Evaluation of Food Safety Risk Intelligence – final report

On this page

• Executive summary
• Food safety risk intelligence– background and context
  • CFIA mandate and food safety
  • CFIA integrated risk management
  • Food Business Line level – Program Management Framework
  • Food safety risk intelligence - Definitions and key players
• Evaluation overview and scope
• Evaluation observations and recommendations
• Conclusion
• Acknowledgements
• Appendix 1 – Key branches involved in food safety risk intelligence
• Appendix 2 – Risk intelligence inventory
• Appendix 3 – Evaluation methods
• Appendix 4 – Overall evaluation findings and recommendations
• Appendix 5 – Evaluation limitations, mitigations and definitions
• Appendix 6 – Data collection, analysis and reporting
• Appendix 7 – CFIA food safety risk intelligence logic model
• Appendix 8 – Timelines
• Appendix 9 – List of acronyms and abbreviations

Executive summary

Mitigating food safety risks is the Canadian Food Inspection Agency's (CFIA) highest priority. To do so, the agency has systems and practices in place to identify food safety trends and risks, which continue to evolve due to increased global food production and trade, changing food preferences and accelerated technological advances. The CFIA uses risk intelligence to support food safety program design, planning, compliance and enforcement efforts.

The evaluation looked at whether CFIA's food safety risk intelligence systems and practices are working as intended to help safeguard the Canadian food supply. This is important because food safety risk intelligence allows the agency to make decisions and allocate resources to the highest-risk areas to safeguard the Canadian food supply, and protect the health and well-being of Canada's people and economy.

The evaluation found that CFIA's food safety risk intelligence systems and practices are generally working well to safeguard the Canadian food supply. The CFIA made significant progress and enhancements to the agency's food safety risk intelligence systems and practices over the four-year evaluation period (2016 to 2020). We found many examples where the agency used food safety risk intelligence to inform decision-making and take a proactive, risk-based approach to targeting and allocating resources to respond to high-risk food safety concerns. However, the evaluation also found that there are opportunities for improvement. We recommended that the CFIA clarify and document accountabilities, roles and responsibilities for food safety risk intelligence, and create a more structured and active internal working group to integrate, coordinate and collaborate on food safety risk intelligence activities and priorities. The evaluation also recommended that the agency improve internal processes for managing food safety risk intelligence overall; in particular, by improving how the agency shares food safety risk information gathered from external stakeholders. Finally, the evaluation recommended that the CFIA create a more robust and regularly updated performance measurement framework to assess program performance, and enable timely course correction and continuous improvement.

Food safety risk intelligence – background and context

CFIA mandate and food safety

Mitigating risks to food safety is CFIA's core mandate and highest priority. The health and safety of Canadians is the driving force behind the design and development of CFIA programs. The CFIA also plays a central role in promoting and facilitating the trade of Canadian food, plants and animals, and their associated products.

According to the Benchmarking Global Food Safety Performance Report (2016) which compared common elements among global food safety systems, Canada is in the top tier among 17 Organizations for Economic Co-operation and Development countries. Canada's food safety system is built upon internationally recognized standards and a risk-based inspection approach. The CFIA shares its food safety responsibility with other government departments including Health Canada and the Public Health Agency of Canada (PHAC), and with provincial, territorial and municipal food authorities, industry, international partners and consumers. Figure 1 presents an overview of key stakeholders and assigned responsibilities. Health Canada develops food safety policies and standards while PHAC is responsible for monitoring outbreaks; interventions; investigations related to human health; laboratory tests, coordination and communication. Provincial, territorial and municipal agencies assist with monitoring outbreaks while external partners, such as industry, international authorities and consumers, implement food safety controls, provide information on risks and take responsibility for safe food handling.

The CFIA administers and enforces multiple statutes and regulations that govern the safety and labelling of food sold in Canada and supports a sustainable plant and animal resource base. More recently, the Government of Canada introduced the Safe Food for Canadians Act (2018) and Safe Food for Canadian Regulations (2019), which merged previous food commodity specific legislation and regulations that the CFIA enforces. This allowed Canada to modernize its food safety system and introduced more rigorous risk management practices. This new legislation serves to further safeguard Canada's food supply and enhance the health and well-being of consumers by strengthening rules for food produced in Canada (primarily for interprovincial trade) or imported into the country.

CFIA integrated risk management

Global food safety environment

The CFIA operates in a challenging, ever-changing, global food safety environment. There are many factors that contribute to this, including increased global trade in agricultural and food products, changing food preferences toward plant-based products and international foods, advanced pace of technological innovation and the increased movement and survival of diseases and food safety hazards. To address this, the agency must be aware of and manage a complex risk landscape.

Treasury Board's 2010 Framework for the Management of Risk states that each department and agency is responsible for the implementation of effective risk management practices across their organization, ensuring they have the capacity and mitigation strategies in place to deal with these risks. Risk management practices should be implemented at all levels of the organization and should include both mandate-specific and corporate management risks. In 2015, the agency began to use the Integrated Risk Management Framework (IRM) (Figure 2) to recognize, understand and respond to this ever-changing food safety environment. The integrated risk management framework refers to a group of key policy documents, processes and tools, which collectively support CFIA's approach to integrated risk management. The integrated risk management framework is intended to help the agency manage risk in a systematic and transparent way across its mandate, and at all levels of the organization.

Food Business Line level – Program Management Framework

In 2015, CFIA's Policy and Programs Branch also developed the Program Management Framework to support the new Integrated Risk Management Framework. The Program Management Framework was designed to provide a systematic approach to assess risks in the food, plant and animal business lines and to continuously improve program performance.

The Program Management Framework cycle (Figure 3) is based on a consistent, recurring process that relies on 4 pillars: risk analysis, strategy development, direction for implementation, and performance measurement. The agency operationalizes the four pillars using a multi-step process that begins with an in-depth risk analysis based on both external and internal risk identification. The risk analysis informs an assessment of the current control measures that the agency uses to develop strategies to better mitigate the risks identified.

The Program Management Framework, with its base in risk intelligence, is designed to inform risk-based decisions and allow the CFIA to redirect inspection capacity to the areas of highest risk.

Food safety risk intelligence - Definition and key players

Importance of food safety risk intelligence

A key component of an effective risk management strategy is the gathering and use of risk intelligence to inform systems and practices. The CFIA responds to change and uncertainty by using food safety-related risk-based information to enable more effective decision-making and to move from a reactive to a more preventive and proactive approach.

Definition of risk intelligence

For the purposes of this evaluation, risk intelligence is defined as the transformation of information into meaningful and useful products that the agency shares internally to better support decision-making and integrated risk management activities in the Food Safety Program.

Key branches involved in food safety risk intelligence

The key CFIA branches involved in gathering and analyzing food safety risk intelligence are (see Appendix 1 for more details on their involvement):

• Science Branch
• Policy and Programs Branch
• Operations Branch
• International Affairs Branch
• Communications and Public Affairs Branch
• Supported by: Digital Services Branch, Human Resources Branch, Corporate Management Branch

Evaluation overview and scope

To manage food safety risk, the CFIA has systems and practices in place to identify food safety trends and risks, which continue to evolve due to increased global food production and trade, changing food preferences and accelerated technological advances. The CFIA uses that intelligence to support food safety program design, planning, compliance and enforcement efforts.

Objective

The objective of this evaluation was to determine whether CFIA's food safety risk intelligence systems and practices are working as intended to help safeguard the Canadian food supply. This is important because food safety risk intelligence helps the agency respond to change and uncertainty. The CFIA uses this intelligence to allocate inspection resources to the highest risk and to enable more effective decision-making to protect the health and well-being of Canada's people and economy.

Scope

The scope of this evaluation focused on the systems and practices that the CFIA uses to generate, analyze and integrate food safety risk intelligence and to apply that information to make risk-informed decisions at all levels of the agency. However, an in-depth assessment of the effectiveness of individual risk intelligence tools was beyond the evaluation scope. This is the first evaluation of CFIA's food safety risk intelligence activities and covers the period April 1, 2016 to October 31, 2020.

Use of findings

The findings of this evaluation will support the agency's design and management of food safety programs, including identification of potential performance measures. The findings will also help to identify where the agency's food safety risk intelligence systems and practices are working well, and where there are opportunities for improvement. Finally, the findings will inform subsequent Treasury Board submissions and updates to policies and frameworks.

Evaluation observations and recommendations

Observation 1: The CFIA made significant progress and enhancements to the agency's food safety risk intelligence capacity and was increasingly proactive between 2016 and 2020.

During the course of the evaluation, we found the CFIA made many improvements to its food safety risk intelligence practices and tools. The agency produced an increasing number of risk intelligence reports, such as Country Assessment Reports and Functional Intelligence Assessments. It also introduced new activities, such as the use of environmental scanning tools (Food Inspection Environment Scanning Canada (FIESCA) and Meltwater) in the last 2 years of the evaluation period (2018 to 2020). In addition, the Safe Food for Canadians Regulations came into force on January 15, 2019 which further strengthened the agency's risk-based approach for managing food safety. See Appendix 2 for an inventory of CFIA food safety risk intelligence activities and practices.

The majority of the 57 CFIA officials interviewed reported that during the evaluation period (2016 to 2020), CFIA's food safety risk intelligence activities had increased and matured, resulting in more extensive use of risk intelligence to allocate resources to the highest risk areas.

Although the agency has traditionally used scientific evidence and risk intelligence as a basis for the design of its programs, this increased focus on risk intelligence can be attributed to an investment of $81 M over 5 years (2016 to 2020) for improving food safety. The CFIA allocated a portion of this funding specifically to strengthening food safety risk intelligence and oversight which, as noted above, included work to develop modelling tools and numerous risk profiles, all in support of an integrated food safety risk intelligence approach.

The evaluation found that, for the most part, the agency informally followed the 5 steps of the risk intelligence cycle including planning/direction, collection, analysis, production and dissemination (Figure 4). The evaluation also found that, as the agency aimed to integrate different perspectives and areas of expertise, all branches contributed to food safety risk intelligence. Appendix 1 provides more detail on each branch's involvement.

From 2016 to 2020, the agency made enhancements to its food safety risk intelligence systems and practices, which supported inspection verification activities targeted to the highest-risk domestic and imported foods. These enhancements also allowed for a more preventive approach to addressing food safety risks before they reach domestic consumers. Although the evaluation did not directly evaluate each risk intelligence tool, we confirmed that the agency regularly reviewed and made continuous improvements to these tools and the supporting policies.

FSRI enhancements

From: Treasury Board mandated Risk Policy (2010)

To: The CFIA created risk intelligence frameworks that established an integrated systematic and transparent approach to managing risk and improving decision-making. For example, the agency created the Integrated Risk Management Framework (2015, revised in 2019 and currently under review) and the Risk Intelligence Framework (2017), which provided a consistent approach to developing and sharing risk intelligence products with decision-makers and employees. These documents outline roles and responsibilities for risk management.

From: CFIA Corporate Risk Profile - the profile identified seven corporate risks and assessed their likelihood and impact

To: The CFIA renewed its Corporate Risk Profile in 2018 to align with changes to the agency's Departmental Results Framework and it now reflects the most recent food safety indicators, which were not included in the previous Corporate Risk Profile. This effort begins to connect the agency's food safety risks and mitigation strategies with results.

From: CFIA - unstructured program design process

To: The CFIA developed a multi-step, systematic Program Management Framework in 2017 which uses risk intelligence to inform food program design and continually monitor performance. The Program Management Framework, which is reviewed annually, provides officials with procedures to make risk-based decisions and adjust controls so they address the areas of highest-risk. As part of the process, the CFIA develops comprehensive risk summary reports that characterize food safety risks related to different food commodities (that is, cheese, honey, canola oil) and what the agency is doing to manage the risk. The risk summary reports also identify sector trends and data gaps, which allows the agency to respond to emerging food safety concerns.

From: Specific monthly food testing results reported as food safety bulletins (some work started before 2016)

To: The CFIA further developed food safety bulletins and, after 2019, began using machine learning environment scanning tools such as Meltwater media monitoring to produce monthly reports that were shared across the agency. The agency also developed Food Inspection Environment Scanning Canada (FIESCA) – a web crawler used by Science Branch to gather information on topics such as COVID-19 and e-commerce.

From: Multi-specific food commodity inspection system (for example, meat, eggs, honey)

To: CFIA's Safe Food for Canadian Regulations which came into force on January 15, 2019, created a single, regulated Food Program. This regulation was introduced to strengthen Canada's food safety program with a focus on prevention and faster removal of unsafe food from the marketplace.

From: Establishment-based Risk Assessment (ERA) model (commenced in 2012)

To: The CFIA published a scientifically recognized model, the Establishment-based Risk Assessment model, that allowed it to use a standardized and consistent approach to identify areas of higher risk and inform where inspectors should be spending more time. The agency gathered data and undertook testing and validation between 2016 and 2020 for various food commodities, beginning with dairy, and gradually introduced the model for additional food groups over this period. Although outside the evaluation scope period, by 2021, the agency had applied the ERA tool across six commodities (dairy, maple, honey, egg, fish, processed fruits and vegetables) and used the tool to prioritize inspection oversight during the COVID-19 pandemic.

From: No import risk assessment tool

To: Beginning in 2018, the CFIA built on the approach it used for the Establishment-based Risk Assessment model (a mathematical algorithm which indicates which domestic food establishments are the highest priority for inspection, based on risk factors) to design a similar tool called the Importer Risk Assessment model. This model will mitigate risks associated with licensed food importers. As of June 2021, the CFIA profiled 32 food importers as part of the Importer Risk Assessment pilot project.

From: Comparative Risk Model (CRM) tool to compare and quantify risks, such as economic and public health, across the agency's food, plant and animal business lines (2016)

To: In 2017, the CFIA used the Comparative Risk Model to undertake an assessment of risks and the cost effectiveness of control measures to inform the Food Business Line Risk Profile which subsequently guided strategic priorities and Food Program design. In addition, the agency used the results of this model to prioritize tactical planning during the COVID-19 pandemic.

From: No tool to plan offshore food safety activities

To: An offshore food safety decision tool was developed by the CFIA to support the Offshore Food Safety Program. The tool utilizes internal data sets in conjunction with intelligence from other branches and external information from environmental scanning activities to determine areas of highest global food safety risk. The tool supports decisions to prioritize foreign establishment verifications.

From: Branch-based prioritization (2016)

To: In 2018, the agency introduced a new governance structure (updated in 2020) that included Food, Plant and Animal Business Line Management Boards to integrate branch management activities. The Boards functioned increasing well during the evaluation period to ensure food safety risks are presented to appropriate decision-makers.

Observation 2: The CFIA used food safety risk intelligence to inform control measures, allocate inspection resources, target preventative activities and, more recently, to prioritize critical services during COVID-19.

The agency's expanded use of risk intelligence supported a more proactive, risk-based approach to decision-making, resource allocation and priority-setting.

The evaluation found many examples of risk intelligence informing agency activities over the evaluation period, which demonstrated CFIA's progress in systematically applying risk intelligence to manage the Food Program. For example, the agency used risk assessments relating to imported pasteurized shell eggs, and hepatitis A in imported frozen strawberries from Egypt to target and reduce risk.

Four mini-case study examples are described below highlighting key risk intelligence impacts over three different years and more recently, to describe how the CFIA used food safety risk intelligence to help guide its COVID-19 pandemic response.

• E. coli in flour (2018) - The agency was aware of an outbreak of illness and participated in an investigation led by the Public Health Agency of Canada and in collaboration with Health Canada and provincial public health authorities. The intelligence indicated that the outbreak was related to raw flour, but the root cause was unknown. The agency investigated using Operations Branch and Science Branch intelligence data, along with further assistance from the Office of Food Safety Recall within Operations Branch, to determine the cause and put the necessary controls in place to mitigate future risks. The CFIA published the Microbiological Survey of Wheat Flour Sold at Retail in Canada, 2018 to 2019, in which the agency reported the results of microbiological testing undertaken by the CFIA and third party laboratories for food safety hazards, and a Risk Summary on Pathogens in wheat flour, bran and germ, which guided necessary program changes to mitigate risk.
• Cyanide in Apricot kernels (2019) – In 2019, Health Canada established a new maximum level for cyanide in apricot kernels. To address this, the CFIA took action to further protect Canadians from potential poisoning from apricot kernels. This action included advising implicated industry parties of the risk and requirements, implementing additional testing, and issuing an Interim operational procedure to inform CFIA inspection and enforcement activities.
• E. coli in Romaine Lettuce (2020) – In 2020, the agency proactively put controls in place to respond to the risk posed by E. coli in romaine lettuce after many years of observing the same pattern of E. coli in romaine lettuce from Salinas Valley, California (during the fall). The creation of an ad-hoc working group, the development of a targeted survey, and the implementation of new control measures showed how the agency used risk intelligence to improve food safety. Canadian businesses importing romaine lettuce from California either had to demonstrate that their lettuce did not come from the Salinas Valley or had to show test results that indicated the lettuce was not contaminated with E. coli. These measures were outlined in New import requirement: E. coli testing for California romaine and CFIA's Risk Management of Imported Romaine Lettuce processes.
• Risk intelligence to guide the agency's response to COVID-19 (2020) – Science Branch produced an environmental scanning report on the heightened risks of food misrepresentation during the pandemic due to pressures from commodity shortages, production issues and economic downturn. The report increased the agency's understanding of the changing risk landscape. The agency also used intelligence from the ERA model and the principles of the integrated risk management policy to take a proactive, risk-based approach to prioritizing critical services and protect food safety.

The evaluation asked 57 CFIA officials about the agency's use of food safety risk intelligence. Many responded that the agency had become much better over the last 4 years at taking a proactive approach to risk intelligence by identifying early signals, anticipating issues, and responding in a more timely fashion to mitigate both domestic and international risks. For example, officials described the agency's use of environmental scanning tools, such as the Food Inspection Environment Scanning Canada (FIESCA) and Meltwater, combined with Science Branch's work on signals assessment. This work identified signals from large volumes of internal and external information and determined which risks the agency needed to action immediately and which ones the CFIA needed to investigate further to identify trends.

The majority of officials believed CFIA's food safety risk intelligence activities were maturing across the agency at all levels. Officials explained how all branches now play a role. For example, Operations Branch gathers information on compliance status and industry controls and from this generates tactical intelligence. Science Branch generates laboratory data and gathers surveillance and testing information, and the International Affairs Branch gathers risk information from foreign countries' food systems. During the evaluation period, the CFIA also strengthened how it incorporated risk intelligence into the Program Management Framework to ensure a more consistent, systematic and collaborative approach to risk analysis.

"There has definitely been progress (in food safety risk intelligence). COVID-19 shows we are comfortable making decision based on ERA data. I always associated ERA with saving resources. COVID-19 pushed us. We are using ERA data better."

"Things have gotten better – understanding where the risks are and from what countries, which commodities are higher risk, funds put into this (risk intelligence) have been very useful. We have a better sense of the bigger picture."

"The Intelligence and Targeting unit has done their homework. They understand what intelligence should be. They brought in some formality. They have staff trained in analytical function. The products they produce have improved."

Observation 3: The CFIA created the Risk Intelligence Working Group as a single, multi-branch forum to coordinate food safety risk intelligence activities, but the group was relatively inactive and unstructured with no formal governance path.

In 2016, the agency established a multi-branch forum called the Risk Intelligence Working Group (RIWG) to centralize food safety risk intelligence activities. The CFIA created this working group in recognition that food safety risk intelligence is a strategic priority, facilitated by new funding for improving food safety. The CFIA intended the Risk Intelligence Working Group to address key priorities such as information-sharing, collaboration and identification of key risks. The agency also created other sub-committees of the Risk Intelligence Working Group to oversee the development of new tools and activities, and provide strategic direction. Despite this progress, the evaluation found that the Risk Intelligence Working Group did not formalize a terms of reference or generate annual work plans to guide the group's activities. In subsequent years (2018 to 2019), the Risk Intelligence Working Group became relatively inactive, and there was limited evidence of progress in the group's priority areas. However, in early 2020, the CFIA revitalized the working group which began meeting more regularly. As part of these renewed activities, the agency developed terms of reference for the working group, but, at the time of the evaluation, it had not yet been finalized or approved. Since the Risk Intelligence Working Group operated without approved terms of reference, the group lacked a defined governance path to bring forward key priorities for discussion and approval.

During the early part of the evaluation period, the agency was in the process of making significant changes to its governance structure. This involved the creation of Business Line Management Boards (and Committees that report into the Boards) to provide strategic leadership, and establish priorities for each business area the CFIA is responsible for (for example food, plant and animal welfare). This transitional period created further challenges for officials looking to discuss food safety risk intelligence activities and reports through the agency's Food Program governance. While the evaluation found some evidence of Risk Intelligence Working Group presentations to the Food Business Line Committee/Management Board during the evaluation period, these were scheduled on an ad hoc "for information only" basis.

To avoid silos and ensure integration, the CFIA requires a structured and active forum to discuss and manage food safety risk intelligence activities. Without this forum, information-sharing is more difficult and creates a lack of coordination when setting priorities across the branch and business line matrix governance structure. Working in silos also makes risk intelligence activities inefficient as there may be duplication of effort or gaps when there is a turnover of staff and information is not transferred.

Finally, without a clear governance path, there is a risk that emerging areas of concern are not elevated to the appropriate authority for response or decision in a timely manner.

Recommendation 1

The CFIA should create and approve a terms of reference for the Risk Intelligence Working Group that clearly describes the working group's mandate, structure, roles and responsibilities, and meeting schedule. These terms of reference should describe the governance path for the working group to report on the results of its activities and to provide recommendations to decision-makers.

Observation 4: The CFIA did not have a clearly documented, accountable lead for food safety risk intelligence activities. As a result, there was a lack of clarity about the strategic vision and priorities for food safety risk intelligence activities, and confusion about roles and responsibilities, particularly at the working level. This led to a fragmented approach to collecting, managing and reporting on food safety risk intelligence.

The evaluation found that the CFIA did not clearly document a decision, with the necessary rationale and assigned roles and responsibilities, to indicate which branch Vice-President is the accountable lead for food safety risk intelligence at the agency.

Although several documents discussed agency roles and responsibilities, including CFIA's Mandate, Roles and Responsibilities, Integrated Risk Management Roles and Responsibilities, and CFIA's Risk Intelligence Framework, they did not clearly define the accountable lead for food safety risk intelligence. In fact, certain key documents did not mention risk intelligence at all (such as the Integrated Risk Management Roles and Responsibilities) or they had not been updated since the establishment of the International Affairs Branch and Digital Services Branch in 2019. Furthermore, the Chief Risk Officer and Chief Data Officer roles were not identified in the agency's Mandate Roles and Responsibilities document, which was updated in 2019.

Without clearly documented accountabilities, roles and responsibilities, the agency may find it difficult to exercise oversight and foresight on risks to food safety and appropriately allocate resources to food safety risk intelligence activities. The Treasury Board Framework for the Management of Risk underscores the importance of accountable leadership for setting strategic priorities, allocating resources and making informed risk-based decisions.

CFIA officials interviewed confirmed this lack of clarity and noted ongoing confusion, particularly at the working levels, about the roles and responsibilities related to food safety risk intelligence. Officials explained that the creation of the agency's 2 new branches, International Affairs Branch and Digital Services Branch, combined with the subsequent re-organization of all positions upon creation of these new branches added to the confusion. The roles and responsibilities, and rationale for food risk intelligence leadership became further fragmented. This was because individuals who were part of the Policy and Programs Branch were reassigned to the 2 new branches, but their risk intelligence roles and responsibilities were not documented.

CFIA officials also stated that the agency needed to do more to create awareness of the types of risk intelligence work done in each branch, create synergies and remove silos. Many interviewees noted the need to improve how CFIA branches work together on food safety risk intelligence.

"One challenge is that roles and responsibilities are not defined. Uncertainty came when Digital Services Branch was formed- they have a risk oversight role and their role was given without being defined."

"There is a void when we work with others, we know who we need to work with but it is not clear what we want to bring to the table, how we want to be involved, there are many different types of risk intelligence, often requires context. The agency needs direction; it would be good to have that discussion and develop the foundation."

We found that there was no centralized, systematic tracking of how food safety risk intelligence had been developed and verified, who was responsible for the information, and whether officials used the intelligence to inform risk management tools or activities. Most CFIA officials interviewed confirmed that, given the diversity, complexity and speed of information available, the agency might not be mining all the food safety risk intelligence information to its maximum extent.

Most CFIA officials noted various ways to improve the handling of risk intelligence information such as standardized processes, better communication, and more data training. A few officials suggested that the use of technology-enabled tools, such as artificial intelligence, could enable these risk intelligence processes. Furthermore, officials explained that they did not have easy access to risk intelligence and a process to guide the flow of information between business lines and branches, although officials explained that many branches had begun to share risk intelligence through their own SharePoint sites.

We also found that individual branches had drafted policies and procedures to support risk intelligence processes. For example, the Operations Intelligence and Targeting section in the Operations Branch created several standard operating procedures that followed the 5-step risk intelligence cycle. However, these were internal, draft documents that described branch-specific procedures, and some of the documents were still under development or were in the process of being updated.

Recommendation 2

The CFIA should clarify, document and communicate the accountability, roles and responsibilities for collecting, managing and reporting on the results of its food safety risk intelligence activities.

Recommendation 3

The agency should clarify, document and communicate a consistent, integrated approach for internal processes for gathering, storing, analyzing and taking action on food safety risk intelligence.

Observation 5: The CFIA lacked an effective performance measurement framework for food safety risk intelligence activities that includes regular, documented reporting.

Regular monitoring and reporting on the agency's food safety risk intelligence performance is important to allow CFIA officials and senior management to better understand progress toward intended outcomes, and to course-correct in a timely manner. Regular performance reports could also demonstrate the value of the agency's risk intelligence activities, strengthen the case for additional funding if needed, and contribute to lessons learned that the agency could apply to other business lines.

We found that the CFIA did not prepare regular performance reports on progress toward priorities or achievements related to food safety risk intelligence. CFIA's Risk Intelligence Framework outlined a plan to measure success against two outcomes: risk intelligence is accessible and shared; and risk intelligence supports risk-informed decision-making at all levels of the organization. However, the agency did not report on the 6 indicators (presented in the table below) designed to measure progress toward these two outcomes.

While a few accomplishment reports were prepared, the agency did not integrate these results into a report on the performance on its food safety risk intelligence activities.

As part of its annual Management Accountability Framework reporting to Treasury Board, the CFIA collected short- and medium-term performance measures on improving food safety. These performance measures included indicators related to food safety risk intelligence, but were output-based (number of Risk Summary reports produced; number of establishments profiled), rather than outcome-based. Therefore, the agency could not use these performance measures to understand where to enhance food safety risk intelligence activities or support decision-making, or to demonstrate its progress toward its Departmental Results Framework Ultimate Outcome: Food sold in Canada is safe and accurately represented in Canada. This is because the performance measures did not allow the agency to explain how food safety risk intelligence activities related to the Ultimate Outcome.

During the course of the evaluation, the agency made improvements to some of the Food Safety Program's performance indicators. This should allow the CFIA to better demonstrate the results of its enhanced food safety risk intelligence activities.

Recommendation 4

The CFIA should update its performance measurement framework to include measures that will allow it to monitor and report on progress toward food safety risk intelligence program outcomes, and continuously improve performance. The food safety risk intelligence performance measures should feed into the agency's broader Food Program performance measurement framework.

Observation 6: The CFIA actively engaged with external stakeholders to gather food safety risk information. However, the agency did not have a clear process to document and share the risk intelligence gathered from external stakeholders to ensure all relevant officials received and considered the information in decision-making.

As noted in CFIA's Stakeholder Engagement Framework, the agency has a long history of external engagement with a broad scope of stakeholders on regulatory, policy and program developments. CFIA's risk intelligence relies heavily on engagement and information-sharing with external stakeholders, including other government departments, industry groups, academia, and international partners. Their input allows for a more complete and collaborative approach to identifying emerging issues, and offers a broader perspective.

Most external stakeholders we interviewed explained they were generally supportive of CFIA's stakeholder engagement practices, and many believed that the agency's engagement was timely, transparent and well-managed.

Industry:

The evaluation found that the CFIA engaged with industry in numerous ways to gain awareness of potential food safety issues. For example through:

• the Policy and Program Branch's Industry Relations Group, which acts as the primary point of contact for national food industry associations
• CFIA's participation at industry-led conferences where CFIA subject-matter experts attend question and answer sessions and offer insights into current compliance requirements and potential upcoming changes
• engagement with inspectors, which allows individual producers to connect directly with CFIA personnel to share their food safety concerns
• various industry engagement tools like AskCFIA and the SharePoint tool, Consult Inform Collaborate Involve (CICI), which coordinates engagement activities

Academia:

The CFIA established multiple commodity-specific Scientific Advisory Committees, comprised of members of academia as well as CFIA officials and other government departments, to provide the agency with objective, expert and technical advice on key issues related to the development of the Establishment-based Risk Assessment model. Academia spoke highly of the committees and noted they were well organized and transparent. The majority of academia interviewees also believed the CFIA valued their input and that they were able to have a constructive exchange of ideas. CFIA officials responsible for the Establishment-based Risk Assessment model indicated that the agency incorporated the advice received from the Scientific Advisory Committees into the development of the model to further bolster its scientific validity and assist with the ranking of risks.

International:

The evaluation found that the CFIA connected with the international community through memberships and linkages including the following:

• the International Food Safety Authorities Network, which is a global network of national authorities in food safety coordinated jointly by the Food and Agriculture Organization of the United Nations and the World Health Organization
• the CODEX Alimentarius Commission, which is the world's governing body responsible for setting international food standards and codes of practice
• numerous CFIA environmental scanning tools, which are used to monitor media reports, journal articles and scientific publications from around the world to identify food safety issues

Connectivity to the international community is a key element for enhanced food safety risk intelligence to ensure awareness of emerging global food safety threats.

Federal, provincial and territorial:

The CFIA participates in numerous federal, provincial and territorial forums to exchange food safety information such as:

• the Federal Provincial Territorial Food Safety Committee, which aims to strengthen Canada's food safety system by enhancing federal, provincial and territorial government leadership and partnership in food safety
• the Interdepartmental Working Group on Intelligence Led Enforcement, which is designed to identify and resolve challenges and share best practices in intelligence operations to support evidence-based decision-making
• the Canadian Food Safety Information Network, which is a federal initiative led by the CFIA, partnered with the Public Health Agency of Canada, Health Canada and provinces and territories. This federal, provincial and territorial partnership between food safety authorities is designed to foster a collaborative pan-Canadian food safety network

The evaluation did not include these forums and committees because they are included in a separate evaluation of the Canadian Food Safety Information Network, scheduled to begin in 2022.

While we found that the CFIA actively engaged with external stakeholders to gather food safety risk information, the agency did not have a systematic process to document the food safety risk information collected directly from these engagement practices and share internally with CFIA officials. This is important because without a process to share this external risk intelligence information, the agency may not be able to consider this information in its risk-based decision-making.

Recommendation 5

The CFIA should clarify, document and communicate the processes to gather food safety risk information from external stakeholders, and share the information gathered with the Risk Intelligence Working Group in a timely manner.

Conclusion

The evaluation found that CFIA's food safety risk intelligence systems and practices were generally working well to safeguard the Canadian food supply. The agency made significant progress and enhancements to its food safety risk intelligence systems and practices over the four-year evaluation period (2016 to 2020). We found many examples where the agency used food safety risk intelligence to inform decision-making and take a proactive, risk-based approach to targeting and allocating resources to respond to high-risk food safety concerns.

However, the evaluation also found that there were opportunities for improvement. We recommended that the CFIA clarify and document accountabilities, roles and responsibilities for food safety risk intelligence, and create a more structured and active internal working group to integrate, coordinate and collaborate on food safety risk intelligence activities and priorities. We also recommended that the agency improve internal processes for managing food safety risk intelligence overall, particularly by improving how it shares food safety risk information gathered from external stakeholders. Finally, we recommended that the CFIA creates a more robust and regularly updated performance measurement framework to assess program performance, and to enable timely course correction and continuous improvement.

Acknowledgements

The evaluation team would like to acknowledge the contributions of all CFIA employees across Canada, other government department representatives, academics and industry association representatives who participated in the interviews in support of this evaluation. Their perspectives and experiences were essential to this evaluation.

The evaluation team would also like to thank the members of the Food Safety Risk Intelligence Evaluation Advisory Committee for their expertise and cooperation throughout this evaluation.

Appendix 1 – Key branches involved in food safety risk intelligence

The following groups played key roles in the food safety risk intelligence cycle to gather information, and contextualize and translate it into intelligence for decision making purposes:

• Science Branch - developed intelligence based on laboratory data and other supporting information (for example Laboratory Sample Tracking System, Canadian Food Safety Information Network data), environmental scanning of open source information and scientific literature, coordinates the Risk Intelligence Working Group and risk intelligence products. Key group of note within Science Branch includes Food Science Advice and Intelligence Division.
• Operations Branch - developed intelligence based on operational data and other supporting information (for example Issues Management System, Compliance Verification System, Digital Service Delivery Platform, and Canada Border Services Agency data, as well as data from sources that includes inspection delivery, compliance, enforcement). Key groups of note within Operations Branch includes the Operations Intelligence and Targeting group and Data Reporting and Stewardship section.
• Policy and Programs Branch - developed intelligence based on information brought forward through industry associations, food safety and consumer protection issues, Codex Alimentarius, interface with other government departments (for example Agriculture and Agri-food Canada, Environment and Climate Change Canada, Health Canada, Public Health Agency of Canada, Provincial and Territorial Governments). Key groups of note within Policy and Programs Branch include Risk Analysis and Planning Group and Industry Relations Group.
• Digital Services Branch – developed artificial intelligence/technological tools to help with data analysis, managing data standards, expertise on integrated risk management and positioned as an enabling group. Also home of the Chief Data and Risk Officer. Key groups of note within Digital Services Branch include Risk and Analytics Group and Establishment-based Risk Assessment project team.
• International Affairs Branch – developed intelligence based on information from sources that include interactions with foreign competent authorities, incoming and outgoing audits, technical assistance missions, offshore activities. Key groups of note within International Affairs Branch include Food Import/Export Division.
• Communications and Public Affairs Branch - developed intelligence based on social media scanning, interpretation and contextualization, intelligence brought forward through public perception and opinion, risk communication materials. Key groups of note within Communications and Public Affairs include Program Communication Division, Food Safety Unit.

Appendix 2 – Risk intelligence inventory: policies, governance and tools

The evaluation found evidence of different policies, governance, tools and reports that supported an integrated risk management approach and the food safety risk intelligence cycle, including:

• Policies: The CFIA has numerous policies and frameworks that guide and support Food Safety Risk Intelligence activities including:
  • Integrated Risk Management Framework and Policy (sets the foundation for the establishment of an integrated, systematic and transparent approach to addressing risk at all levels of the organization and across all aspects of CFIA's mandate, currently being refreshed out of Digital Services Branch)
  • Program Management Framework (helps analyze, and mitigate risks using intelligence, through program design and implementation of appropriate controls)
  • Risk Intelligence Framework (outlines guiding principles, types of risk intelligence and standardized approaches)
• Governance and organization structure:
  • Risk Intelligence Working Group established in 2016
  • New divisions in Digital Services Branch (Risk and Analytics) Operations Branch (Operations Intelligence and Targeting), Industry Relations (Policy and Programs Branch)
• Tools: Risk intelligence is used to inform (or as input) to various models and tools, which subsequently generate additional risk intelligence. The CFIA has numerous risk-based tools including:
  • Establishment-based Risk Assessment model (increasingly well recognized and implemented over a broadening number of food areas)
  • Importer Risk Assessment Model (to be launched; will identify areas of higher risk and indicate where inspectors should be spending more or less time. This means that higher risk establishments and importers or sectors that require urgent attention can be easily identified and focused on)
  • Comparative Risk Model (identifies, quantifies and ranks risks across business lines)
  • Environmental Scanning Tools (such as Food Inspection Environment Scanning Canada (FIESCA), WebCrawler led by Science Branch and Meltwater a media scanning tool out of Communications and Public Affairs Branch)
  • Offshore Food Safety Decision Tool  (identifies food safety-related hazard, commodity and country combinations in risk-ranked tiers. Tool informs planning activities for the Offshore Food Safety Program and is used to generate Country Assessment Reports)
  • AskCFIA- a single point of entry database for industry questions
• Reports: The CFIA generated many food safety risk intelligence reports, including:
  • Risk Summaries – these provide detailed information relating to product background, industry, consumers, risk controls in place and key findings for a particular food item; lead by Policy and Programs Branch with input from Operations and Science
  • Monthly Environmental Scanning Reports led by Science (since June 2020)
  • Environmental Scan Comparative Analysis – February to May 2019 compared to February to May 2020: provides an assessment of month over month trends to enable subject matter experts to evaluate the different sources of information and observe potential emerging issues
  • Country Assessment Reports – new analysis reports produced by Science Branch, 9 in total since 2016, for key importers such as France, Taiwan, Italy, and Israel. The reports assess emerging food safety risks in each country and describe the CFIA actions
  • Food Safety Bulletins - led by Science Branch, these bulletins show the results of chemical and microbiological testing that are published on the CFIA external website
  • Risk Intelligence reports - produced by Operational Intelligence, Targets and Enforcement Section (Operations Branch) which uses operations data as well as other internal and external data sources to answer a broad range of tactical and functional intelligence questions; 4 types of reports are produced i) Intelligence Bulletins ii) Functional Intelligence/Problem Assessments iii) Strategic Intelligence Assessment and iv) Intelligence Briefs
  • Food Business Line Risk Profile - outlines the risk drivers, residual risk, control measures and control measure cost effectiveness
  • Mandate Risk Profile - combines information from environment scans, food, plant and animal business line risk profiles, and analyses performed by subject matter experts; and
  • Establishment-based Risk Assessment (ERA) risk intelligence reports- produced by ERA team for example:
    • Establishment Risk Profile – Establishment-specific information on inherent, mitigation and compliance factors
    • Operational Risk Profile – Number of establishments per risk category and geographical distribution, statistics on historical inspection
    • Program Risk Profile – Risk of commodity's sub-products, production volume and number of establishments per risk category
    • National Risk Profile – National and area statistics information on inherent, mitigation and compliance factors

Appendix 3 – Evaluation methods

The mixed method research design for this evaluation incorporated 7 lines of evidence using multiple data collection and analysis methods. The evaluation was guided by the following questions:

1. What systems, practices and governance does Canadian Food Inspection Agency have in place to ensure the efficient and timely coordination and integration of food safety risk intelligence activities? Does the agency have sufficient capacity (Human Resources, financial, Information Technology) to undertake food safety risk intelligence and achieve food safety program outcomes?
2. Are CFIA's food safety risk intelligence systems and practices working as intended to help safeguard the Canadian food supply? To what extent have the food safety risk intelligence activities been effective in informing risk based decision making and planning across the agency? 
3. What is working well and where are there challenges? Where are there opportunities for improvement?

Interviews

1. CFIA internal interviews

The evaluation team facilitated interviews across Canada with CFIA officials at all levels and branches, for a total of 57 interviewees. This information assisted with understanding and validating the CFIA's Food Safety Risk Intelligence systems and practices, and the integration and overlap of their structure and design. Interview questions focused on the three evaluation questions.

2. Other Government Department interviews

The evaluation team interviewed 7 different department and agencies to get a general understanding of how other government departments use risk intelligence to make risk based informed decisions, to obtain best practices and to get a general understanding of the exchange of risk intelligence with CFIA.

3. Industry and academia interviews

The evaluation team interviewed 5 members of the Scientific Advisory Committee and 10 industry associations to gain an external perspective on CFIAs' risk intelligence activities and whether external stakeholders were able to effectively share risk intelligence information with the CFIA.

Internal organizational and external reviews

4. FSRI flow diagrams

The evaluation team created FSRI flow diagrams to outline the risk intelligence activities of CFIA branches. The diagrams were created based on information from documents and interviews and were later validated by the evaluation Advisory Committee.

5. Document review

The evaluation team reviewed more than 500 internal and external documents (for example Treasury Board policies, governance presentations, CFIA reports, stakeholder communications and CFIA SharePoint sites), to obtain knowledge of CFIA Food Safety Risk Intelligence planning, risk based decision making and implementation to safeguard the Canadian food supply.

6. Review of Improving Food Safety Financial Reports

The evaluation team reviewed numerous financial budget and expenditures reports from 2016 to 2020 regarding the Improving Food Safety (IFS) funds obtained during that period to further the team's understanding of CFIA FSRI activities and expenditures.

7. Demo of 3 environmental scanning tools

The evaluation team received demos of 3 environmental scanning tools and services: Food Inspection Environment Scanning Canada (FIESCA) (Science), Meltwater (Communications and Public Affairs) and Gartner (external) to demonstrate how these tools assisted the CFIA in gathering risk intelligence.

Appendix 4 – Overall evaluation observations and recommendations

Appendix 5 – Evaluation limitations, mitigations and definitions

Below are evaluation limitations and the mitigation strategies used by the evaluation team to reduce their impact:

1. The CFIA has numerous activities related to food safety risk intelligence. Evaluating all aspects of these activities was not feasible. Therefore, the evaluation team focused the evaluation on key questions that met the information needs of CFIA senior management.
2. There are numerous internal and external stakeholders involved in CFIA food safety risk intelligence. Conducting interviews with all stakeholders was not possible. The evaluation design used a purposeful sample for interviews, meaning interviewees were not randomly selected, rather the selection was based on interviewee expertise. Furthermore, industry representatives were from relevant associations, thus representing entire sectors, rather than individual companies or producers.
3. The term "risk intelligence" was inconsistently used at the CFIA, adding considerable complexity to the evaluation. The evaluation team mitigated this by defining what risk intelligence meant for the evaluation and using this definition to guide data collection activities such as interviews and document review.
4. CFIA risk intelligence has evolved over the time period being evaluated; April 1, 2016 through October 31, 2020. This evolution increased the complexity of the analysis. The evaluation team gathered information related to changes to CFIA risk intelligence activities and took this information into consideration when drafting findings, conclusions and recommendations.

Key Terms and concepts

Risk refers to the probability of an adverse effect and the severity of that effect.

Information is knowledge and data (both qualitative and quantitative) obtained from investigation, study or instruction.

Risk intelligence is transformation of information into meaningful and useful products that are shared across the agency to better support decision making and integrated risk management activities in the food safety program.

Risk intelligence cycle is used to identify, analysis and document risk intelligence in a systematic way. The 4 steps in the RI cycle are planning, collection, analysis and production, and dissemination.

Integrated risk management is a continuous, proactive and systematic process to understand, manage and communicate risk from an organization wide perspective.

Risk owner is the functional authority with the accountability and authority to manage risk.

Appendix 6 – Data collection, analysis and reporting

Language used for reporting

Unless specific percentages are reported, the evaluation team used the categories below to summarize the findings, many of which are supported by multiple lines of evidence.

For example, "many programs" refers to 41 to 55% of programs whereas "almost all programs" refers to over 94% of programs.

The evaluation team used a mixed methods approach incorporating both qualitative and quantitative data to provide several lines of evidence and different perspectives. These included:

• conducted document reviews and targeted interviews to provide context for the management of Food Safety Risk Intelligence at both the agency, other government departments, academia and with industry groups
• quantified themes identified in interviews with text analysis software (QDA Miner)
• reviewed financial reports from Improving Food Safety Funds
• reviewed external literature to identify best practices
• received 3 environmental scanning demos and reports from Science Branch, Communications and Public Affairs Branch and an external research organization

Guidance and oversight: The evaluation was guided by both an Advisory Committee and the agency's Performance Measurement and Evaluation Committee. The Advisory Committee provided strategic and technical advice on all aspects of the evaluation project to the Head of Evaluation, and its membership included representatives from all branches, and was co-chaired by Audit and Evaluation Branch and Science Branch. The Performance Measurement and Evaluation Committee provided guidance and advice on all aspects of the evaluation report and recommended the final report for approval by the president.

Appendix 7 – CFIA food safety risk intelligence logic model

Appendix 8 – Timelines

The following presents a timeline of policies, reports and governance activities related to food safety risk intelligence over the evaluation period 2016 to 2020.

Policies

2012

Integrated Risk Management Policy establishes an integrated, systematic and transparent approach to addressing risk at the CFIA. It was first created in 2012.

2016

Policy on Results: Treasury Board's Policy on Results came into effect on July 1, 2016. One of the expected results of the policy is for all departments and agencies to allocate resources based on risk to optimize results.

2017

Program Management Framework: The Framework was finalized in 2017. It outlines the 7 steps of program management: identify outcomes, identify risks, select control measures, determine delivery mechanism, determine enforcement approach, assess performance, review and adjust program.

CFIA Risk Intelligence Framework provides a systematic approach to develop and share risk intelligence across the CFIA.

The Foodborne Illness Outbreak Response Protocol was last revised in 2017. It is focused on collaboration and response effectiveness for multi-jurisdictional foodborne illness outbreaks.

2019

New Departmental Performance Report Performance Information Profiles: Departments and agencies had until November 2017 to implement program inventories and performance information profiles. This changed the data presented in departmental performance reports.

2020

Treasury Board Policy on Service and Digital replaced Treasury Board Policy on Service. The Policy and its associated instruments define terms such as "program" and "service" and provide direction related to program design, capacity, performance measurement and client-centred services.

2021

Integrated Risk Management Framework and policy refresh: The CFIA uses the Integrated Risk Management Framework to manage risk and allocate resources. The Integrated Risk Management Framework Policies are currently being refreshed.

Reports

2014

Risk summaries: Risk summaries provide detailed information relating to product background, industry, consumers, risk controls in place and key findings for a particular food item.

Food safety bulletins are monthly reports that show the results of chemical and microbiological testing that are published on the CFIA external website. There are currently 253 food safety reports published on the CFIA website that go back 2014.

2016

Operations Intelligence and Targeting reports: This group in Operations Branch produces a variety of intelligence products, including risk intelligence guidance documents and analysis to inform risk management at the CFIA.

Country assessment reports: These reports identify food products and commodities of concern identified by research and analysis performed by the CFIA Science Branch. The reports also outline CFIA actions in response to findings.

Food Business Risk Profile was created to provide risk contextual information to assist with decision making.

Corporate Risk Profile: Last updated in 2018, the profile identifies 7 key corporate risks and provides information regarding their likelihood and impact. The 7 risk categories include: 1) Innovation and Science, 2) Globalization 3) Climate Change 4) Prevention, Response and Emergency Management 5) Equipped, Engaged and Ethical Workforce 6) Asset Management 7) Service.

2020

Covid prioritization report: The CFIA created a report for senior management to outline prioritization of front line services during the Covid-19 pandemic. This report provided guidance for resource allocation.

Environmental Scan Comparative Analysis Trend Report: Summarizes environmental scanning done on open media sources using Food Inspection Environment Scanning Canada (FIESCA). It compares the results from February to May 2019 compared to February to May 2020 to see if there are any trends.

Monthly environmental scanning reports: Using FIESCA and Meltwater, monthly media reports are created for CFIA employees including Vice Presidents.

Covid food misrepresentation report: The CFIA recently did a risk intelligence report regarding food misrepresentation during the Covid pandemic.

2021

Public opinion reports: The CFIA has gathered public opinion regarding the Safe Food for Canadians Regulations (SFCR). The research identified SFCR awareness, business Covid-19 challenges, service expectations and satisfaction with digital properties.

Governance and organizational structure

2010

Food Business Line Committee (FBLC): identifies priorities and monitors their delivery. Key issues are elevated to higher level committee. FBLC was established in 2010.

2017

Creation of International Affairs Branch and Digital Services Branch: International Affairs Branch was created to focus on market access issues. Digital Services Branch was created to drive continuous improvement and innovation throughout the entire agency, including activities related to risk.

Food Business Line Management Board: The management board is responsible for providing strategic leadership, documenting risk management, establishing priorities, and managing business line performance. It was established in 2017.

Risk Intelligence Working Group: The Working Group coordinates the development of risk intelligence products and activities and supports the risk intelligence community within the CFIA. This group and its signal identification sub working group were established in 2017.

2018

The Federal Provincial Territorial Food Safety Committee allows for collaboration and sharing of information between departments and agencies involved in food safety and agriculture. They updated their terms of reference in 2018.

2018-19

Risk Intelligence Working Group was mainly dormant from 2018 to 2019.

2020

Interdepartmental Working Group on Intelligence Led Enforcement: The group was launched in 2019 to share best practices and identify and resolve challenges.

Risk Intelligence Working Group became active again in 2020. They have recently developed a 2020-21 work plan and drafted a vision statement. Activities on the work plan include: holding meeting, establishing a risk intelligence glossary and reviewing risk intelligence products.

Appendix 9 – List of acronyms and abbreviations

CFIA

Canadian Food Inspection Agency

CiCi

Consult Inform Collaborate Involve

CRM

Comparative Risk Model

ERA

Establishment-based Risk Assessment

FIESCA

Food Inspection Environment Scanning Canada

FSRI

Food Safety Risk Intelligence

IFS

Improving Food Safety (Treasury Board Submission)

IAB

International Affairs Branch

DSB

Digital Services Branch

IT

Information Technology

IRM

Integrated Risk Management

PHAC

Public Health Agency of Canada

PMEC

Performance Measurement and Evaluation Committee

RIWG

Risk Intelligence Working Group