Audit of the Nuclear Emergency Management Program

Executive summary

Background

The Audit of the Nuclear Emergency Management Program was included in the Canadian Nuclear Safety Commission (CNSC) Risk-Based Audit Plan (RBAP) approved for fiscal years 2016–17 to 2018–19.

Nuclear emergency management is defined as the “organized effort to prevent, prepare for, respond to and recover from a nuclear emergency”Footnote 1 . The scope of emergency management, according to the Emergency Management Act (EMA), includes four interdependent but integrated functions (also referred to as “pillars”):

  • prevention/mitigation
  • preparedness
  • response
  • recovery

Through its nuclear emergency management (NEM) program, the CNSC meets its obligations under the Emergency Management Act and the Nuclear Safety and Control Act to ensure that it:

  • is prepared to discharge its regulatory duties in the event of a nuclear emergency
  • has the capability and capacity to respond as a regulator to a nuclear emergency
  • has the ability to support and oversee the recovery from a nuclear emergency

Unlike the CNSC’s business continuity program, which focuses on corporate disruptions, the NEM program aims to ensure that the CNSC can effectively discharge its regulatory responsibilities before, during and after a nuclear emergency, the scope of which can include:

  • nuclear emergencies at CNSC-licensed facilities and/or involving CNSC-licensed nuclear substances
  • nuclear emergencies involving CNSC-licensed nuclear substances in the public domain
  • nuclear emergencies not involving a CNSC licensee and requiring a whole-of-government response
  • nuclear emergencies outside of Canada affecting or posing a potential risk to the health, safety and security of Canadians and the environment, or to Canadian interests at home or abroad In the wake of the Fukushima accident, increased attention is being placed on matters of emergency management and response. Increasingly, questions of emergency

preparedness and response are coming before the Commission. As well, as part of the Fukushima action plan, the CNSC reviewed its program and put in place measures to enhance resilience in the face of emergencies.

Audit objective, scope and approach

The objective of the audit was to provide reasonable assurance that the CNSC’s governance, risk management and controls in relation to the NEM program are adequate and effective.

The audit examined compliance with internal governance, roles, responsibilities and accountabilities, and risk management, as well as the existing management control framework, communication, training, policies, procedures, and processes, monitoring and reporting.

The scope did not include the activities and processes that contribute to the prevention and mitigation pillar of emergency management (EM), including the work of the Regulatory Operations Branch (ROB) and the Technical Support Branch (TSB), or the support provided to them by the Emergency Management Programs Division (EMPD) in relation to the review and inspection of licensees’ EM arrangements.

Audit fieldwork was completed between May 2016 and January 2017, and included interviews and reviews of documentation including policies and procedures in place. All comments and findings relate to this period of the audit.

The audit focused on the following lines of enquiry that collectively define the system of governance, risk management and control.

Line of enquiry Governance Risk management Controls
  1. Establishment, understanding and application of roles, responsibilities and accountabilities

X

   
  1. Effectiveness of internal governance structures for program management

X

   
  1. Effectiveness of internal governance structures for emergency situations

X

   
  1. Adequacy of training
   

X

  1. Sufficiency and appropriateness of information and communication channels         

X

 

X

  1. Sufficiency, currency, and clarity of policies and procedures
   

X

  1. Capacity management
   

X

  1. Risk management       
 

X

 

Summary of observations

Governance

The audit found that the role of EMPD was well described and that important governance structures exist and are documented. However, some foundational practices related to program management and accountability require strengthening. We found that some important program management practices are not in place to support program oversight and continuous improvement, and some roles, responsibilities and accountabilities are not well defined and documented. These two observations, taken together, increase the risk associated with inconsistent or insufficient program controls.

Risk management

In the context of the government’s requirement to do risk- and hazard-based emergency management, the audit sought evidence that EMPD actively utilizes relevant risk and threat information to inform their plans, procedures and approach to exercises. The audit found that while risk information exists, there are no formal processes in place to harness and utilize it for NEM program management and planning.

Controls

The audit found that while the program has grown in scope and focus over the past years, the maturity of the control systems have not kept pace. Specifically, we found that while EMPD is responsible for administration and implementation of the NEM program at the CNSC, some key program activities are not being undertaken, including the approval and maintenance of policies and plans, resulting in procedures and related guidance not being completely developed or approved. Furthermore, we noted that the rigour of procedures varies across Nuclear Emergency Organization (NEO) sections. As well, the audit found the following:

  • Some training has been done; however, a fuller and more formal EM training program could provide assurance that CNSC staff are able to perform as expected in the event of an emergency.
  • Internal information and communication channels exist; however, they could be more formalized to give EMPD a better opportunity to exercise their functional authority and to ensure appropriate sharing of good practices across NEO sections. 
  • The CNSC employs a “three-deep” rule, where key positions within the Emergency Response Organization (ERO) will usually contain a minimum of three resources to fill a position in order to mitigate risks; however, capacity management practices need to be developed to support program management and emergency response.

Overall conclusion

The audit found that the CNSC has an established management framework, designed to promote general oversight, governance, risk management and control over the NEM program. Over the years, the NEM program has evolved in scope and profile, and important program improvements have been made. For instance, the CNSC has put in place new measures, including the modernization of the Emergency Operations Centre (EOC) and the introduction of emergency management software to enhance the program and the CNSC’s emergency response. Furthermore, the CNSC has been proactive in participating in multi-day exercises, expanding its role in the EM community and spearheading the development of a nuclear emergency recovery framework.

However, the audit found that the formal management practices that assure and demonstrate program performance are not fully in place. Because of this, while some compensating measures exist, there is not reasonable assurance that the system of governance, risk management and control is adequate and effective to support the CNSC’s objectives in relation to emergency management. Implementing formal management controls will help to ensure that the CNSC is effectively prepared to discharge its regulatory responsibilities in the event of a nuclear emergency.

The audit findings and recommendations have been communicated to management and, if addressed, will strengthen and sustain the management control framework, and provide assurance that the CNSC will be better equipped to respond to a nuclear emergency.

The Office of Audit and Ethics (OAE) would like to acknowledge and thank management and staff for their support throughout the conduct of this audit.

This audit conforms to the Internal Auditing Standards for the Government of Canada, as supported by the results of the OAE Quality Assurance and Improvement Program.

Introduction

1.1. Background and context

Nuclear emergency management is defined in CNSC REGDOC-3.6, Glossary of CNSC Terminology, as the “organized effort to prevent, prepare for, respond to and recover from a nuclear emergency”. According to the Emergency Management Act (EMA), the scope of emergency management includes four interdependent but integrated functions (also referred to as “pillars”):

  • Prevention/mitigation includes “prevention”, which refers to actions that are taken to ensure that an event does not occur in the first place, or to reduce its likelihood of occurring; and “mitigation”, which refers to actions taken before an event to reduce the potential magnitude or impact of the hazard.
  • Preparedness refers to actions taken before an event to ensure an effective response can be carried out.
  • Response refers to the actions taken during an event to reduce the magnitude of the hazard and/or the impact of the hazard on people, property and the environment.
  • Recovery refers to actions taken after an emergency to re-establish, rebuild and return to normal.

In the context of nuclear emergency management, licensees are the first line of defence against emergencies and are obligated, under their license conditions, to implement and test a variety of measures corresponding to the four pillars of emergency management. Complementing the licensees’ responsibilities, the CNSC’s primary Footnote 2 role in the event of a nuclear emergency is to monitor and oversee the appropriateness of measures being taken by licensees. The nuclear emergency management (NEM) program was established to ensure that the CNSC is equipped to effectively discharge its regulatory duties in the event of a nuclear emergency. The program’s focus includes activities that enable the CNSC to prepare for, respond to and recover from a nuclear emergency. These activities include ensuring that the CNSC is equipped with the facilities, resources, protocols and procedures to effectively fulfill its mandate in an emergency situation.

Functional direction for the program rests with the Emergency Management Programs Division (EMPD), within the Directorate of Security and Safeguards (DSS) in the Technical Support Branch (TSB). In this capacity, EMPD is responsible for the development of plans, policies and procedures that support the CNSC’s preparedness and response, as well as training and other support needed for the ERO to operate effectively and efficiently. EMPD is also responsible for overall NEM program management.

According to the CNSC’s Strategic Emergency Management Plan (SEMP), the scope of the NEM program includes:

  • nuclear emergencies at CNSC-licensed facilities and/or involving CNSC-licensed nuclear substances, including emergencies at:
    • nuclear power plants
    • research reactor facilities (e.g., Chalk River Laboratories)
    • uranium mines and mills
    • other Class I facilities
    • Class II facilities
    • waste management facilities
    • licensed medical, academic and industrial facilities and locations
  • nuclear emergencies involving CNSC-licensed nuclear substances in the public domain, including:
    • transportation emergencies involving nuclear substances
    • emergencies involving radioisotopes used by a licensee in various devices or other applications
  • nuclear emergencies not involving a CNSC licensee, and requiring a whole-of-government response, including:
    • nuclear/radiological emergencies due to a malevolent or illicit act
    • emergencies involving abandoned or orphaned nuclear substances
  • nuclear emergencies outside of Canada affecting or having a potential risk to the health, safety and security of Canadians and the environment, or to Canadian interests at home or abroad

Note that while covered under the SEMP, corporate emergencies affecting the CNSC internally are outside the scope of the NEM program. These emergencies are dealt with through the business continuity plans and procedures administered by the Corporate Services Branch (CSB).

In short, the NEM program deals with complex and evolving risks and threats, and has an important role to play in ensuring the CNSC’s ability to effectively discharge its regulatory duties in the event of an emergency. As well, post-Fukushima, the CNSC reviewed its emergency management program and, as part of its action plan, put in place new measures to enhance the program. Recent improvements have included the modernization of the Emergency Operations Centre (EOC) and the introduction of emergency management software (WebEOC). More generally, over the years, the program has undergone various reviews, all aimed at ensuring organizational readiness in the face of emergency situations. In this context, and in recognition of the importance of nuclear emergency management, an internal audit of the NEM program was planned.

1.2. Authority

The Audit of CNSC’s Nuclear Emergency Management Program is part of the approved CNSC Risk-Based Audit Plan (RBAP) for 2016–2017 to 2018–2019.

1.3. Audit objective, scope and approach

The objective of the audit was to provide reasonable assurance that the CNSC’s governance, risk management and controls in relation to the NEM program are adequate and effective.

The audit examined compliance with internal governance, roles, responsibilities and accountabilities, and risk management, as well as the existing management control framework, communication, training, policies, procedures, and processes, monitoring and reporting. The scope of this audit focused on the NEM program and the internal procedures, guidelines and practices that enable it to achieve its stated objectives, including those that relate to the coordination of the offsite response with other stakeholders (e.g., first responders, federal, provincial, municipalities, international) and the duty officer program as applicable.

The scope did not include the activities and processes that contribute to the prevention and mitigation pillar of EM, including the work of the Regulatory Operations Branch and the Technical Support Branch, or the support provided to them by EMPD in relation to the review and inspection of licensees’ emergency management arrangements. Specifically, the audit excluded the following activities:

  • design and application of controls used by the CNSC to review and assess the adequacy of emergency measures listed in license applications
  • planning, conducting and reporting of inspections, as they apply specifically to the licensees’ compliance with emergency plans and preparedness, and their implementation of procedures in response to an accidental release of nuclear substances and/or hazardous substances

Audit fieldwork was conducted between May 2016 and January 2017. The audit involved interviews with NEM staff and management, as well as members of various NEO sections. Documentation review was also conducted, including an examination of policies and procedures that were put in place up to and including January 2017. All comments and findings relate to this period of the audit.     

1.4. Roles, responsibilities and key stakeholders

As per the CNSC intranet, the Emergency Management Programs Division (EMPD) supports the CNSC’s mission and mandate by providing regulatory leadership and expertise with regard to maintaining responsibility for the administration and implementation of the CNSC nuclear emergency management (NEM) program. As nuclear emergency management experts, in addition to support provided to the Regulatory Operations Branch (outside the scope of this audit), the EMPD is responsible for ensuring a constant state of readiness and functionality of the CNSC’s Emergency Operations Centre (EOC), and for assembling and coordinating the CNSC’s response structure (also known as the Nuclear Emergency Organization (NEO)). The NEO is comprised of the following groups:

  • The Emergency Executive Team (EET) is the executive group responsible for setting the strategic direction of the CNSC response – it provides strategic support and advice to the CNSC president on the CNSC emergency response.
  • The Emergency Response Organization (ERO) is responsible for the tactical operations of the CNSC response within the EOC, under the leadership of the EOC director; the ERO translates the strategic direction provided by the EET into tactical response actions, and is itself composed of the following sections:
    • EOC Command
    • Coordination
    • Technical Assessment
    • Regulatory Operations
    • Communications
    • Logistics
    • Government Relations

The duty officer program (DO program) is under the responsibility of EMPD and provides a 24/7 point of contact for callers who require assistance with an actual or potential nuclear emergency. Its mandate is to maintain the capability to receive notice of nuclear emergencies and to ensure that the NEM program can be activated at any time. In this way, it provides an important coordination role at the early stages of an emergency or potential emergency.

The above-noted players work in accordance with a variety of legislative and policy authorities, all of which are outlined in appendix B of this report.

1.5. Context: program evolution

The CNSC has had an emergency management (EM) program for some 30 years, although nuclear emergency management gained increased attention after the Fukushima Daiichi nuclear accident in 2011. Coincident with this, new emergency preparedness requirements issued by Public Safety Canada in 2011 for all federal departments and agencies led to an increased focus on EM across government, including at the CNSC. As well, increasing questions related to emergency preparedness and response have come before the Commission. As a result of the above, the program has seen some important developments since 2012:

  • The CNSC has participated in annual full-scale exercises at nuclear power plants (NPPs).
  • The program has been subject to an internal CNSC evaluation and external reviews (e.g., Purdy Report, 2012, and Purdy/Harlick Report, 2014), which resulted in a number of observations and recommendations for program enhancement.
  • In 2013, the CNSC developed and approved its Strategic Emergency Management Plan (SEMP) and revised and updated the Nuclear Emergency Response Plan (NERP):
    • The SEMP describes the CNSC’s strategic level objectives, approach and framework for preparing for, responding to and recovering from a nuclear emergency, both as a regulatory body and as a support organization for the whole-of-government response.
    • The NERP describes the CNSC’s tactical response to emergencies that fall within its mandate.
  • The NEO was modernized to incorporate expertise from all branches.
  • In 2014/15, a Health Canada/CNSC Liaison Committee was established to coordinate and share information.
  • The membership of the emergency management technical team was increased in 2016.
  • In 2016, important enhancements were made to the infrastructure of the EOC, including IT equipment and physical workspace; emergency information management software (WebEOC) was introduced.
  • Finally, management has indicated that the program has also been impacted by increased involvement in the international nuclear community and an expanded role in assessing offsite consequences, monitoring the licensees’ actions and producing public messaging in the event of an emergency.

1.6. Analysis of risks and lines of enquiry

During the audit’s planning phase, an analysis was conducted to identify the potential risks faced by the audit entity, and to evaluate and prioritize their relevance to the audit objectives. Risks were identified by reviewing relevant documentation, policies and legislation. The lines of enquiry were identified for examination during the audit.

The following table summarizes the key lines of enquiry according to which the audit was structured and illustrates how each relates to the audit criteria (and report structure) of governance, risk management and control. Appendix A provides detailed audit criteria that were assessed within each of these lines of enquiry.

Line of enquiry Governance Risk management Controls
  1. Establishment, understanding and application of roles, responsibilities and accountabilities

X

   
  1. Effectiveness of internal governance structures for program management

X

   
  1. Effectiveness of internal governance structures for emergency situations

X

   
  1. Adequacy of training
   

X

  1. Sufficiency and appropriateness of information and communication channels

X

 

X

  1. Sufficiency, currency, and clarity of policies and procedures
   

X

  1. Capacity management      
   

X

  1. Risk management 
 

X

 

1.7. Conformance with professional standards

This audit conforms to the Internal Auditing Standards for the Government of Canada, as supported by the results of the OAE quality assurance and improvement program.

2. Audit observations and recommendations

2.1. Governance

The audit found that the role of EMPD, as well as those of the ERO sections and the EET, are well documented and that important governance structures exist; however, clarification of roles and responsibilities and the strengthening of some program management practices are required to keep pace with program evolutions.

Governance processes direct and oversee an organization, a program or a set of activities. They include documented roles, responsibilities and accountabilities, as well as the mechanisms by which performance expectations are set and monitored – both by management and by oversight bodies. In this way, governance is closely supported by risk management and control processes, which are discussed below in sections 2.2 and 2.3, respectively.

The audit examined the governance processes in place to support day-to-day operations of the program, as well as those that support effective operations in an emergency situation. In each case, we expected to find that the key roles, responsibilities and accountabilities of the various players were clearly established, well communicated, understood and consistently applied. This included the responsibilities of individuals, organizations and committees.

2.1.1. Program management

The NEM program is a complex, multi-faceted program that has numerous stakeholders and operates in a changing, complex operational and threat environment. Critical to the program’s success are the management mechanisms that allow for program direction to be set, resources to be allocated, and results and risks to be overseen. The audit found that these important mechanisms need to be strengthened in order to yield benefits in terms of increased program standardization, consistency of practice and strengthened accountability. Areas of note include program oversight and follow-up on lessons learned.

Program oversight: The audit expected to find well-developed mechanisms for program performance and risk management. The audit did not find evidence of a program performance measurement framework or of regular performance or risk monitoring.

Follow-up on lessons learned: The program has been subject to many reviews and evaluations in the past Footnote 3, and as a result, has committed to implementing specific actions Footnote 4 to address noted weaknesses. The audit found that the CNSC’s after-action reports (AARs) are comprehensive and well structured, and contain some very valuable sources of potential process improvement. However, with the exception of the Management Action Plan for the 2014 Purdy/Harlick report on Exercise Unified Response, the audit was unable to find evidence that these action plans were being implemented and formally tracked. The audit reviewed various CNSC and stakeholder after-action reports (AARs) between 2012 and 2015, and examined 13 action items in detail. Specific observations included the following:

  • The audit found that there was no formal process by which action items are monitored and followed up on, and there were no processes in place for managing recommendations made in stakeholders’ AARs that would require action by the CNSC.
  • Although the CNSC AAR for the 2015 NPP exercise contained evidence of approval at the director general (DG) level, there was no evidence of approval in relation to the items committed to in the 2012 AAR, as a result of which the audit was unable to determine the commitments made and what, as a result, needed to be followed up on for this plan.
  • The audit noted instances where there were issues raised in the 2012 exercise that emerged again in the Exercise Intrepid 2015 and which were highlighted again in interviews with staff (e.g., training all levels of the NEO, developing procedures, issues with the use of satellite phones).
  • The audit noted that some recommendations in the action plan produced in response to the Purdy and Harlick Independent Evaluation Report – Exercise Unified Response 2014 have not been adequately addressed (e.g., Commission member training, conduct of sufficient EET exercise hot wash (2016), involvement of Public Safety in results of discussions from the HC-CNSC Liaison Committee); the CNSC’s internal AAR for this exercise (with 70 potential recommendations) remains incomplete in draft format, as it was put aside in order to focus on the Purdy/Harlick recommendations.

Conclusion

The audit found that the CNSC’s AARs are comprehensive and well structured, and that they contain some very valuable sources of potential process improvements. However, important program management practices such as performance management and implementation and tracking of lessons learned are not in place to fully support program oversight and continuous improvement.

Recommendation 1a and 1b

It is recommended that the vice-president of TSB take the appropriate actions to enhance and document the program management framework for the NEM program, with specific attention placed on the following areas:

  1. documenting program objectives, expected results and program risks, as well as formal procedures for regularized program monitoring in support of continuous improvement
  2. formalizing the process for tracking and reporting on actions committed to in the CNSC and stakeholder after-action reports, as well as any reviews/audits that may be conducted

Management response and action plan

  1. Agreed. The nuclear emergency management program at the CNSC has traditionally been reported through line management (TSB/DSS). However, given the significant changes, improvements and growth that have occurred in various aspects of the program in recent years, the management plan to address this recommendation will be to develop a formal corporate reporting system outside of the TSB/DSS line. Consequently, management will take steps to implement an Emergency Management Coordinating Committee (EMCC) to be chaired by the director of EMPD, with membership representing all Nuclear Emergency Organization (NEO) (EOC sections), and which will that will report to the Operations Management Committee (OMC) on a regular basis. The committee mandate will be clearly established under terms of reference, and will document the program objectives and expected results to ensure ongoing and continuous improvement. Reporting topics will cover annual threat and risk reviews, short- and long-term emergency exercise plans, NEO training plans, changes and improvements to the program, and status of actions and recommendations for improvement arising from after-action reports, lessons learned, audits and various sources of operating experience (OPEX).
  2. Status: In progress (expected completion by April 2018)

  3.  Agreed. An action tracking system has recently been established to address this concern for the short term (to collect and track actions and recommendations from prior exercises and audits). Going forward, the review and tracking of after-action items will be tracked by the EMCC, and will leverage already established systems such as the Regulatory Information Bank (RIB), to ensure there a formal process is being used to record and track actions and recommendations through to completion. This will be one of the sources of topics for regular reporting to the OMC.

Status: In progress (expected completion by April 2018)

2.1.2. Roles, responsibilities and accountabilities

Added to this concern, some important roles and responsibilities are not documented. Two specific examples were identified in the course of the audit.

  • First, the audit found that the Nuclear Security Division (NSD) does not form part of the ERO and is not formally linked into the NEM program. However, if there is a security aspect to a nuclear emergency, NSD is expected to be involved, as they are the subject-matter experts within TSB. Among other duties, NSD is mandated with supporting the CNSC mission to protect the health and safety of workers and the public, and to prevent unreasonable risk to national security and the environment associated with the use of nuclear energy and the development, production, possession or use of nuclear substances, prescribed equipment and prescribed information. The audit found evidence of informal relationships that would enable information sharing between NSD and EMPD, but no formal channels exist to proactively integrate security considerations into the CNSC’s EM plans or exercises. The formal inclusion of NSD in the ERO and NEM program structure would facilitate this.
  • Finally, while it is understood that the CNSC’s role in recovery would be that of regulator (i.e., would involve the oversight of licensees’ recovery activities), the audit found that there is no formal CNSC recovery plan and no guidance exists for CNSC staff on the procedures and expectations post-emergency – whether for offsite or onsite recoveries. We understand that the CNSC is developing a discussion paper that aims to explore and seek input from stakeholders on the offsite nuclear emergency recovery framework as well as the proposed roles and responsibilities for offsite recovery management organizations (including those of the CNSC). The expected time to completion for this analysis is between 18 and 24 months. As the CNSC is completing its analysis and consultation, there is an opportunity for the organization to initiate the documentation of expectations for CNSC staff in onsite recovery activities. This should include the management of resource implications related to addressing recovery operations concurrent with routine operations.

Conclusion

The audit found that the mandate of EMPD and the roles and responsibilities of the ERO sections and the EET were defined and documented. However, not all roles, responsibilities and accountabilities are well defined or documented. Further development of the roles and responsibilities for the CNSC’s site staff, the Nuclear Security Division and the CNSC in the onsite recovery activities would ensure clear CNSC direction and readiness in emergency situations.

Recommendation 2

It is recommended that the vice-president of TSB take the appropriate actions to enhance the clarity and formality of roles, responsibilities and authorities in relation to the NEM program, by:

  1. clearly documenting the CNSC’s expectations for site staff, including roles, responsibilities and procedures in the event of an emergency, ensuring that these expectations are in line with NEO sections’ responsibilities
  2. strengthening the formality of linkages between NSD and EMPD, which should include a clear documentation of expectations for their involvement, and may include formally including them in the NEO structure

Management response and action plan

  1. Agreed. This recommendation was addressed and completed by DPRR staff in parallel with this audit. A procedure was prepared for site inspectors to use during their response to a nuclear power plant emergency (Role of a Site Inspector during an NPP Emergency, 2017/04/03, e-Doc 5015742). The procedure ensures that site inspectors know and understand their roles and responsibilities, that site staff are safe, and that the procedure aligns with the expectations placed on site inspectors regarding applicable reporting to the CNSC EOC NEO. The procedure was signed and approved for use by the DG, DPRR.
  2. Status: Complete

  3. Agreed. The role of Nuclear Security Division in the NEO structure of the EOC has been included in the NER Plan, which is currently being revised and expected to be approved by December 2017.

Status: In progress (expected completion by December 2017)

2.2. Risk management

Public Safety guidance on emergency management requires that emergency response plans and schedules for the exercising of these plans be developed using an all-hazard risk approach. This approach should consider various inputs to ensure that the plans are reflective of and responsive to the various types of threats and hazards that could be relevant to the organization. Because risk and threat environments can be ever evolving, risk analysis should be conducted periodically to update the plans and ensure that exercise schedules allow for testing of the plans under different circumstances. Accordingly, the audit examined the processes by which EMPD reviewed, gathered and utilized risk and threat information to develop their response plans, prioritize the testing and exercise of the plans and, more generally, orient and design their program, including procedures and other guidance. We also examined the degree to which the CNSC consolidated risk and threat information related to nuclear emergency management for whole-of-government purposes.

We understand that the CNSC – acting as the regulatory authority over the nuclear industry – has access to extensive industry risk and threat information. Indeed, EMPD, in its support role to Regulatory Operations (a role that is outside the scope of the NEM program), participates in the review, assessment and approval of the emergency management programs of licensees, which includes an examination of threats and hazards Footnote 5. Despite this, the audit found that no formal channels exist to leverage and utilize this licensee information for the benefit of the NEM program – whether for emergency response planning, exercise scheduling or other purposes.

Similarly, the audit did not find evidence that threats related to malevolent activities are actively considered in the CNSC’s emergency planning. As well, the SEMP states that the risk assessments performed by each of the primary response departments in the whole-of-government response are used as baselines for CNSC preparedness. The audit found that no formal processes exist to ensure that these risk assessments are used to inform the NEM program preparedness activities. Finally, the audit found no evidence that the SEMP and NERP have been updated to reflect changes in risk environment since its approval in May 2013.

Conclusion

The audit found that there are some compensating measures in the event of an emergency because the members of the ERO are those who have direct experience with the risk information of licensees; however, as described above, the audit is unable to conclude that the CNSC’s NEM program, including its plans and training, is aligned with and prepared for all types of risks, whether current or emerging. More formal efforts are required to provide assurance that the CNSC’s documentation is kept current in the face of a changing risk environment; that the right exercises are being done, based on risk; and that, ultimately, the organization is prepared.

Recommendation 3

It is recommended that the vice-president of TSB take the appropriate actions to establish a formal process by which TSB regularly reviews and, as necessary, incorporates updated threat and risk analysis into its emergency plans and key program activities, including exercise planning and procedural development.

Management response and action plan

    3) Agreed. As in the management response and action plan to recommendation 1) a), it is proposed that reporting on the NEM program, management will be taking steps to implement an Emergency Management Coordinating Committee (EMCC), and that regular reporting to the OMC which will cover topics including annual threat and risk reviews, and key program activities such as short- and long-term emergency exercise plans, NEO training plans, changes and improvements to the program, and status of actions and recommendations for improvement arising from after-action reports, lessons learned, audits and various sources of OPEX.

Status: In progress (expected completion by April 2018)

2.3. Controls

The scope of the control processes that were examined for this audit included policies, procedures and guidance; training; internal communications; and capacity management activities. We expected to find that EMPD was fully and effectively discharging its functional responsibilities over EM at the CNSC by establishing and communicating clear, current and internally aligned policies and procedures. Moreover, we expected to find that those parties who maintain responsibility for applying these procedures receive appropriate training and communications and, on that basis, have a solid and accurate understanding of their duties.

As the functional authority for emergency management at the CNSC, the EMPD has a fairly broad mandate that includes:

  • updating the NEO roster on a regular basis
  • ensuring the continued functionality, security and readiness of the EOC space, equipment and resources
  • maintaining a catalogued collection of current resource documents available to the response staff, to assist them during a CNSC emergency response, which includes:
    • maintaining the NERP Master Plan
    •  ensuring that changes to the plans and supporting documents are recorded and effectively communicated to key stakeholders
  • providing HQ/Telesat and CNSC site/regional staff with the level of training necessary to perform their assigned emergency response functions and maintain response readiness
  • gathering lessons learned and incorporating them into the review process of CNSC nuclear emergency documents
  • ensuring effective emergency management linkages with stakeholders

These responsibilities are critical to ensuring that the CNSC NEO can effectively discharge its duties and, ultimately, to ensuring that the CNSC is appropriately responsive and able to effectively discharge its regulatory role in the event of a nuclear emergency.

The audit has found that some key activities that would be expected of the functional authority are not currently being undertaken or executed on a regular basis. Key observations are detailed below. 

2.3.1. Policies and procedures

The audit examined a wide range of policies, procedures, plans and other documentation that set out expectations for EM activity at the CNSC. We expected to find a comprehensive set of policies and procedures for EMPD, as well as site-specific and ERO section-specific procedures, all of which are in line with one another. We found that EMPD has made good progress in the development of these policies and procedures, although not all guidance was complete or final. A good practice was noted in that the Technical Assessment and Communications sections of the ERO, for example, have also developed supporting procedures for their areas of expertise in the EOC. However, despite the commitments made as a result of exercises conducted since 2012 to improve the state of procedural guidance, most of it remains in draft form and some important pieces are incomplete. Specific concerns are summarized below:

  • The EOC Concept of Operations document (last updated in 2014) includes the structure of CNSC EOC procedures, comprising 30 procedural or supporting documents. Only 19 are developed and all were in draft at the time of the audit. Remaining documents, including key procedures such as prolonged operations and change of shift, inventory check, lessons learned and maintenance of the EOC contact list, need to be developed.
  • French procedures for the EOC do not exist.
  • Procedures for Commission members have not been developed.
  • Policies and procedures for the recovery pillar do not yet exist.
  • Some important response plans and procedural documents referenced in the SEMP and the NERP are not yet developed, including the Foreign Emergency Response Plan, Transportation Response Plan and the Major Event Response Plan.

The audit found that EMPD has not set clear expectations for the development of section-specific or site-specific EM procedures. As a result, some sites and sections are developing their own, some are enhancing existing EMPD procedures, while others rely solely on EMPD procedures. Further, no process exists to ensure that the ERO section procedures and site procedures that are developed are in alignment with one another, or with EMPD expectations. EMPD does not play a formal role in reviewing these documents.

The specific instances are as follows:

  • While EMPD has developed all the ERO section procedures, some ERO sections have developed in-house procedures or enhanced existing EMPD procedures for their area of expertise in the EOC; however, there is no overarching oversight and monitoring done to ensure consistency and alignment between EMPD developed procedures and in-house procedures.
  • Although EMPD has developed a site-staff procedure for NPPs and Chalk River, site staff were either not aware of the procedure or found it misaligned with their own procedure, as a result of which, NPP and Chalk River site staff have developed, or are developing, their own procedures. In the absence of clear guidance on CNSC expectations for EM procedures, site staff are relying on licensee procedures, which offer some degree of compensating control.
  • No procedures have been developed for:
    • Uranium Mines and Mills (UMMs) Division
    • Operations Inspections Division (Regional Offices (Laval, Mississauga, Calgary)
    • Accelerators and Class II Facilities Division
    • Transport Licensing and Strategic Support Division
    • Waste and Decommissioning Division

Interviews with management in these divisions indicated that this was not considered a significant concern. Divisions cited the duty officer program (DO program) as being an effective means of reporting emergencies, and source of guidance, and/or reliance on the licensee’s own procedures. Because they believe that emergencies in these areas that would ever require the activation of the EOC are rare, there is the belief that the DO program suffices as a control measure. However, given that the NERP cites these facilities as being potential locations for nuclear emergencies, coupled with the changing risk environment, there is scope for EMPD to review and validate that the level of procedural guidance is indeed adequate, given the risk.

We are encouraged by the existence of a working group to define the role of site inspectors in an emergency. We also understand that the roles to be played by CNSC staff in an emergency are largely the same as those they are expected to play on a regular basis. However, specific expectations in the event of an emergency still need to be articulated to ensure the effectiveness and functionality of the NEO in the event of an emergency.

Conclusion

The audit found that progress has been made in the development of some policies and procedures. However, as described above, procedures and related guidance are not fully developed or formally approved. We acknowledge that the required extent of documented policies, procedures and plans may vary depending on the risk and the importance of the documentation in question. However, additional effort is needed to determine what guidance is critical and, on that basis, to develop it.

Recommendation 4a and 4b

It is recommended that the vice-president of TSB take the appropriate actions:

  1. to review and determine, based on risk, what procedures and planning documents are required to ensure appropriate emergency preparedness and response, based on this, they should complete and keep current the key procedures and emergency plans
  2. to ensure that regularly and widely used procedures for the EOC are available for the staff in both official languages (English and French)

Management response and action plan

  1. Agreed. Work is underway to review and update the suite of EMPD documentation which will be captured in the CNSC Management System document structure as required, and will include the NER Plan and program, and emergency preparedness and response procedures. The Emergency Management Coordinating Committee will consider the documents to be included in the Management System and will report on the status of NEM program documentation to the OMC on a regular basis.
  2. Status: In progress (expected completion by April 2018)

  3. Agreed. The procedures that are regularly and widely used will be made available in both official languages consistent with the official languages requirement.

Status: In progress (expected completion by April 2018)

2.3.2. Training program

While policies and procedures are critical controls to ensure the preparedness and consistency of the CNSC’s action in the event of an emergency, so too is training. Accordingly, the audit assessed the state of EM training and expected to find a robust training program along with supporting processes to ensure training is taken by those who require it. We found that while some training is delivered, a comprehensive program does not exist, and further noted that training commitments made in relation to previous reviews have not been met.

The SEMP and the NERP clearly establish the role of EMPD as the provider of the training necessary for HQ / Telesat / site / regional office staff to perform their assigned emergency response functions and maintain response readiness. ERO sections are responsible for the technical training that is required. The NERP refers to a Training and Qualification Program document and the SEMP refers to a CNSC Training and Exercise Program – neither of which currently exists. The audit did find that EMPD has developed and widely delivered an online, high-level training that offers an overview of the EOC (EOC 101). However, the CNSC lacks a comprehensive, formal training program for its NEO members as well as other important players such as regional offices and site staff. No formal arrangements exist to track the completion of training.

ERO sections are responsible for their technical training, and some have developed their own training material to prepare for exercises and supplement the mandatory training. These are meaningful activities. However, like the situation noted above on ERO-specific procedures, there is no consistent training approach across ERO sections, which increases risk of misalignment with EMPD.

We have noted that, positively, the CNSC regularly participates in NPP-led exercises, which afford NEO members an opportunity to test and apply their knowledge and expertise. However, as noted earlier in this report, we have observed that exercise-based training has been NPP focused since 2012, and there is no evidence that it is risk-informed due to a lack of risk-based exercise planning that would consider nuclear emergencies related to malevolent events, transportation incidents, major events, Class II facilities and UMMs since 2012. As well, given that the CNSC licenses four active NPPs, NPP site staff may only get to participate in a full exercise involving CNSC participation once every three to five years, yet may still be expected to assist other NPPs in the event of a prolonged emergency/recovery. Also, despite recommendations from the Purdy report to test the CNSC’s business continuity plan (BCP) concurrent with a nuclear emergency management exercise, no evidence of this has been identified by the audit. While we understand the investment that would be required for such an exercise, because the BCP is a critical enabler of the CNSC’s responsiveness in the event of a nuclear emergency situation, this concurrent testing is important.

The audit also found that commitments made in 2012 to train Commission members have not been met. Finally, commitments made in response to the Purdy and Harlick Independent Evaluation Report – Exercise Unified Response 2014 to train Commission members and involve them in tabletop exercises have not been met.

Conclusion

The audit found that training is done in conjunction with preparing for NPP exercises; however, a comprehensive, formal training program is not in place for emergency management. The training (EOC 101) that is delivered is an introductory, high-level course. A more robust training program that addresses key risks and the needs of all relevant stakeholders (i.e., NEO members, regional/site staff and Commission members) will further strengthen the CNSC’s preparedness to respond to a nuclear emergency and provide assurance that staff knowledge is broadened and kept up to date.

Recommendation 5

Concurrent with its review of the suite of CNSC procedures, it is recommended that the vice-president of TSB take the appropriate actions to review and update program training needs, ensuring that the classroom and exercise-based training program is sufficient to address current plans, program requirements and key risks.

Management response and action plan

    5)  Agreed. NEO training currently exists, and while it has been delivered to emergency response personnel in the past, generally the training was provided just prior to the major exercises in which the CNSC participated. Looking forward, to improve the NEO training program, additional courses will be developed, included and tracked in the CNSC Learning Management System course directory, and will become part of the curriculum for NEO members as part of their individual learning plans. Some of the new courses will be generic (e.g., a supplementary course to EOC 101) that will provide EOC staff with greater knowledge and understanding of EOC operations and tools (e.g., use of WebEOC), while other courses will include technical training for specific EOC sections (to be developed and delivered by applicable directorate subject matter experts (SMEs)), and EOC director and section chief training, which will be specific to certain NEO staff filling those unique EOC positions. Training will be based on the NER Plan, key risks and program requirements, and will be provided by a variety of means such as self-directed and/or computer-based, classroom, section-specific, and tabletop drills and exercises.

Status: In progress (expected completion by April 2018)

2.3.3. Communication and information channels

Being a key control for the coordination of players in an emergency management situation, information and communication channels not only support responsiveness in the event of an emergency, but also help to ensure that all players within the CNSC understand and are equipped to play their roles. Accordingly, the audit examined the adequacy and effectiveness of the information channels.

The audit found some areas of good practice, including the following:

  • The recent investment in EOC infrastructure and rollout of WebEOC has been widely viewed as a positive development that enables good communication in the event of an emergency.
  • Communications and information management has been made a priority and requirements reflected in the EOC procedures related to communications.
  • The existence of the Health Canada / CNSC Liaison Committee, supported by a formal MOU, constitutes a good control that allows for information sharing and communication across organizations.

However, some additional improvements are needed. There is no formal, EM-dedicated internal forum through which EMPD can engage with internal program stakeholders and, through that, exercise its functional authority for emergency management. Engagement between EMPD and CNSC stakeholders takes place bilaterally. The creation of a forum for NEO members would enhance collaboration around key horizontal issues, including, but not limited to:

  • understanding and addressing EM training and procedural needs
  • clearly outlining EMPD’s expectations
  • consistently monitoring AAR commitments and progress against them
  • identifying and discussing new or emerging EM issues

Conclusion

The audit found that good practices and improvements have been noted in the recent updates to the physical EOC and in the implementation of WebEOC. However, internal information and communication channels are not fully developed or formalized and can be improved by creating a NEO forum, thus enhancing knowledge sharing and points of connection across the NEO.

Recommendation 1c

It is recommended that the vice-president of TSB take the appropriate actions to enhance and document the program management framework for the NEM program, with specific attention placed on:

c) establishing a NEO forum as a means to regularly, effectively and consistently engage with CNSC stakeholders on horizontal issues of program importance

Management response and action plan

    c)   Agreed. EMPD has committed to including NEO staff throughout the CNSC to provide comments and feedback in many aspects of the NEM program, including documentation, exercise development, training and other areas; it has just never been formalized or open to all NEO. As a way to keep NEO members engaged, and to improve and broaden the opportunities for all NEO members to share their ideas, knowledge and experience, EMPD will set up a NEO forum that will meet at least once per year.

Status: In progress (expected implementation date by Q4 of FY 2017–18 after the major exercise in December 2017)

2.3.4. Capacity management

Capacity management is critical to support emergency response and recovery, and to sustain, as needed, core operations in the event of a prolonged emergency. In the SEMP, the Technical Support Branch is mandated to “provide adequate resources to develop, administer, maintain, coordinate and support all aspects of the Nuclear Emergency Management Program”. In the context of these requirements, the audit examined the NEM’s human resource planning processes, seeking evidence that standards exist and are met for minimum levels of resources, and further, that arrangements exist to ensure that resources are available in the event of a prolonged emergency. Moreover, we also assessed whether there were sufficient arrangements in place to regularly review the sufficiency of program management resources.

The audit found that in general, the CNSC employs a “three-deep” rule for key positions, and while this standard is referenced in the NERP and various procedural documents, there was no evidence found that the CNSC as a whole employs formal guidance to this effect or that mechanisms exist to enforce it. The audit did not find any evidence of analysis having been conducted on the resource implications of a prolonged emergency, including coverage of day-to-day operations within the CNSC and at CNSC-staffed facilities. Similarly, there was no evidence of any formal analysis having been conducted regarding the implications for resources in a recovery phase, including coverage of day-to-day operations within the CNSC and at the emergency site. We understand that management planned to develop a procedure on prolonged operations and change of shift, but this has not yet been developed.

Similar issues relate to analysis and planning for internal NEM resources in EMPD. The approved resource complement for the NEM program is three FTEs. At the time of the audit, actual resources included one permanent resource and one staff member on assignment. Understanding that the program has evolved in scope over the past number of years, the audit examined the program’s capacity-planning processes. We were unable to find any evidence that the complement of program resources has been reviewed in the wake of evolving program expectations. As a result, there are no controls to provide assurance that resources are commensurate with program scope and requirements.

Conclusion

The audit found that capacity management practices were not in place to provide assurance that sufficient and appropriate resources exist to support program management and emergency response – particularly in the event of a prolonged emergency. Improvements in these practices would strengthen the overall system of control and ensure that the program has sufficient capacity to support the evolving program scope.

Recommendation 1d

It is recommended that the vice-president of TSB take the appropriate actions to enhance and document the program management framework for the NEM program, with specific attention placed on:

d) reviewing the NEM program resource complement to ensure that it is commensurate with the current and evolving program scope

Management response and action plan

    d)   Agreed. Staffing of two vacant positions in EMPD is completed and staffing actions for other new and/or vacant positions are currently underway as part of the CNSC workforce of the future initiative. This staffing activity will include reviewing if the resource levels are adequate to assure ongoing program implementation.

Status: In progress (expected completion by April 2018)

3. Recommendations

The audit has recommended a series of improvements that, if addressed, will strengthen and sustain the management control framework and provide assurance that the CNSC will be better equipped to respond to a nuclear emergency. These recommendations are as follows:

Audit recommendation Relevant audit area
It is recommended that the vice-president of TSB take the appropriate actions to enhance and document the program management framework for the NEM program, with specific attention placed on the following areas:
  1. documenting program objectives, expected results and program risks as well as formal procedures for regularized program monitoring in support of continuous improvement
  2. formalizing the process for tracking and reporting on actions committed to in the CNSC and stakeholder after-action reports, as well as any reviews/audits that may be conducted
  3. establishing a NEO forum as a means to regularly, effectively and consistently engage with CNSC stakeholders on horizontal issues of program importance
  4. reviewing the NEM program resource complement to ensure it is commensurate with the current and evolving program scope

Governance

Controls

It is recommended that the vice-president of TSB take the appropriate actions to enhance the clarity and formality of roles, responsibilities and authorities in relation to the NEM program by:
  1. clearly documenting the CNSC’s expectations for site staff, including roles, responsibilities and procedures in the event of an emergency, ensuring these expectations are in line with NEO sections’ responsibilities
  2. Strengthening the formality of linkages between NSD and EMPD. This should include a clear documentation of expectations for their involvement, and may include formally including them in the NEO structure

Governance

3. It is recommended that the vice-president of TSB take the appropriate actions to establish a formal process by which TSB regularly reviews and, as necessary, incorporates updated threat and risk analysis into its emergency plans and key program activities, including exercise planning and procedural development.

Risk management

4. It is recommended that the vice-president of TSB take the appropriate actions:
  1. to review and determine, based on risk, what procedures and planning documents are required to ensure appropriate emergency preparedness and response, based on this, they should complete and keep current, the key procedures and emergency plans
  2. to ensure that regularly and widely used procedures for the EOC are available for the staff in both official languages (English and French)

Controls

5. Concurrent with its review of the suite of CNSC procedures, it is recommended that the vice-president of TSB take the appropriate actions to review and update program training needs, ensuring that the classroom and exercise-based training program is sufficient to address current plans, program requirements and key risks.

Controls

4. Conclusion

Over the years, the NEM program has evolved in scope and profile. Important program improvements have been made. However, the results of the audit indicated that the formal management practices that assure and demonstrate program performance are not fully in place. Some compensating measures exist – most importantly the fact that the emergency-related roles played by those in NEO sections are generally the same as their day-to-day duties, albeit in    more time-sensitive and significant circumstances. Despite these compensations, formal program management practices and controls are needed to ensure that the CNSC is adequately prepared for and responsive to a nuclear emergency.

In light of the findings of the audit, reasonable assurance cannot be provided that the system of governance, risk management and control is adequate and effective to support the CNSC’s objectives in relation to emergency management. Implementing more formal management controls will help to ensure that the CNSC is prepared to effectively and efficiently discharge its regulatory responsibilities in the event of a nuclear emergency.

Appendix A: Lines of enquiry and audit criteria

The audit was conducted using the following lines of enquiry and corresponding audit criteria. The following table illustrates how each line of enquiry relates to governance, risk management and control.

Line of enquiry Governance Risk management Controls

1. Establishment, understanding and application of roles, responsibilities and accountabilities

1.1 The CNSC’s mandate and role in relation to the NEM program pillars (preparedness, response and recovery) is clearly defined, documented, communicated and understood.

1.1.2 Responsibility, accountability and authority of the CNSC relative to other players in this area is clear, documented, communicated, commonly understood and aligned (i.e., avoids overlap and duplication with others). (This applies to both within the CNSC and as a whole-of-government support, on-site and off-site response, and all EM pillars.)

X

   

2. Effectiveness of internal governance structures for program management

2.1 There is a well-defined and applied governance structure that facilitates direction setting, coordination of activities and internal communication in relation to preparedness, response and recovery.

2.2 The CNSC has program monitoring and continuous improvement mechanisms in place to enable the review, scrutiny and lessons learned from reviews and exercises, internal and external audits, and other risk analysis.

2.2.2 Commitments that are made in response to these reviews and exercises are monitored and implemented.

X

   

3. Effectiveness of internal governance structures for emergency situations

3.1 A formal, dedicated NEO structure exists with clear roles, responsibilities and authorities.

3.1.1 The size and composition of the NEO is appropriate and allows for efficient and clear communication in the event of an emergency.

3.1.2 Clear lines of communication exist, both within the NEO structure and between the EOC facility and NEO members (and have been tested/exercised).

3.1.3 There are clear delegations of authority in the event that critical staff and senior management are unavailable.

X

   

4. Adequacy of training

4.1 CNSC personnel are appropriately trained to discharge their duties in relation to preparedness, response and recovery, including but not limited to, senior levels of management, those with delegated authorities, media relations, the Commission members and duty officers.

   

X

5. Sufficiency and appropriateness of information and communication channels

5.1 There are well-established, documented and well-understood roles, protocols and channels of communication with internal and external stakeholders in the event of an emergency.

X

 

X

6. Sufficiency, currency, and clarity of policies and procedures

6.1 Policies and standard operating procedures exist across the CNSC to guide the organization’s preparedness, response and recovery activities.

   

X

7. Capacity management

7.1 The CNSC has mechanisms in place to ensure that adequate resources are in place to support emergency response and recovery, and to sustain, as needed, core operations in the event of a prolonged emergency.

7.2 The CNSC has appropriate infrastructure to enable efficient and effective emergency response and recovery.

   

X

8. Risk management

8.1 The CNSC has a process and methodology to identify, monitor and consider threats and risks on an ongoing basis and factors these into the design of the NEM program.

 

X

 

Appendix B: Audit recommendations and management action plan

The following table presents the recommendations and management action plans for the Audit of the Nuclear Emergency Management Program.

Action owner (office of primary interest) Management response and action plan Timeline

Recommendation 1a

It is recommended that the vice-president of TSB take the appropriate actions to enhance and document the program management framework for the NEM program, with specific attention placed on the following areas:

  1. documenting program objectives, expected results and program risks as well as formal procedures for regularized program monitoring in support of continuous improvement

Vice-president of TSB

Agreed.
The nuclear emergency management program at the CNSC has traditionally been reported through line management (TSB/DSS). However, given the significant changes, improvements and growth that have occurred in various aspects of the program in recent years, the management plan to address this recommendation will be to develop a formal corporate reporting system outside of the TSB/DSS line. Consequently, management will take steps to implement an Emergency Management Coordinating Committee (EMCC) to be chaired by the director of EMPD, with membership representing all Nuclear Emergency Organization (NEO) (EOC sections), and which will that will report to the Operations Management Committee (OMC) on a regular basis. The committee mandate will be clearly established under terms of reference, and will document the program objectives and expected results to ensure ongoing and continuous improvement. Reporting topics will cover annual threat and risk reviews, short- and long-term emergency exercise plans, NEO training plans, changes and improvements to the program, and status of actions and recommendations for improvement arising from after-action reports, lessons learned, audits and various sources of operating experience (OPEX).

Status: In progress (expected completion by April 2018)

Recommendation 1b

It is recommended that the vice-president of TSB take the appropriate actions to enhance and document the program management framework for the NEM program, with specific attention placed on the following areas:

    b. formalizing the process for tracking and reporting on actions committed to in CNSC and stakeholder after-action reports, as well as any reviews/audits that may be conducted.

Vice-President of TSB

Agreed.
An action tracking system has recently been established to address this concern for the short term (to collect and track actions and recommendations from prior exercises and audits). Going forward, the review and tracking of after-action items will be tracked by the EMCC, and will leverage already established systems such as the Regulatory Information Bank (RIB), to ensure there a formal process is being used to record and track actions and recommendations through to completion. This will be one of the sources of topics for regular reporting to the OMC.

Status: In progress (expected completion by April 2018)

Recommendation 1c

It is recommended that the vice-president of TSB take the appropriate actions to enhance and document the program management framework for the NEM program, with specific attention placed on:

    c. establishing a NEO forum as a means to regularly, effectively and consistently engage with CNSC stakeholders on horizontal issues of program importance

Vice-president of TSB

Agreed.
EMPD has committed to including NEO staff throughout the CNSC to provide comments and feedback in many aspects of the NEM program, including documentation, exercise development, training and other areas; it has just never been formalized or open to all NEO. As a way to keep NEO members engaged, and to improve and broaden the opportunities for all NEO members to share their ideas, knowledge and experience, EMPD will set up a NEO forum that will meet at least once per year.

Status: In progress (expected implementation date by Q4 of FY 2017–18 after the major exercise in December 2017)

Recommendation 1d

It is recommended that the vice-president of TSB take the appropriate actions to enhance and document the program management framework for the NEM program, with specific attention placed on:

    d. reviewing the NEM program resource complement to ensure it is commensurate with the current and evolving program scope

Vice-president of TSB

Agreed.
Staffing of two vacant positions in EMPD is completed and staffing actions for other new and/or vacant positions are currently underway as part of the CNSC workforce of the future initiative. This staffing activity will include reviewing if the resource levels are adequate to assure ongoing program implementation.

Status: In progress (expected completion by April 2018)

Recommendation 2

It is recommended that the vice-president of TSB take the appropriate actions to enhance the clarity and formality of roles, responsibilities and authorities in relation to the NEM program, by:

  1. clearly documenting the CNSC’s expectations for site staff, including roles, responsibilities and procedures in the event of an emergency, ensuring that these expectations are in line with NEO sections’ responsibilities
  2. strengthening the formality of linkages between NSD and EMPD, which should include a clear documentation of expectations for their involvement, and may include formally including them in the NEO structure

Vice-president of ROB

Vice-president of TSB

2 a) Agreed.
This recommendation was addressed and completed by DPRR staff in parallel with this audit. A procedure was prepared for site inspectors to use during their response to a nuclear power plant emergency (Role of a Site Inspector during an NPP Emergency, 2017/04/03, e-Doc 5015742). The procedure ensures that site inspectors know and understand their roles and responsibilities, that site staff are safe, and that the procedure aligns with the expectations placed on site inspectors regarding applicable reporting to the CNSC EOC NEO. The procedure was signed and approved for use by the DG, DPRR.

2) b) Agreed.
The role of Nuclear Security Division in the NEO structure of the EOC has been included in the NER Plan, which is currently being revised and expected to be approved by December 2017.

Status: Complete.

Status: In progress (expected completion December 2017)

Recommendation 3

It is recommended that the vice-president of TSB take the appropriate actions to establish a formal process by which TSB regularly reviews and, as necessary, incorporates updated threat and risk analysis into its emergency plans and key program activities, including exercise planning and procedural development.

Vice-president of TSB

Agreed.
As in the management response and action plan to recommendation 1) a), it is proposed that reporting on the NEM program, management will be taking steps to implement an Emergency Management Coordinating Committee (EMCC), and that regular reporting to the OMC which will cover topics including annual threat and risk reviews, and key program activities such as short- and long-term emergency exercise plans, NEO training plans, changes and improvements to the program, and status of actions and recommendations for improvement arising from after-action reports, lessons learned, audits and various sources of OPEX.

Status: In progress (expected completion by April 2018)

Recommendation 4

It is recommended that the vice-president of TSB take the appropriate actions:

  1. to review and determine, based on risk, what procedures and planning documents are required to ensure appropriate emergency preparedness and response, based on this, they should complete, and keep current, the key procedures and emergency plans
  2. to ensure that regularly and widely used procedures for the EOC are available for the staff in both official languages (English and French)

Vice-president of TSB

Vice-president of TSB

4) a) Agreed.
Work is underway to review and update the suite of EMPD documentation which will be captured in the CNSC Management System document structure as required, and will include the NER Plan and program, and emergency preparedness and response procedures. The Emergency Management Coordinating Committee will consider the documents to be included in the Management System and will report on the status of NEM program documentation to the OMC on a regular basis.

4) b) Agreed.
The procedures that are regularly and widely used will be made available in both official languages consistent with the official languages requirement.

Status: In progress (expected completion by April 2018)

Status: In progress (expected completion by April 2018)

Recommendation 5

Concurrent with its review of the suite of CNSC procedures, it is recommended that the vice-president of TSB take the appropriate actions to review and update program training needs, ensuring that the classroom and exercise-based training program is sufficient to address current plans, program requirements and key risks.

Vice-president of TSB

Agreed.
NEO training currently exists, and while it has been delivered to emergency response personnel in the past, generally the training was provided just prior to the major exercises in which the CNSC participated.   Looking forward, to improve the NEO training program, additional courses will be developed, included and tracked in the CNSC   Learning Management System course directory, and will become part of the curriculum for NEO members as part of their individual learning plans.   Some of the new courses will be generic (e.g., a supplementary course to EOC 101) that will provide EOC staff with greater knowledge and understanding of EOC operations and tools (e.g., use of WebEOC), while other courses will include technical training for specific EOC sections (to be developed and delivered by applicable directorate subject matter experts (SMEs)), and EOC director and section chief training, which will be specific to certain NEO staff filling those unique EOC positions. Training will be based on the NER Plan, key risks and program requirements, and will be provided by a variety of means such as self-directed and/or computer-based, classroom, section-specific, and tabletop drills and exercises.

Status: In progress (expected completion by April 2018)

Appendix C: Legislative and other authorities

Instrument Description

Nuclear Safety and Control Act (NSCA)          

Under the authority of the NSCA, the CNSC regulates the health, safety, security and environmental aspects of the development, application and use of nuclear energy and radioactive materials before, during and after nuclear emergencies.

Emergency Management Act (EMA)

The EMA recognizes the roles that all stakeholders must play in Canada’s emergency management system. It sets out the leadership role and responsibilities of the Minister of Public Safety and Emergency Preparedness, including coordinating emergency management activities among government institutions and in cooperation with the provinces and other entities. Responsibilities of other federal ministers are also set out in the Act. Section 6 of theEMA outlines the emergency management responsibilities of federal ministers, and by extension, the deputy heads of federal departments and agencies. In particular, the EMA requires federal institutions to identify risks within or related to their areas of responsibility and to develop emergency management plans (e.g., SEMP) related to those risks. Further, the EMA requires that plans be implemented and tested through training and exercises.

Federal Policy on Emergency Management (FPEM)

The FPEM was developed in support of the EMA and identifies both general policy requirements and specific requirements for prevention/mitigation, preparedness, response and recovery. It requires that federal institutions develop mandate-specific Strategic Emergency Management Plans (SEMPs) using all-hazards risk assessment, and that they include emergency management programs, arrangements and other measures to address the four components.

Federal Nuclear Emergency Plan (FNEP)

Owned and maintained by Health Canada, the FNEP describes the Government of Canada’s arrangements for managing a major nuclear emergency. It is a multi-departmental, event-specific plan that outlines the roles and responsibilities of federal organizations in preparing for and responding to a nuclear emergency. The FNEP focuses on the coordination and execution of federal scientific/technical activities required for nuclear emergency response, while the Federal Emergency Response Plan (FERP) provides the broader response structure.

Strategic Emergency Management Plan (SEMP)

The SEMP describes at the strategic level how the CNSC prepares for, responds to and recovers from nuclear emergencies, both as a regulatory body and as a support organization to the whole-of-government response. The SEMP includes a description of internal roles, responsibilities and expectations of key CNSC players.

Nuclear Emergency Response Plan (NERP)

The NERP Master Plan is the CNSC’s tactical response master plan that describes how the CNSC generally operates and responds to any and all emergencies.

Appendix D: Acronyms

AAR

after-action report

BCP

business continuity plan

CNSC

Canadian Nuclear Safety Commission

CSB

Corporate Services Branch

DG

director general

DO

duty officer

DSS

Directorate of Security and Safeguards

EET

Emergency Executive Team

EM

Emergency Management

EMA

Emergency Management Act

EMCC

Emergency Management Coordinating Committee

EMPD

Emergency Management Programs Division

EOC

Emergency Operations Centre

ERO

Emergency Response Organization

FERP

Federal Emergency Response Plan

FNEP

Federal Nuclear Emergency Plan

FPEM

Federal Policy on Emergency Management

NEM

Nuclear Emergency Management

NEO

Nuclear Emergency Organization

NERP

Nuclear Emergency Response Plan

NPP

nuclear power plant

NSCA

Nuclear Safety and Control Act

NSD

Nuclear Security Division

OAE

Office of Audit and Ethics

OPEX

operating experience

RBAP

Risk-Based Audit Plan

RIB

Regulatory Information Bank

ROB

Regulatory Operations Branch

SEMP

Strategic Emergency Management Plan

SME

subject matter expert

TSB

Technical Support Branch

UMM

uranium mines and mills

Appendix E: Team members

The audit team is composed of the following members:

Team members Contact

Joe Anton      
Chief Audit Executive

613-947-8220

Rolf Krantz
Audit Team Lead

613-995-3379

Angela Hawkes
Internal Auditor         

613-943-7433

Ina Liu              
Internal Auditor

613-995-3695

Carmen Abela    
Senior Consultant

613-943-7433

Date modified: