thereby allowing the organization to make informed decisions at the corporate and operational levels.
CATSA’s Risk Profile (as at January 2023)
Mandated Services Risk
Detection capabilities and maintaining care and control of screening checkpoints
Due to the evolving nature of the aviation security threat environment, there is a risk that CATSA may not have the technology, threat and risk information, processes or human factor capability to detect all high risk threat items or new and emerging threats, and prevent screening circumventions at screening checkpoints. This may result in substantial consequences to the civil aviation system.
Risk Mitigation and Controls:
CATSA monitors the effectiveness of operational programs on a continuous basis through the use of testing, oversight programs and performance measurement. The organization also ensures that it remains apprised of Transport Canada regulations, and any aviation security equivalency requirements stemming from national and international counterparts.
Service Delivery Through Third Party Risk
Legal and Illegal labour disruption
Given CATSA’s third party service provider model, there is a risk that CATSA may have limited influence to prevent a legal labour disruption event, or to maintain service levels during an illegal labour disruption event initiated by the unionized screening officer workforce. Labour disruptions may result in longer wait times, increased passenger complaints and harm to CATSA’s reputation.
Dependence on outsourced screening services, equipment maintenance services or major suppliers
Due to a contractor no longer being able or willing to provide the agreed upon contracted services or goods, there is a risk that CATSA's dependence on outsourced screening services, equipment maintenance services, or major suppliers may result in negative service delivery impacts.
Risk Mitigation and Controls:
CATSA conducts continuous monitoring of labour market conditions in all of its regions in order to identify potential labour disruption events. The organization also has contractual terms and conditions that provide it with recourse should a contractor or service provider become unable to provide the agreed-upon services. CATSA also continues to monitor and address any impacts to its supply chain.
The organization also monitors labour trends and supply chain events having potential impacts to its operations in order to prevent potential reputational damage or loss of public confidence.
Capacity Risk
CATSA staff capacity
There is a risk that CATSA's current staff capacity, in certain areas, may be inadequate to sustain workloads and to support a healthy work environment resulting in employee dissatisfaction and a decrease in corporate performance over time.
Risk Mitigation and Controls:
CATSA monitors employee satisfaction through regular touchpoint surveys and closely monitors vacancy levels, attrition, and turnover rates.
Traveller and Stakeholder Relations Risk
Reputational risk
There is a risk that CATSA may encounter events that the organization is not able to effectively manage, which may cause damage to its reputation with travellers and/or its stakeholders, resulting in loss of public trust in CATSA and/or confidence in air transportation security.
Risk Mitigation and Controls:
CATSA’s website provides the public with important information related to its operations, wait-time service levels and performance. The organization also conducts regular passenger surveys and develops external communications strategies to respond to various issues that may impact stakeholders. These mechanisms help the organization to ensure that it maintains public trust and confidence as it conducts its mandated activities.
Human Resources Risk
Employee Recruitment and Retention
Due to labour market conditions for talent or due to CATSA's overall corporate human resources strategies, there is a risk that CATSA may experience challenges in recruiting and/or retaining key and/or specialized talent resulting in a potential loss of corporate memory and/or decrease in overall corporate performance.
Risk Mitigation and Control:
CATSA monitors and reports on attrition rates on a quarterly basis. In addition, the organization has implemented a flexible workplace model in order to meet the changing needs of the post-pandemic workforce. The organization also conducted a total compensation review in 2022/23.
IT Risk
Cyber Attacks on IT Infrastructure
Due to the evolving nature of the cyber threat environment, there is a risk that cyber threats and/or attacks may negatively impact CATSA's IT infrastructure and/or compromise organizationally sensitive or secret information resulting in a loss of public confidence and potential damage to CATSA's reputation.
Risk Mitigation and Controls:
CATSA continues to strengthen its cyber security defences with the ongoing development of the Security Incident and Event Management program along with the implementation of additional cyber controls.