Risk management is embedded into strategic decision-making and resource allocation within CATSA, thereby allowing the organization to make informed decisions at the corporate and operational levels.
CATSA manages its corporate risks through an Enterprise Risk Management (ERM) framework, and maintains a comprehensive overview of its risk profile, including descriptions of key operational and financial risks, risk ratings as measured by likelihood and impact of risk occurrence, and risk mitigation strategies.
CATSA’s overall risk attitude is conservative and flexible.
Conservative: CATSA generally focuses effort more heavily on the active management of medium, medium-high, and high risk, and the acceptance of low risk.
Flexible: CATSA’s environment is highly dynamic, and influenced by two key partners, namely Transport Canada and the Government of Canada more broadly. From a risk management perspective, the unique nature of CATSA’s environment requires flexibility and discretion in the application of risk attitude.
CATSA actively evaluates, manages and mitigates the following corporate risks.
Mandated Services Risk
Detection capabilities and maintaining care and control of screening checkpoints
Due to the evolving, unpredictable nature of the aviation security threat environment, there is a risk that CATSA may not have the technology, threat and risk information, processes or human factor capability to detect all high-risk threat items or new and emerging threats and prevent screening circumventions at operating screening checkpoints. This may result in substantial consequences to the public and the aviation system. CATSA is continuously adapting its risk mitigation strategies and efforts, as a means to address the evolving aviation security risks and their potential impacts to mandated operations.
CATSA uses the latest available screening tools to elevate its threat detection capabilities, including the deployment of CT X-ray technology at pre-board screening checkpoints, as well as the ongoing upgrade of detection algorithms on existing equipment.
Capacity Risk
Adequacy of government funding
There is a risk that CATSA’s funding envelope may be insufficient due to cost increases, new requirements and/or government cost reduction initiatives.
Human resource availability
There is a risk that resources may be insufficient or unavailable to achieve organizational goals while supporting a healthy work environment.
Service Delivery Through Third Parties Risk
Legal and illegal labour disruption
Given CATSA’s third party service provider model, there is a risk that CATSA may have limited influence to prevent a legal labour disruption event, or to maintain service levels during an illegal labour disruption event initiated by the unionized screening officer workforce. Labour disruptions may result in longer wait times, increased complaints and harm to CATSA’s reputation.
Dependence on outsourced screening services, equipment maintenance services or major suppliers
As a result of a contractor no longer being able or willing to provide the agreed upon contracted services or goods, there is a risk that CATSA's dependence on outsourced screening services, equipment maintenance services, or major suppliers may result in negative service delivery impacts.
Partner Relations Risk
Reputational risk
There is a risk that CATSA may encounter events that it is not able to effectively manage, which may cause damage to its reputation with passengers and/or its partners, resulting in loss of public trust in CATSA and/or confidence in air transportation security.
IT Risk
Cyber attacks on IT infrastructure
Due to the evolving nature of the cyber threat environment, there is a risk that cyber threats and/or attacks may negatively impact CATSA's IT infrastructure and/or compromise sensitive or secret information resulting in a loss of public confidence and potential damage to CATSA's reputation.