Loss Management

20.1 Objectives

• Identify categories of loss

• Identify responsibilities for the prevention, detection, reporting, investigation and mitigation of losses

• Provide direction on loss management, reporting and links to resources to assist ministries

20.2 General

A loss is any event that temporarily or permanently causes a decline in value or deprives the government of revenues, services, assets (tangible or intangible) or resources including human resources. Loss prevention, detection, reporting, investigation and mitigation are integral to government's enterprise-wide risk management process, financial control framework and to managing an ethical organization.

Loss incidents usually fall into one of the following categories:

1. Information and information technology security incidents including:

• loss of a portable medium with information capacity (e.g., a hard drive, thumb drive, memory card, magnetic or optical disks, etc.) containing sensitive, personal or confidential information; or
• damage to or a compromising of the protection of data, systems, documents, computer-generated information and facilities. These incidents can be accidental or deliberate threats to confidentiality, integrity or availability.

Procedure Requirements - L.2

2. Illegal activities that are actual, suspected or attempted including:

• fraud including embezzlement and misappropriation;
• breach of trust;
• break and enter;
• theft including failure to return government property;
• damage to Crown property;
• forced entry;
• robbery;
• vandalism; etc.

Procedure Requirements - L.3

3. General incidents including:

• accident;
• damage;
• neglect;
• act of God (events outside of human control); etc.

Procedure Requirements - L.4

4. Intentional harm or the threat of harm to employees or others from internal or external sources including:

• physical harm;
• telephone or email threats;
• abusive clients; etc.

Procedure Requirements - L.5

5. Bodily injury to persons outside of government, including:

• accidents on government property, etc.

Procedure Requirements - L.6

6. Due to the nature of certain programs, some ministries experience recurring losses from general incidents and/or illegal activities. These ministries often have internal resources dedicated to managing the losses (e.g., Prevention and Loss Management Services Branch, MEIA). Examples of such loss incidents include:

• suspected false or fraudulent claims for social benefits, loans, grants, or transfers including employment and income assistance, student loans and MSP;
• overpayments or erroneous payments;
• loss of revenue that should have been received or collected;
• theft of Crown property (e.g., unauthorized timber harvest);
• damage to Crown property; etc.

Procedure Requirements - L.7

Roles and Responsibilities

Employees

• Understand and comply with this policy, the Standards of Conduct for Public Service Employees and CPPM 4.3.20, Obligation to Report to the Comptroller General
• Acknowledge and assume accountability for safeguarding government assets entrusted to them

Ministries

• Ensure that this policy, the Standards of Conduct for Public Service Employees, and CPPM 4.3.20, Obligation to Report to the Comptroller General, are clearly communicated to employees and complied with

• Hold employees to account where they have been entrusted with government assets

• Recover losses cost-effectively

• Report professional misconduct to the appropriate professional body

Comptroller General

• Provide ministries direction on loss management including fraud
• Ensure employees can report losses due to illegal activities confidentially
• Direct Internal Audit and Advisory Services to investigate a loss incident where appropriate
• Monitor loss investigations

Government Chief Information Officer

• Propose corporate IM/IT architecture and related policy, procedures and standards to protect and manage information as a government asset
• Ensure that measures are established to assess compliance with IM/IT security policies, procedures and standards
• Recommend and review audits in coordination with other central authorities to ensure compliance with corporate IM/IT policies, procedures and standards
• Access audit report data to identify information management practices, and information system infrastructure and applications

BC Public Service Agency

• Provide ministries guidance and advice on the prevention and reporting of harm or threats of harm to employees
• Provide guidance and advice to ministries investigating incidents which have the potential to result in employee discipline and/or criminal charges

Risk Management Branch

• Provide ministries with guidance and tools for the prevention, detection, reporting and mitigation of losses
• Administer the collection and analysis of loss information (GILRs and Annual Loss Reporting Summaries) and provide follow-up advice to the ministries
• Assess the need for further investigation or action in cooperation with the Comptroller General
• Provide a monthly report and analysis of all loss incidents to the Comptroller General
• Prepare summarized statistics annually of reported government losses, which include information from the GILRs and the Annual Loss Reporting Summary, and submit to the Comptroller General and the Auditor General. Publish on the Risk Management Branch website.

Internal Audit and Advisory Services

• Provide ministries with guidance and tools for the prevention, detection, reporting and mitigation of losses
• Investigate loss incidents as directed by the Comptroller General or as requested by ministries
• Require that persons involved in an investigation have the necessary skills

Corporate Compliance and Controls Monitoring Branch

• Detect control weaknesses and inappropriate payments and recommend corrective action to ministries, central agencies, and the Comptroller General to prevent and mitigate financial loss to government
• Report losses to ministries and the Comptroller General

20.3 Policy

1. In any loss incident, if there is evidence of threatening behaviour or an emergency situation, notify the police immediately.
2. Ministries must establish, communicate and monitor internal processes for loss management including prevention, detection, reporting, investigation, and mitigation. Ministries must also review and amend processes as appropriate to minimize losses particularly following a loss incident.
3. All losses must be reported according to procedures described in CPPM L, Loss Reporting.
4. Ministries must make every effort to cost-effectively recover a loss.
5. In all cases where a ministry has reason to believe that the conduct of an employee or contractor in the workplace is criminal in nature, the ministry should promptly notify the appropriate police authority and cooperate in any resulting investigation or prosecution. It is recommended that ministries contact the Comptroller General and the human resources consultant assigned to their ministry for advice and guidance.
6. When dealing with a loss incident alleging illegal activity by a ministry employee or contractor, the ministry must not make any threat or promise to the employee or contractor or to their representatives as to whether the alleged illegal activity will or will not be referred for criminal investigation or prosecution.

20.4 Information and Resources

Apart from specific requirements in policy and procedures, ministries can consult with:

• the Comptroller General;
• the Government Chief Information Officer;
• the BC Public Service Agency;
• the Risk Management Branch; and/or
• the Internal Audit and Advisory Services.

These offices support the development and implementation of loss prevention, detection, reporting, investigation and mitigation plans for ministries. See also CPPM 15, Security.