PRINCE ALBERT — IT security has been identified as one of the top risks for the Saskatchewan Rivers School Division.
Director of Education Neil Finch updated the board at their regular meeting on Monday on what the division’s Enterprise Risk Management system identified as the top concern.
Enterprise Risk Management is a system for a large organization to identify, manage and report on significant risks. The system was formally introduced by the division after nearly two years of work in Feb. 2023.
Finch said the possibility of an IT security incident resulting in a loss of access to systems, data loss, data integrity or privacy breaches could often be listed among the top risks to the system.
“IT, with the ever-changing parts, brings risk to every organization, and so we've done some really good things there to try to mitigate that,” Finch said.
There was an actual IT problem in the fall of 2023 involving internal emails in the division. Since then, Finch said, they have enhanced their cyber security and added multi-factor authentication into the system, which Finch said has made a big difference.
The other top four risks identified in the system included declining enrolment, not having sufficient supports to respond to staff or student mental health challenges, and being unable to meet the needs of vulnerable students.
Finch said the risk of declining enrollment always exists, even in a positive year.
"We actually increased our enrollment this past fall, but that's a one-year window,” he explained. “We still have a risk of declining enrollment. That doesn't mean that it's actually necessarily a reality.”
Finch said that the Enterprise Risk Management is a way to keep an eye on gathering storms.
“Risk management, that is something we need to do regularly,” he said.
There were five risks listed as top priority in 2024, but one has moved to moderate risk.
The report is generated through exercises by the Senior Administration. Risks to the school division are identified and ranked by individual members of the Senior Administration team for both the likelihood and the impact of the risk. These are then discussed and processed into a risk matrix.
"We look at the likelihood of a risk taking place and the impact that would have if that risk were to take place,” Finch explained. “That that's our identifier and we what we rely on.”
Finch added that any organization the size of Saskatchewan Rivers would have risks to monitor.
“I think the biggest thing is acknowledging that every organization has a risk,” he said. “Being aware of those risks and trying to mitigate them the best way possible is having those review and touch points and action plans to make sure you do mitigate them.”
An example of a catastrophic risk is something that impacts revenue by more than $1 million. Meanwhile, an insignificant risk, the lowest level, would impact revenue by less than $50,000.
The division has been growing in understanding and experience with risk management for nearly four years. These plans and mitigation reports were shared again at the most recent meeting.
The board is committed to risk monitoring and mitigation for lower-level risks and reporting and mitigation for higher-level risks.
In a release by the division, the board expressed its appreciation to the administration team for their dedication to this important work and emphasized the significance of continuous risk management in maintaining a stable and effective school system.
