Language selection

Government of Canada / Gouvernement du Canada

Search

Audit Report of Emergency Management

Approved by the President, November 6, 2018

Table of contents

1.0 Executive summary

The Canadian Food Inspection Agency (CFIA, the agency) is committed to minimizing and managing public health risks associated with the food supply and the transmission of animal disease to humans, supporting a safe and sustainable plant and animal resource base, and contributing to consumer protection and market access based on the application of science and standards.

CFIA is responsible for the management of mandate-specific emergencies, that is, emergencies related directly to its mandate in Canada (food safety, animal or plant health). The agency may also play a supporting role during non-mandate-specific emergencies (natural disasters or critical infrastructure disruptions, for example) if other government departments, provinces or territories request assistance or if the situation requires a centralized Government of Canada response.

Within each of the agency's 3 business lines (food safety, animal health and plant health), events can escalate to emergencies with direct impacts on human and financial resources. In a pest or disease outbreak, trade impacts can be immediate. A delay in response or the perception of a mismanaged response can have a long-term effect on consumer confidence and international market access.

Planning for and responding appropriately to emergencies are key agency responsibilities. As such, robust emergency management in relation to the agency's mandate is critical to maintain its credibility and to minimize negative impacts on Canadians and the Canadian economy associated with a food, animal or plant related emergency. Since 2014, the CFIA has responded to a number of animal health-related emergencies as a result of Avian Influenza, Bovine Spongiform Encephalitis and Bovine Tuberculosis.

The objective of the audit was to assess whether the management control frameworkFootnote 1 for CFIA mandate-specific emergency management is designed adequately and operating effectively. The audit covered the period April 2016 to October 2017.

The audit noted that the CFIA's responses to mandate-specific emergencies are based on the Incident Command System, an internationally recognized standard system and best practice for emergency management. Nonetheless, improvements are required with respect to emergency management governance, roles, responsibilities, and accountabilities; preparedness through training and exercises; and the capability improvement process.

It should be noted that the agency announced in December 2017 that emergency management responsibilities are being assigned to 1 leader within the Operations Branch to consolidate the agency's emergency management capacity. This initiative is expected to strengthen CFIA's emergency management framework and provide better coordination and direction across the organization.

2.0 Introduction

2.1 Background

The 2007 Emergency Management Act (act) requires each Minister to identify the risks that are within or related to his or her area of responsibility and to prepare, maintain, test and implement emergency management plans in respect of those risks. The act also requires the conduct of exercises and training in relation to plans. The 2009 Federal Policy for Emergency Management elaborated on the emergency management responsibilities of Ministers and Deputy Heads, including requirements for all federal institutions to:

The CFIA has adopted the Public Safety Canada's definition of an emergency: "A present or imminent event that requires prompt coordination of actions concerning persons or property to protect the health, safety or welfare of people, or to limit damage to property or the environment".

CFIA is responsible for the management of 2 types of emergencies: mandate-specific which is food safety, animal or plant health emergencies; and non-mandate-specific which is infrastructure or other public welfare emergencies.

The agency has developed a suite of emergency plans, including a Strategic Emergency Management Plan, CFIA Emergency Response Plan and business line functional plans, to manage emergencies (See Appendix B for hierarchy of CFIA plans). CFIA activates an emergency response plan when the required response is expected to exceed normal operational capacities or is particularly complex and requires enhanced coordination and communication.

CFIA maintains primary responsibility for emergency management responses related to its mandate. Under certain circumstances, another department or agency may lead the co-ordination of the federal response to a CFIA mandate-specific emergency. For example, in a food emergency where human illnesses are identified, the Public Health Agency of Canada would lead the co-ordination of the federal response, and CFIA would lead the food investigation and recall activities.

Most plant pests or diseases are dealt with through CFIA's prevention and mitigation activities (inspection/surveillance), such as initial management of the issue (remove) or long-term management (regulate areas and/or movement) when eradication is not possible or takes several years. On the other hand, animal disease responses often result in prompt activation of emergency response teams at the field and national levels.

Since 2014, the CFIA has responded to a number of animal health-related emergencies: Avian Influenza in British Columbia and Ontario, Bovine Spongiform Encephalitis in Alberta and the Bovine Tuberculosis investigation in Alberta and Saskatchewan.

Recognizing its importance and potential impact, emergency management was identified as a corporate risk in 2012 and 2014 based on the threat that the CFIA may not be adequately prepared for multiple simultaneous or large-scale emergencies. Accordingly, an internal audit in this area is important to provide management with an independent assessment of the agency's emergency management structure for animal and plant health, and food safety.

2.2 Objective

The objective of the audit was to assess whether the management control framework for CFIA mandate-specific emergency management is designed adequately and operating effectively.

2.3 Scope

The audit focused on governance, controls and processes related to mandate-specific emergency management for the period from April 1, 2016 to October 31, 2017, and covered 3 emergency management functions: preparedness, response and recovery. The fourth function of prevention/mitigation is considered the core of the agency's day-to-day work and therefore was deemed to be out of scope.

The audit assessed governance mechanisms and structural frameworks related to mandate-specific emergency management across all 3 business lines (food safety, animal health and plant health). Branches included in the scope of the audit included Policy and Programs, Operations, Science and Corporate Management.

Due to the frequency of emergency responses at the field and national levels for animal diseases, the audit focused only on the Animal Health Business Line when examining operational effectiveness (sustainability, capacity, coordinated emergency response, quality improvement). More specifically, the audit examined the implementation and application of the agency's emergency response system for the 2 most recent animal health emergencies: Avian Influenza in St. Catharines, Ontario (2016/17) and Bovine Tuberculosis in Alberta (up to June 30, 2017).

The scope of the audit excluded emergency management relating to non-mandate-specific emergencies and special events planning.

2.4 Approach

The audit was conducted in accordance with the requirements of the Treasury Board Policy on Internal Audit and the Directive on Internal Audit, which provide mandatory procedures for Internal auditing in the Government of Canada.

The audit was planned and performed to obtain reasonable assurance that the audit objective was achieved. A risk assessment was conducted during the planning phase of the audit to establish the audit criteria (see Appendix D), which were accepted by management. The audit findings are based on a comparison of the conditions in place at the time of the audit with the audit criteria.

Audit procedures included:

2.5 Statement of conformance

The audit conforms to the Institute of Internal Auditors' International Professional Practices Framework, as supported by the results of the CFIA's internal audit quality assurance and improvement program. Sufficient and appropriate auditing procedures were performed and evidence gathered in accordance with the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing to provide a reasonable level of assurance over the findings and conclusions in this report. The findings and conclusions expressed in this report are based on conditions, as they existed at the time of the audit, and apply only to the entity examined.

3.0 Findings and recommendations

3.1 Emergency Management Framework

The Federal Policy for Emergency Management requires departments to establish internal structures to provide governance for departmental emergency management activities. It also requires all federal institutions to develop, test and maintain mandate-specific emergency plans covering mitigation/prevention, preparedness, response and recovery. Federal institutions are expected to base their plans on mandate-specific, all-hazards risk assessments.

The audit expected to find that the agency has governance oversight in place for emergency management related activities, and that accountability, roles and responsibilities related to emergency management activities (for example planning, training, exercising, continuous improvement program) are clearly defined, communicated and implemented.

Moreover, the audit expected to find that the emergency response costs are identified, tracked and reported to identify trends and to inform decision making.

Governance and oversight

Emergency management lacks governance and oversight to provide overall strategic direction.

The agency's Strategic Emergency Management Plan outlines CFIA's objectives, approach and governance over emergency management. Although the Strategic Emergency Management Plan describes a multi-layered governance structure for emergency management, the audit found that this structure is not in place.

In the absence of an overarching framework for emergency management, the audit found that CFIA existing senior level governance bodies are not being leveraged as a platform to discuss mandate-specific emergency management, even when specifically identified as part of the emergency management governance structure in both the Strategic Emergency Management Plan and the CFIA Emergency Response Plan. Further, the audit found limited evidence of information sharing, direction and oversight from senior management on the department-wide emergency management program. Although emergency response spending and other response performance information are reported within the Incident Command System and to the President, specific updates on activities and performance in the preparedness and recovery elements of emergency management are not being regularly reported to Senior Management Committee or any other senior level governance committees.

A sound governance and oversight structure would promote an integrated and coordinated approach to emergency management activities. This, in turn, would provide the agency on an ongoing basis and during emergency responses, with opportunities to discuss strategic direction on key emergency management activities and to address specific issues and challenges.

Emergency response plans

A suite of CFIA emergency management plans is in place but the plans are not aligned.

The CFIA has in place a suite of emergency management plans (see Appendix B for details), dating from 2007 to 2013 that are currently being updated. In keeping with Public Safety Canada's guidance, the development and employment of a strategic emergency management plan is an important complement to other types of emergency plans, because it promotes an integrated and coordinated approach to emergency management planning. At the agency, the Strategic Emergency Management Plan is expected to be central to the organization's emergency management activities.

The audit identified areas related to emergency management plans that need improvement. The required risk-based assessment process to guide and establish priorities for its mandate-specific emergency management activities or to serve as the basis for its suite of plans and exercise programs is not in place.

The audit also found that the agency's emergency plans are not aligned to one another. While the responsibility for the development of the agency's overarching Strategic Emergency Management Plan and the CFIA Emergency Response Plan was assigned to an office in the Policy and Programs Branch, CFIA's food, animal and plant emergency plans are developed by the agency's operations business lines and oversight of this activity is assigned to an office in Operations Branch.

Emergency management planning promotes a common understanding of the risks, threats and vulnerabilities that may impact an organization and its related sectors, and integrates strategies for addressing possible situations. In addition, it provides a systematic way to think through the life cycle of a potential event, determine required capabilities and resources, and help stakeholders learn and practice their roles.

Accountabilities, roles and responsibilities

Accountabilities, roles and responsibilities are defined but incomplete.

Public Safety Canada's Emergency Management Planning Guide 2010 to 2011 states that functional roles and responsibilities of internal and external stakeholders supporting emergency management should be defined in the Strategic Emergency Management Plan to ensure lines of accountability and decision-making processes are aligned and well understood by all concerned.

Roles and responsibilities for key stakeholders (for example, emergency management governance bodies, CFIA branches, emergency response team members) are defined in the suite of plans and the Incident Command System Manual. However, some roles and responsibilities are missing, out-of-date, or incomplete, while others do not accurately describe what should be performed. For example, the plans do not identify a single point of accountability and responsibility below the President for mandate-specific emergency management.

The audit also noted that the level of detail describing emergency response team members' roles and responsibilities varies between the Incident Command System Manual and the business line functional plans as well as among business line functional plans. Our examination of documented lessons learned following emergencies also identified an opportunity to clarify roles and responsibilities, especially between national and area emergency response teams. This issue is further examined in section 3.3 (Emergency response).

Core responsibilities for mandate-specific emergency management are assigned across 3 branches (Operations, Policy and Programs, and Corporate Management) with no single accountable Branch Head for emergency management. This fragmented approach has been an obstacle to developing a clear and consistent agency-wide emergency management program covering such things as accountabilities, roles and responsibilities, emergency plans, training and continuous improvement.

Without a clear and consistent agency-wide emergency management program, including clearly established accountabilities, roles and responsibilities, there is a risk that emergency management activities related to preparedness and response will not be carried out as intended.

It is noteworthy that the agency announced in December 2017 that emergency management responsibilities are being assigned to 1 leader within the Operations Branch to consolidate the agency's emergency management capacity, thereby providing better support across the organization.

Financial management and reporting

Emergency response costs are tracked and recorded as per guidelines and procedures.

The agency has a process in place, with guidelines, to track and record emergency response costs. The audit expected to find clearly documented and communicated criteria as to when the tracking of emergency costs starts and ends.

A review of the guidelines and procedural documents related to internal financial management of CFIA emergencies noted some ambiguity related to the specific start or end point of an emergency response for the purpose of tracking costs at both the national and area levels due to the fact that emergencies typically start locally then can evolve to national level emergencies. Although costs are tracked throughout with consistent coding, lack of clarity as to what activity or trigger determines the start and end date of emergency response activities may result in response costs under or over tracked and recorded.

The audit assessed the identification of costs and tracking processes for 2 emergencies resulting from Avian Influenza and Bovine Tuberculosis. For both emergencies, the agency's standardized templates were used and emergency response activities were identified and tracked as per the agency's guidelines and procedures. Our testing also found that the agency reports, as required, to the Treasury Board Secretariat the utilization of emergency funds to cover incremental costs.

Financial information on emergency response (incremental and non-incremental) is reported regularly within the Incident Command System and to the President during an emergency. In addition, CFIA's Senior Management Committee received regular updates on the agency's financial position which included financial pressures from emergencies.

Recommendation 1:

The Vice President of Operations should strengthen the Emergency Management Framework to ensure:

3.2 Emergency preparedness

Key elements of effective emergency preparedness, a responder inventory, ongoing training programs, regular exercises, and a national inventory of equipment, are not in place.

As per the Federal Policy for Emergency Management, the preparedness phase of emergency management includes making decisions and taking measures before an emergency, in order to be ready to respond and recover effectively. The audit expected to find that the agency has:

People

The availability of skilled responders is critical to effective emergency management. Responders include the members of an emergency response team in the emergency operations centres at national headquarters, in the areas as well as in the field.

The audit found that core competencies required by responders have not been defined. In addition, there is a significant gap in the agency's ability to identify responders in a consistent and efficient manner. While an Emergency Responder Inventory was developed in 2014, and last updated in December 2016, interviews and testing confirmed that the inventory does not identify:

As later described in section 3.3 of this report, the agency faced challenges in identifying employees to respond to the 2 emergencies examined as part of the audit.

Emergency management is ultimately dependent on a sufficiently resourced and properly trained complement of human resources. Lack of sufficient response capacity, including both qualified and trained resources, could reduce the agency's ability to effectively respond to mandate-specific emergencies.

Recommendation 2:

The Vice President of Operations should ensure that an inventory of trained and qualified responders is in place and, regularly maintained, to ensure employees can be deployed to assist in an emergency response when needed.

Training

Training is critical to ensuring that sufficient numbers of personnel are skilled, knowledgeable and prepared to respond.

At the time of the audit, the agency had no formal national emergency management training program. Some areas and regions have identified emergency training as a need and, as a result, Area Emergency Coordinators have established and implemented area-based training plans to varying degrees across Canada.

The audit tested a sample of individuals who participated in the agency's response to the 2 mandate-specific emergencies under review. Testing confirmed that area emergency responders have completed more emergency management training courses (as identified in the sample training curriculum set out in the Strategic Emergency Management Plan) than national emergency responders.

Without properly trained staff, there is a risk that responders will not have minimum baseline knowledge or will lack understanding of protocols to work effectively in an emergency situation.

Recommendation 3:

The Vice President of Operations should ensure the development and implementation of a comprehensive emergency management training curriculum that addresses the competencies required for emergency responders.

Exercises

Exercises, based on simulated emergencies, are another required element of preparedness, per the Emergency Management Act. Department and agencies are to conduct exercises in relation to their emergency management plans.

The audit found that the agency does not have an overall emergency management exercise program and that several exercise-related requirements set out in the Strategic Emergency Management Plan are not met. The agency has not conducted an emergency management risk assessment and gap analysis to drive an exercise needs assessment. It also does not have a multi-year and national exercise plan, and the CFIA Emergency Response Plan and business line functional plans have not been validated and tested in their entirety through exercises.

Although annual emergency response exercise plans were in place at the area level for 2016/17 and 2017/18, the number of exercises varied significantly from area to area, for example, one area planned only 1 exercise while another planned over 20. Moreover, the audit found that planning for exercises was informal.

The audit also noted that exercise reporting (After Action Reports) is not occurring in a consistent manner and is not completed as outlined in the Strategic Emergency Management Plan and in accordance with the Office of Emergency Management's Guidelines to Develop and Conduct Emergency Preparedness Exercises.

Without a coordinated approach to exercises, there is a risk that potential responders may not be exposed to certain emergency situations, and that various scenarios may not be tested to identify opportunities for improvements in emergency management plans and procedures.

Recommendation 4:

The Vice President of Operations should ensure that a multi-year exercise program, for both national and areas, is documented and implemented, including the validation and testing of CFIA emergency response plans in their entirety through exercises.

Equipment

During a mandate-specific emergency response, various types of equipment are required. For example, in an animal health emergency, responders may need portable generators, gassing equipment and monitors, and manifolds.

Although assets are tracked for accounting purposes, the audit found that the agency has no national strategy in place to identify and track equipment for an emergency response, and subsequently, there is no national inventory of emergency response equipment. For the 2 emergencies reviewed in this audit, the audit found that a list of larger equipment used was compiled and stored for each specific emergency but not in a centralized repository.

In the absence of a national inventory of equipment related to emergency responses, timely access and utilization of equipment for emergency management purposes could be delayed. Having a national inventory of equipment may also contribute to the agency's readiness to respond to emergencies efficiently and economically.

Recommendation 5:

The Vice President of Operations should ensure that a national inventory of equipment required for emergency management activities is available and up-to-date.

3.3 Emergency response

An emergency response structure is documented and implemented, but is not sufficiently tailored to CFIA's environment.

The agency employs a 4-level (national, area, regional, field) emergency response structure with the extent of activation dependent on the type, location and severity of the incident. Each level has an emergency response team and 1 or more physical emergency operations centres. See Appendix C for a diagram of CFIA's response structure.

The emergency response teams are organized and function based on Incident Command System principles (see Appendix D for details), in line with the Federal Emergency Response Plan and Public Safety Canada guidance that all federal departments and agencies should integrate the Incident Command System into their response frameworks.

The audit expected to find that CFIA employs an emergency response that is tailored to its 4-level emergency response structure and that the activation/deactivation criteria for different response levels are clearly documented and communicated.

Activation

While a declaration is not necessary to activate emergency operations centres and mobilize emergency response teams, the agency's President may declare an emergency to manage CFIA resources within approved levels and establish an emergency funding mechanism. At least 1 emergency operations centre must be activated once an official declaration has been made.

Depending on the severity and scope of the incident, the national, area, regional and field emergency operations centres may or may not be activated and may be partially or fully activated, as deemed necessary by the appropriate emergency response team Incident Commander.

As an annex to the Strategic Emergency Management Plan, a procedural document entitled CFIA Procedure for the Activation/Deactivation of Emergency Response Plans at the National Level, May 2013, outlines the process for determining when to activate an emergency response plan at the national level. There is no one document (plan or otherwise) providing procedures or guidance on when to activate an emergency response plan, including mobilization of emergency response teams and activation of operations centres, at the area level or at the national and area levels simultaneously.

The audit also found that the sequence for the emergency declaration, mobilization of emergency response teams, standing up emergency operations centres, and activating response plans (at all levels or for multiple levels simultaneously) needs to be better clarified and understood, as the interdependencies among these actions are not documented.

Without clear communications on the declaration of emergency and/or the activation of emergency response plans, the agency's readiness to respond to an emergency could be hindered.

Incident Command System

The audit found that the Incident Command System guiding principles adopted by the CFIA are aligned to and consistent with those endorsed by Public Safety Canada, the United States Federal Emergency Management Agency and Incident Command System Canada, an organization that promotes the use of the system in Canada through the standards, training and other services.

The audit reviewed Introduction to the Incident Command System in the CFIA, a presentation that outlines CFIA's emergency response framework. This document serves as CFIA's Incident Command System "manual". The audit found opportunities for improvement, including making the "manual" a formal document and tailoring it to CFIA's operating environment and emergency response structure, for example, by specifying an overall command level (that is, a national or area emergency operations centre) required when an emergency is declared.

The audit examined the application of Incident Command System principles, as set out in the agency's manual, to the 2 in-scope emergencies, Avian Influenza in Ontario and Bovine Tuberculosis in Alberta. Overall, the audit found that the principles were applied and that the following good practices were followed:

Accountability/ span of control/ incident action plans: A check-in schedule which included briefings with field responders, chief calls, commander calls, and calls with industry/partners occurred daily for both emergencies. Reporting relationships were clearly defined based on job action sheets and the Incident Command System organizational chart, and a manageable span of control was maintained.

Dispatch / Deployment: Testing on a sample of responders, for both emergencies, validated that responders were formally requested and dispatched by an appropriate authority.

The review of the 2 emergencies, including examination of documented lessons learned, identified the following opportunities for improvement:

Single/unified command: While a single command was established within national, regional and area emergency operations centres, there was, at times, confusion as to which level of emergency operations centre had the overall command for the emergency.

Planning/organizational structure: Protocols, including manuals of procedures, standard operating procedures, job action sheets, and guidelines have been documented in multiple formats and documents, and stored in multiple locations. There is an opportunity to streamline and centralize existing documentation to ensure that all responders are aware of and have ready access to all relevant information.

Communication/information management: National communication plans were in place for both emergencies and were implemented in accordance with the documented schedule of communications. However, there is an opportunity for the agency to leverage existing structures and internal stakeholders to better support the agency in the event of an emergency. This would include interface between the Incident Command System and, for example, the Senior Management Committee and lead agency officials such as the Chief Veterinarian Officer.

Resources: There is currently no back-up (resourcing) plan in place for all key Incident Command System positions. Back up for key positions is "known" informally; however, without formal documentation, resourcing could pose a challenge in the event of a prolonged emergency. The audit also noted that, for both emergencies, obtaining resources was sometimes a challenge due to a variety of factors, including reluctance of managers to release staff from their daily responsibilities and a lack of an up-to-date inventory of responders as described in section 3.2.

Recommendation 6:

The Vice President of Operations should provide clear guidance on the activation/deactivation and clarify, for all levels and for multiple levels activated simultaneously, the interdependencies and sequences for declaring an emergency, mobilizing emergency response teams, standing up emergency operations centres, and activating response plans.

Recommendation 7:

The Vice President of Operations should formalize Incident Command System documentation, and ensure it is tailored to the agency's environment.

3.4 Emergency management continuous improvement

A capability improvement process is in place; however, more rigour is needed to ensure that recommendations are addressed and improvements are made.

The CFIA has adopted Public Safety Canada's recommended best practice known as the capability improvement process. The process provides a standardized approach for collecting and tracking observations and recommendations, including best practices, after each significant exercise or incident. The Federal Policy for Emergency Management expects federal institutions to apply and implement changes based on lessons learned and best practices derived from the conduct of training and exercises as well as from response and recovery experiences.

As part of the recovery element of mandate-specific emergency management, the audit expected to find a process for collecting and tracking observations and recommendations from exercises and emergency response activities and for monitoring the implementation of action plans for continuous improvement.

At the CFIA, the capability improvement process encompasses:

The audit found that templates are in place to guide individuals in completing required reports (after action reports and after incident reports). Testing noted, however, that the reports are not completed in a consistent manner and in accordance with established guidelines.

The Office of Emergency Management maintains a capability improvement process management response and action plan spreadsheet to track the status of recommendations from emergencies; however, the audit found the action plans incomplete, inaccurate and out-of-date.

The audit found no evidence of rigorous monitoring or formal reporting of action plans and results. There is a risk that CFIA will not take appropriate action on matters identified by responders as requiring correction or improvement.

Recommendation 8:

The Vice President of Operations should ensure there is oversight of the capability improvement process and management response action plan process to ensure best practices and opportunities for improvement are adequately documented, associated recommendations are tracked for improvement, and the progress of corrective actions is monitored.

Appendix A: CFIA mandate-specific emergency management functions

The agency's mandate-specific emergency management responsibilities encompass all 4 interdependent functions set out in the Emergency Management Act:

Prevention/mitigation: Actions taken to identify and reduce the impact and risks before the occurrence of an emergency. For example, surveillance for the early identification of risks or the use of regulations to ensure the safety of food products.

Preparedness: Actions taken prior to an emergency to be ready to respond to it and manage its consequences. Emergency planning, training and exercises are considered preparedness activities.

Response: Actions taken during or immediately after an emergency to manage the consequences. For example, activation of operation centres and mobilization of emergency response teams.

Recovery: Actions taken after an emergency to re-establish or restore conditions and services to an acceptable level. Recovery may range from hours to years depending on the type, magnitude and vulnerability of the hazard. It also includes a review of the overall response effort to identify best practices and areas for improvement (for example, by conducting debriefing ("hot wash") and lessons learned sessions with staff who participated in the emergency response). Other recovery activities, such as compensation to affected stakeholders and surveillance, may continue after the initial response.

Appendix B: Hierarchy of CFIA emergency plans

Pyramid describing the Hierarchy of CFIA emergency plans. Description follows.
Pyramid describing the Hierarchy of CFIA emergency plans. Description follows.
  • The 2013 CFIA Strategic Emergency Management Plan sets out an overarching framework for emergency management
  • The 2009 CFIA Emergency Response Plansets out the operational framework, emergency response process and structure of emergency response teams
  • CFIA functional plans are organized around the agency's primary business lines (Food Safety, Animal Health and Plant Health) and outline functions to be performed at the national, area, regional and field levels
  • CFIA hazard-specific plans provide additional detailed information applicable to the performance of functions in face of a specific hazard, such as Foot and Mouth Disease
  • CFIA standard operating procedures are a set of instructions constituting a directive, covering those features of operations which lend themselves to a definite, step-by-step process of accomplishment
  • CFIA business continuity management plans help enable critical services to be continually delivered to Canadians in the event of an incident/emergency

Appendix C: CFIA emergency response structureFootnote 2

CFIA emergency response structure. Description follows.
CFIA emergency response structure. Description follows.

The CFIA emergency response structure diagram illustrates the level and possible location of emergency response centres and their role in responding to the emergency. These locations and roles are illustrated by a 4 tier pyramid. Actual response levels activated in a given situation will depend on the type, location, and severity of an incident.

From top to bottom:

Level 1

  • National Policy and Strategy
  • National Emergency Operations Center (NEOC)
    • The national emergency operations centre sets the national policy and strategy for the response
  • NEOC Ottawa
    • The national emergency operations centre is located in Ottawa

Level 2

  • Area Strategic Co-ordination Level
  • Area Emergency Operations Center (AEOC)
    • The AEOC is responsible of the strategic co-ordination at an area level
  • AEOC
    • For example, Calgary

Level 3

  • Regional Co-ordination Level
  • Regional Emergency Operations Center (REOC)
    • The REOC is responsible of co-ordination at a regional level
  • Regional EOCs
    • For example, Winnipeg, Regina, Calgary or Edmonton

Level 4

  • Field Delivery Level
  • Field Emergency Operations Center (FEOC)
    • The FOEC are responsible for the response delivery at a field level
  • Various Field EOCs

Appendix D: Incident Command System principlesFootnote 3

The Incident Command System is based on a series of proven management features tested and proven effective in industry, various levels of government and response agencies. Each of the following Incident Command System features contributes to the strength and efficiency of the overall system.

  1. Common terminology

    Incident Command System establishes common terminology that allows diverse incident management and support organizations to work together across a wide variety of incident management functions and hazard scenarios. This common terminology covers the following:

    • 1.1 Organizational functions: Major functions and functional units with incident management responsibilities are named and defined. Terminology for the organizational elements is standard and consistent.
    • 1.2 Resource descriptions: Major resources, including personnel, facilities, and major equipment and supply items that support incident management activities are given common names and are "typed" with respect to their capabilities, to help avoid confusion and to enhance interoperability.
    • 1.3 Incident facilities: Common terminology is used to designate the facilities in the vicinity of the incident area that will be used during the course of the incident.
  2. Modular organization

    The Incident Command System organizational structure develops in a modular fashion based on the size and complexity of the incident, as well as the specifics of the hazard environment created by the incident. When needed, separate functional elements can be established, each of which may be further subdivided to enhance internal organizational management and external coordination. Responsibility for the establishment and expansion of the Incident Command modular organization ultimately rests with Incident Command, which bases the organization on the requirements of the situation. As incident complexity increases, the organization expands from the top down as functional responsibilities are delegated. Concurrently with structural expansion, the number of management and supervisory positions expands to address the requirements of the incident adequately.

  3. Management by objectives

    Management by objectives is communicated throughout the entire Incident Command System organization and includes:

    • establishing incident objectives
    • developing strategies based on incident objectives
    • developing and issuing assignments, plans, procedures, and protocols
    • establishing specific, measurable tactics or tasks for various incident management functional activities, and directing efforts to accomplish them, in support of defined strategies
    • documenting results to measure performance and facilitate corrective actions
  4. Incident action planning

    Centralized, coordinated incident action planning should guide all response activities.

    An incident action plan provides a concise, coherent means of capturing and communicating the overall incident priorities, objectives, strategies, and tactics in the context of both operational and support activities.

    Every incident must have an action plan. However, not all incidents require written plans. The need for written plans and attachments is based on the requirements of the incident and the decision of the Incident Commander or Unified Command.

    Most initial response operations are not captured with a formal incident action plan. However, if an incident is likely to extend beyond 1 operational period, become more complex, or involve multiple jurisdictions and/or agencies, preparing a written incident action plan will become increasingly important to maintain effective, efficient, and safe operations.

  5. Manageable span of control

    Span of control is key to effective and efficient incident management. Supervisors must be able to adequately supervise and control their subordinates, as well as communicate with and manage all resources under their supervision. The type of incident, nature of the task, hazards and safety factors, and distances between personnel and resources all influence span-of-control considerations.

  6. Incident facilities and locations

    Various types of operational support facilities are established in the vicinity of an incident, depending on its size and complexity, to accomplish a variety of purposes. The Incident Commander will direct the identification and location of facilities based on the requirements of the situation. Typically, designated facilities include incident command posts, bases, camps, staging areas, mass casualty triage areas, point-of-distribution sites, and others as required.

  7. Comprehensive resource management

    Maintaining an accurate and up-to-date picture of resource utilization is a critical component of incident management and emergency response. Resources to be identified in this way include personnel, teams, equipment, supplies, and facilities available or potentially available for assignment or allocation.

  8. Integrated communications

    Incident communications are facilitated through the development and use of a common communications plan and interoperable communications processes and architectures.

    The Incident Command System 205 form is available to assist in developing a common communications plan.

    This integrated approach links the operational and support units of the various agencies involved and is necessary to maintain communications connectivity and discipline and to enable common situational awareness and interaction. Preparedness planning should address the equipment, systems, and protocols necessary to achieve integrated voice and data communications.

  9. Establishment and transfer of command

    The command function must be clearly established from the beginning of incident operations. The agency with primary jurisdictional authority over the incident designates the individual at the scene responsible for establishing command. When command is transferred, the process must include a briefing that captures all essential information for continuing safe and effective operations.

  10. Chain of command and unity of command

    Chain of command refers to the orderly line of authority within the ranks of the incident management organization. Unity of command means that all individuals have a designated supervisor to whom they report at the scene of the incident. These principles clarify reporting relationships and eliminate the confusion caused by multiple, conflicting directives. Incident managers at all levels must be able to direct the actions of all personnel under their supervision.

  11. Unified command

    In incidents involving multiple jurisdictions, a single jurisdiction with multiagency involvement, or multiple jurisdictions with multiagency involvement, Unified Command allows agencies with different legal, geographic, and functional authorities and responsibilities to work together effectively without affecting individual agency authority, responsibility, or accountability.

  12. Personal accountability

    Effective accountability of resources at all jurisdictional levels and within individual functional areas during incident operations is essential. To that end, check-in/check-out, incident action planning, unity of command, personal responsibility, span of control, and resource tracking are the principles of personnel accountability, which must be adhered to.

  13. Dispatch/deployment

    Resources should respond only when requested or when dispatched by an appropriate authority through established resource management systems. Resources not requested must refrain from spontaneous deployment to avoid overburdening the recipient and compounding accountability challenges.

  14. Information and intelligence management

    The incident management organization must establish a process for gathering, analyzing, assessing, sharing, and managing incident-related information and intelligence.

Appendix E: Audit criteria

The 5 lines of enquiry with corresponding audit criteria are as follows:

  1. A clear and effective agency-wide emergency management structure is in place. (FPEM 7.8)

    1.1 The emergency management governance structure ensures direction and oversight from senior management.

    1.2 Roles, responsibilities and accountabilities are clearly defined and communicated.

    1.3 Emergency management policies, procedures and guidelines included in the hierarchy of CFIA Emergency Plans exist, as per Appendix A, and are approved and aligned to agency-wide emergency management structure and governance framework.

  2. Mechanisms exist to enable sustainability and capacity to support emergency management. (FPEM 7.12)

    2.1 A comprehensive training strategy is in place and implemented.

    2.2 A multi-year exercise strategy is in place and implemented.

    2.3 CFIA employs a continuous cycle for equipping response teams to respond to an emergency.

  3. An emergency response system is implemented to enable a coordinated response. (ICS Canada Principles; FPEM 7.13)

    3.1 An emergency management response structure is developed and documented to enable a coordinated response to recent (2016/17) emergencies.

    3.2 Incident Command System principles have been applied to enable a coordinated response to recent (2016/17) emergencies.

  4. Emergency management undergoes continuous quality improvement. (FPEM 7.14)

    4.1 Debriefing and lessons learned sessions are conducted post-events and exercises and reports are completed on a timely manner.

    4.2 Management action plans resulting from exercises and emergencies are developed, tracked, monitored and actioned.

  5. Costs (excluding compensation) related to emergency response activities are identified, tracked and reported. (MAF)

    5.1 Costs (excluding compensation) related to emergency response activities are identified, tracked and reported.

Appendix F: Management response and action plan

Overall management response:

We agree with the overall findings of the audit. We will work to strengthen oversight for the management of mandated emergencies and ensure that necessary structures, plans and processes are established and continually improved upon.

Recommendation 1

The Vice President of Operations should strengthen the Emergency Management Framework to ensure:

Management response and action plan Implementation or completion date Responsible lead

We agree with the overall findings of the audit.

Emergency Management Advisory Committee established to provide oversight and support to the design and development of program elements.

  • Inaugural meeting to take place September 2018

Review and update the draft Strategic Emergency Management Plan, the agency's framework for emergency management. Clarify fit in agency governance structure and accountability and roles and responsibilities for the management of mandated emergencies at the CFIA.

  • To be presented to the Emergency Management Advisory Committee: September 2018

Review and update functional emergency management plans (plant, animal and food) to ensure alignment with the revised emergency management framework.

  • Animal Health Functional Plan updated and will be tabled at the Emergency Management Advisory Committee for direction on path through governance

Committee established: June 2018

Draft plan: November 2018
Approved by governance: March 2019

Draft plans: September 2019
Approved by governance: March 2020

Executive Director, Business and Resource Management Office, Operations Branch

Recommendation 2

The Vice President of Operations should ensure that an inventory of trained and qualified responders is in place and, regularly maintained, to ensure employees can be deployed to assist in an emergency response when needed.

Management response and action plan Implementation or completion date Responsible lead

We agree with the overall findings of the audit.

A responder inventory will be established and will be updated periodically.

Inventory will be transitioned from Excel to an automated Sharepoint-based business intelligence tool.

Training on the tool will be provided to responders responsible for resource planning.

  • A SharePoint site will be created as a knowledge management tool and repository for planning and response information.

Automated responder inventory: September 2018

Executive Director, Business and Resource Management Office, Operations Branch

Recommendation 3

The Vice President of Operations should ensure the development and implementation of a comprehensive emergency management training curriculum that addresses the competencies required for emergency responders.

Management response and action plan Implementation or completion date Responsible lead

We agree with the overall findings of the audit.

Management will develop a competency compendium for key responders as well as a comprehensive training program.

  • Existing Inspectorate Competency Framework will be used as the foundation to develop core emergency management competencies, in partnership with Learning Division, and to map out learning product development priorities
  • Training curriculum will be ready for training product development

Competencies: January 2019

Training path: March 2019

Executive Director, Business and Resource Management Office, Operations Branch

Recommendation 4

The Vice President of Operations should ensure that a multi-year exercise program, for both national and areas, is documented and implemented, including the validation and testing of CFIA emergency response plans in their entirety through exercises.

Management response and action plan Implementation or completion date Responsible lead

We agree with the overall findings of the audit.

Management will develop a multi-year plan, for approval in governance, to ensure a coordinated approach to exercising emergency management plans. The plan will include a requirement for periodic monitoring and reporting against implementation.

  • Analysis of past, current and planned exercises has been undertaken as the basis for a gap analysis and prioritization exercise for exercises

Plan for governance approval: March 2019

Executive Director, Business and Resource Management Office, Operations Branch

Recommendation 5

The Vice President of Operations should ensure that a national inventory of equipment required for emergency management activities is available and up-to-date.

Management response and action plan Implementation or completion date Responsible lead

We agree with the overall findings of the audit.

Management will develop for approval a material management strategy, capturing all equipment and supplies supporting emergency management activities nationally.

  • Initial national emergency response equipment inventory has been developed as the basis for material management strategy
  • Procurement options and responsibility for management of individual items will be developed with the areas to ensure the most efficient and effective management option is implemented

Inventory: September 2018

Procurement options: January 2019

Executive Director, Business and Resource Management Office, Operations Branch

Recommendation 6

The Vice President of Operations should formalize Incident Command System documentation, and ensure it is tailored to the agency's environment.

Management response and action plan Implementation or completion date Responsible lead

We agree with the overall findings of the audit.

Management will review, update and formalize the current CFIA Incident Command System documentation to ensure it aligns with the updated emergency management program framework and maintains the flexibility to adapt the system to agency operational realities.

  • Proposal to be developed for a modified approach to incident management and use of the incident command system that better reflects CFIA operating environment. Initial consultation on the proposal will take place with the advisory committee September 2018 and continue through governance accordingly

Approved by governance: January 2019

Executive Director, Business and Resource Management Office, Operations Branch

Recommendation 7

The Vice President of Operations should provide clear guidance on the activation/deactivation and clarify, for all levels and for multiple levels activated simultaneously, the interdependencies and sequences for declaring an emergency, mobilizing emergency response teams, standing up emergency operations centres, and activating response plans.

Management response and action plan Implementation or completion date Responsible lead

We agree with the overall findings of the audit.

Existing activation/deactivation processes will be reviewed within the context of the Incident Command System documentation review.

  • Above mentioned proposal for modifications to the agency approach to incident management and Incident Command System will provide the basis for the review and update of current guidance for activation and deactivation of emergency response teams and operating centres

Approved by governance: January 2019

Executive Director, Business and Resource Management Office, Operations Branch

Recommendation 8

The Vice President of Operations should ensure there is oversight of the capability improvement process and the management response action plan process to ensure best practices and opportunities for improvement are adequately documented, associated recommendations are tracked for improvement, and the progress of corrective actions is monitored.

Management response and action plan Implementation or completion date Responsible lead

We agree with the overall findings of the audit.

Management is committed to continual improvement. The existing capability improvement process will be reviewed, updated and integrated with associated emergency response documentation

Ongoing, management will review all lessons learned generated by the process (through exercises and emergencies) and ensure governance is aware of and supports improvements

Review of continuous improvement program and lessons learned: April 2019

Executive Director, Business and Resource Management Office, Operations Branch

Date modified: