May 3, 2016 by Canadian Underwriter
Passenger train operator VIA Rail Canada Inc. has not yet “fully integrated” its safety management system into its corporate risk management system, but the crown corporation has implemented mitigation measures for most of its risks, the Auditor General of Canada reported Tuesday.
“The main risks faced” by VIA Rail “had been identified, assessed, monitored, and reported to management and to the Board of Directors,” according to the 2016 Spring Reports of Auditor General Michael Ferguson, released May 3. “Mitigation measures were implemented for most of the risks.”
But the report adds that VIA Rail’s safety management system “has not yet been fully integrated into the corporate risk management system.”
VIA Rail was the subject of one examination report tabled Tuesday by the Office of the Auditor General. The firm carried about 3.8 million passengers in 2014 and provides about 500 train departures per week from about 450 communities. Revenues were $280 million in 2014 and total spending was $597 million.
VIA Rail, which had 2,608 employees in 2014, was originally formed in 1977 as the passenger service of Canadian National Railway Company, which was a crown corporation until 1995, at which time CN became publicly traded. VIA Rail is now a separate organization from CN.
PPP Canada Inc. – a federal crown corporation that acts as the lead on federal public-private partnership matters – was the subject of the other examination report.
Subjects of this year’s audits included the federal government’s Venture Capital Action Plan, citizenship fraud, administrative tribunal appointments, drug benefits for veterans and the Army Reserve.
With VIA Rail, the Office of the Auditor General looked at the company’s corporate governance, strategic planning, risk management, performance measurement and reporting, operations and capital investment program management.
The report recommends that VIA Rail “finish upgrading its Safety Management System and measure its effectiveness.” VIA Rail should also “finish integrating this system into the corporate risk management system to ensure that safety risks are maintained at an acceptable level.”
VIA Rail management has agreed with that recommendation, according to the report, which notes that VIA Rail has “implemented a detailed action plan for upgrading its Safety Management System and integrating it into the corporate risk management system.”
Another auditor general’s recommendation is that VIA Rail “finish analyzing all of its major information technology systems so that it can identify risks and vulnerabilities and determine actions to be taken to mitigate them.”
VIA Rail has agreed with this recommendation, according to the Auditor General’s spring report.
“At the end of 2015, the Corporation’s management completed an analysis of risks and vulnerabilities, and work is under way to implement mitigation measures by the end of 2016.”
VIA Rail “had not yet completed training all key staff on the new corporate risk management process,” the report added.
The firm is also “not yet able to demonstrate or fully measure the effectiveness” of the safety management system for several reasons, the report stated. For example, VIA Rail has “not yet developed any audit strategies or plans for its Safety Management System based on a risk assessment, or carried out audits as prescribed by one of the existing standards,” the Office of the Auditor General noted. “VIA must rely in large part on the smooth functioning of the safety management systems of other railway companies to offset the lack of information.”