Risk-Based Audit Plan 2016-2019

September 2016

Introduction
- Purpose
- The Role and Scope of Internal Audit
Risk-based Audit Planning Approach
Three Year Risk-based Audit Plan

Introduction

The Treasury Board Policy on Internal Audit seeks to contribute to the improvement of public sector management by ensuring a strong, credible, effective and sustainable internal audit function within departments as well as government-wide. In response to this requirement, Global Affairs Canada has developed this three-year Risk-Based Audit Plan. This plan details the assurance and advisory services that the Office of the Chief Audit Executive will provide, independent of line management, to sustain a strong, credible internal audit regime that contributes directly to sound risk management, control and governance.

The mandate of Global Affairs Canada^{Footnote 1} is to manage Canada's diplomatic and consular relations, to encourage the country's international trade and to lead Canada’s international development and humanitarian assistance. Global Affairs Canada was renamed in 2015 from the Department of Foreign Affairs, Trade and Development which brought together the portfolios of Foreign Affairs, Trade and Development under a single organization for greater cohesion in conducting Canada’s external affairs.^{Footnote 2}

The Department administers a broad array of funding programs to protect Canadians and advance Canada’s priorities, interests and leadership abroad, including funding to international organizations. In addition, services are provided to Canadian businesses, Canadians travelling or living abroad, Canadian citizens, and foreign representatives and their dependents in Canada.

In Canada, Global Affairs Canada operates its headquarters in the National Capital Region and has regional offices in eight locations across the country. Global Affairs Canada also manages 177 missions in 109 countries^{Footnote 3}. These missions house departmental employees who carry out the Global Affairs Canada mandate abroad, and also 35 partner departments, agencies and co-locators. For 2016-2017, there is $5.64 billion in planned expenditures and there are currently 9,851 active Global Affairs Canada Employees, of which 6,127 are Canada Based Staff while 3,724 are Locally Engaged Staff positions at missions abroad.^{Footnote 4}

Purpose

The Office of the Chief Audit Executive of Global Affairs Canada prepared this document for the Deputy Minister to outline the 2016-2017 to 2018-2019 Risk-Based Audit Plan (RBAP or the Plan) for the department. The Plan is designed to support the allocation of audit resources to those areas that represent the most significant risks to the achievement of Global Affairs Canada’s objectives and to respond to the requirements of the Treasury Board Policy on Internal Audit (April 1, 2012). In considering the appropriateness of the Plan, the Deputy Minister is advised by an independent Departmental Audit Committee, comprised of four external members.

The Role and Scope of Internal Audit

Internal auditing in the Government of Canada is a professional, independent and objective appraisal function.^{Footnote 5} As per the Financial Administration Act, the Department is required to have an internal audit capacity, designed to add value to departmental operations by using a disciplined, evidence-based approach to assessing and improving the effectiveness of risk management, control and governance processes.

Internal audit provides oversight over management systems and practices, including emerging risks in an ever-changing environment. In order to ensure internal audit's organizational independence, the Chief Audit Executive reports directly to the Deputy Minister of Foreign Affairs who is the Department’s accounting officer. This enables the provision of independent and objective advice on performance regarding operations, safeguarding of assets, reliability and integrity of reporting and compliance with laws and policies.

The practice of internal audit at Global Affairs Canada, including the development of the RBAP, is in line with the International Professional Practices Framework from the Institute of Internal Auditors, the suite of internal audit policies from the Treasury Board, and guidance from the Office of the Comptroller General (OCG) within the Treasury Board of Canada Secretariat.

Internal audit is considered to be the third line of defence within the Department and as such plays a key role in the corporate governance structure to provide assurance in the areas of risk management, control and governance processes:

Graph 1: Three Lines of Defence - Global Affairs Canada

At Global Affairs Canada, the Executive Board provides direction to senior management by setting the organisation’s risk appetite. The Executive Board also seeks to identify the principal risks facing the organisation. Thereafter, the Executive Board assures itself on an ongoing basis that senior management is responding appropriately to these risks.

Management exercises primary ownership and responsibility for operating risk management and control. As such, management provides leadership and direction to the employees in respect of risk management, and controls the organisation’s overall risk-taking activities in relation to the agreed levels of risk.

To ensure the effectiveness of an organisation’s risk management framework, the Executive Board needs to be able to rely on adequate line functions – including monitoring and assurance functions – within the organisation. As outlined in the graph above, the Institute of Internal Auditors (IIA)^{Footnote 6} endorses the 'Three Lines of Defence' model as a way of explaining the relationship between these functions and as a guide to how responsibilities should be divided:

First line of defence – functions that own and manage risk.
Second line of defence – functions that oversee risk and compliance.
Third line of defence – functions that provide independent assurance (where internal audit is situated).

1. First line of defence

Under the first line of defence, operational management has ownership, responsibility and accountability for directly assessing, controlling and mitigating risks.

2. Second line of defence

The second line of defence consists of activities covered by several components of internal governance (compliance, risk management, quality, information technology and other control functions). This line of defence monitors and facilitates the implementation of effective risk management practices by operational management and assists the risk owners in reporting adequate risk related information up and down the organisation.

3. Third line of defence

Internal audit forms the organisation’s third line of defence. An independent internal audit function will, through a risk-based approach to its work, provide assurance to the organisation’s Executive Board and senior management. This assurance will cover how effectively the organisation assesses and manages its risks and will include assurance on the effectiveness of the first and second lines of defence. It encompasses all elements of an institution’s risk management framework (from risk identification, risk assessment and response, to communication of risk related information) and all categories of organisational objectives: strategic, ethical, operational, reporting and compliance.

In addition to the provision of oversight services, the Office of the Chief Audit Executive also acts as the secretariat for the Departmental Audit Committee (DAC) which is comprised of four independent external members as well as three internal Deputy-level ex-officio members. The DAC provides objective advice and recommendations regarding the sufficiency, quality and results of assurance on the adequacy and functioning of the Department's risk management, control and governance framework and processes (including accountability and auditing systems).

Finally, the OCAE acts as the liaison between the Department and external assurance providers such as the Office of the Auditor General (OAG) and the Office of the Comptroller General (OCG).

Risk-based Audit Planning Approach

To meet the requirement of the Directive on Internal Auditing in the Government of Canada for the establishment of a multi-year plan for internal audit, the Office of the Chief Audit Executive’s (OCAE) assessment of Global Affairs Canada’s areas of risk was conducted by the OCAE’s Risk-Based Audit Plan (RBAP) project team and OCAE management and updated to ensure that internal audit resources continue to be targeted to the areas of highest risk and significance.

The engagements included in this plan were identified as a result of a comprehensive planning process, which is outlined below.

Development of the Audit Universe

The Global Affairs Canada audit universe was revised at the outset of the RBAP process in order to ensure a clear relationship with the Department’s Program Alignment Architecture (PAA) while allowing for maximum flexibility in designing engagements that target areas of risk (see Appendix A). The audit universe is comprised of auditable elements organized in two views, namely What the Department delivers (aligned with the PAA) and How it delivers. This approach includes elements at the program delivery, service delivery or internal service level, and facilitates the consideration of in-depth vertical or horizontal organization-wide engagements.

The PAA as well as the organizational chart were considered in the development of the universe as well as recognized finance, audit and IT frameworks such as COBIT and COSO. More broadly, it is expected that Treasury Board’s new Policy on Results may entail further changes to the PAA through the creation of a Departmental Results Framework. The OCAE will adjust the audit universe accordingly based on the outcome of this exercise.

Senior Management Consultations & Documentation Review

The RBAP process includes consultations with senior management representing key branches and areas of activity in the Department. A broad range of senior management consultations were undertaken in support of the RBAP (e.g. International Platform, Corporate Planning, Finance & IT, Inspector General, Security & Emergency Management as well as the geographic branches), all of which contributed to the development of this final version of the plan.

The objective of the consultations was to obtain input on risk, organizational goals as well as upcoming changes and challenges in the operating environment. Senior managers were encouraged to share information on their specific areas of responsibility as well as horizontal risks across the Department, based on their experience and knowledge of operations.

An extensive review of corporate and external documents was also carried out. This included various internal and external plans, operational reports, as well as information on monitoring, performance, upcoming initiatives and priorities. The objective of this review was to gain knowledge on the internal and external operating environments.

Risk Assessment and Prioritization

A focused and structured analysis of the audit universe for operational, strategic, security, reputational and fraud risks was conducted by the OCAE using the risk assessment scale outlined below. The assessment also considered the risks identified as part of the annual corporate risk planning exercise (see Appendix B). It is important to note that estimates of materiality of programs and operations were considered in the assessment of risk (unless detailed information was not available). As the Department finalizes the merger of financial systems it is expected that information regarding materiality will become even more precise.


Risk Level	Description
Very High	A major event that will require Global Affairs Canada to make large scale, long term realignment to its operations, objectives or finances.
High	A critical event that, with proper management, can be endured by Global Affairs Canada.
Medium	A significant event that can be managed under normal circumstances by Global Affairs Canada. The consequences could mean that the activity could be subject to significant review or changed ways of operations.
Low	An event, the consequences of which can be absorbed through normal activity or minimal management effort.

This analysis resulted in the auditable elements being prioritized based on inherent risk and past and future assurance engagements (including internal and external audits) to provide a comprehensive base for selecting the engagements to be included in this plan. For further detail regarding the risk assessment methodology, please refer to Appendix C.

Consideration of Other Assurance Provider Activities

Further to the OCAE’s role as liaison between the Department and external assurance providers such as the OAG and OCG, the OCAE aims to coordinate its risk-based audit planning activities with these entities with a view to 1) ensuring audit coverage of high risk areas and 2) to minimize overlap and duplication, thus reducing the audit burden on auditees.

Three Year Risk-based Audit Plan

This section presents an overview of the Global Affairs Canada 2016-2017 to 2018-2019 Risk-Based Audit Plan.


Year 1 2016-2017	Year 2 2017-2018	Year 3 2018-2019
2015-2016 Carry Over Engagements Maternal, Newborn and Child Health (1.0) Preliminary Survey of Human Resources Administrative Processes (0.75) Canada Fund for Local Initiatives (0.75) Special Project – Data Analytics Pilot – Telecommunication Devices and Acquisition Cards (0.5) *Figures in parentheses, represent remaining portion of full audit equivalencies as of March 31, 2016 (total of three full audits remain).	New Engagements Management Practices for Selected Missions – Abuja Management Practices for Selected Missions – Algiers Management Practices for Selected Missions – New Delhi Continuous Auditing Digital Diplomacy / Social Media Security of Communications IT Security (topic to be determined) Talent / Performance Management Business Management Offices Repayable Contributions Information Management Emergency Response CanExport Program Real Property – Lifecycle Management Occupational Health and Safety (Duty of Care) Field Support Service (FSS) Implementation Results and Delivery International Humanitarian Assistance Human Resources – Planning Peace and Stabilization Operations Program (formerly Global Peace and Security Fund)	New Engagements Management Practices at Selected Missions (additional missions tbd) Continuous Auditing International Banking Grants and Contributions Monitoring and Oversight Authorized Programming Process Trade: Dispute Settlement and Litigation Development and/or humanitarian programming aspects of Canada’s response to the Middle East crises and violent extremism (Iraq, Syria, Jordan and Lebanon) Climate Change Initiatives International Development Common Service Delivery Points – Regionalization Initiative Foreign Service Directives – Follow Up Human Resources – Delivery Trade Commissioner Service Diplomacy – Bilateral/Regional/Multilateral IM/IT Governance Procurement Modernization Initiative
New Engagements IT Security – Access Management Physical Security Internal Controls over Financial Reporting Grants and Contributions Management Framework Grants and Contributions – System Consolidation Human Resources – Data Integrity OCG Audit of Business Continuity Planning Business Continuity Planning International Education Strategy (TB Sub Commitment) Continuous Auditing Strategy (Special Project) International Joint Commission Management Practices for Selected Missions – Nairobi Management Practices for Selected Missions – Moscow Management Practices for Selected Missions – Seoul

Audit Coverage

The next section and the appendices that follow describe how the RBAP addresses areas of higher risk and significance. There is coverage of all ‘Very High’ and ‘High’ auditable entities for which it was determined that audit work is a priority during the three year period. These entities derive from the audit universe detailed in Appendix A.

The Corporate Risk Profile is management’s point in time reflection of the most significant risks that threaten achievement of Global Affairs Canada’s objectives. The three high-level corporate risks for 2016-17 are as follows:

Personal and Physical Security
Cyber Threats and Exfiltration of Information
Emergency Response and Business Continuity Planning

The OCAE seeks to ensure that these risks are covered in the planned audits as outlined in Appendix B.

In addition, and given the change in Government in 2015, the RBAP also sought to ensure coverage of the Global Affairs Canada Ministers’ mandate letters as reflected in their priorities. For a crosswalk linking these priorities to relevant planned engagements, please refer to Appendix D.

In support of the Chief Audit Executive’s annual report to the Deputy Minister and the Departmental Audit Committee, the RBAP also endeavours to address all elements of Treasury Board’s Management Accountability Framework (MAF). The table below summarizes the extent to which the elements of this framework are covered in the planned audits for 2016-2017.


2016-2017 Audit Projects	People Management	Financial Management	Integrated Risk, Planning and Performance	IM/IT Management	Assets & Acquired Services	Security Management	Service Management
Ongoing
1. Maternal, Newborn and Child Health		✓	✓				✓
2. Preliminary Survey of Human Resources Administrative Processes	✓			✓			✓
3. Canada Fund for Local Initiatives		✓	✓				✓
4. Special Project – Data Analytics Pilot – Telecommunication Devices and Acquisition Cards		✓			✓
2016-17
1. IT Security – Access Management				✓		✓
2. Physical Security	✓					✓
3. Internal Controls over Financial Reporting		✓	✓
4. Grants and Contributions – System Consolidation		✓	✓	✓
5. Grants and Contributions Management Framework – Entity Level Controls		✓	✓
6. Human Resources – Data Integrity	✓		✓	✓			✓
7. OCG Audit of Business Continuity Planning			✓			✓	✓
8. Business Continuity Planning			✓			✓	✓
9. International Education Strategy		✓	✓				✓
10. Continuous Auditing Framework (Special Project)		✓	✓	✓	✓	✓
11. International Joint Commission		✓
12.-14. Management Practices at Selected Missions	✓	✓	✓		✓

Appendix A – Global Affairs Canada Audit Universe

**2016-2019 Global Affairs Canada Audit Universe**
Strategic Objective	Program	Sub-Program
1. Canada’s International Agenda	1.1 Integrated Foreign Affairs, Trade and Development Policy	1.1.1 International Information and Analysis
		1.1.2 International Policy Advice
	1.2 Diplomacy, Advocacy, and International Agreements	1.2.1 Bilateral and Regional Diplomacy and Advocacy
		1.2.2 Summitry and Multilateral Diplomacy and Advocacy
		1.2.3 Assessed Contributions to International Organizations
		1.2.4 Trade Agreements, Negotiations, Dispute Settlement and Controls
2. International Commercial and Consular Services for Canadians	2.1 International Commerce	2.1.1 International Business Development through Promotion of Exports and Trade in Canada and abroad
		2.1.2 Foreign Direct Investment in Canada
		2.1.3 International Innovation, Science and Technology
	2.2 Consular Services and Emergency Management	2.2.1 Consular Assistance for Canadians
	2.2 Consular Services and Emergency Management	2.2.2 Emergency Preparedness and Response
3. International Assistance and Poverty Alleviation	3.1 International Security and Democratic Development	3.1.1 International Security and Threat Reduction
	3.1 International Security and Democratic Development	3.1.2 Advancing Democracy, Human Rights, Freedom, and the Rule of Law
	3.2 International Development	3.2.1 Sustainable Economic Growth
		3.2.2 Children and Youth, including Maternal, Newborn and Child Health
		3.2.3 Food Security
		3.2.4 Multisector Assistance, Social Development and Development Engagement
	3.3 International Humanitarian Assistance	3.3.1 Humanitarian Programming
	3.3 International Humanitarian Assistance	3.3.2 Partners for Humanitarian Assistance
4. Canada’s Network Abroad	4.1 Mission Network Governance, Strategic Direction and Common Services	4.1.1. Management of Common Services
		4.1.2 Real Property
		4.1.3 Security (see 5.12)
		4.1.4 Information Management / Information Technology
		4.1.5 Locally Engaged Staff Supporting Other Government Departments
	4.2 Management of Government of Canada Terms and Conditions of Employment Abroad	4.2.1 Administration of Foreign Service Directives
		4.2.2 Administration of Locally Engaged Staff Pension, Insurance and Social Security Programs
5. Internal Services	5.1 Management and Oversight
	5.2 Communications
	5.3 Legal
	5.4 Human Resources Management^{Footnote 7}	5.4.1 Organizational Design, Human Resources Planning, and Reporting
		5.4.2 Job and Position Management
		5.4.3 Staffing and Employee Integration
		5.4.4 Total Compensation
		5.4.5 Employee Performance, Learning, Development, and Recognition
		5.4.6 Permanent and Temporary Separation
		5.4.7 Workplace Management
	5.5 Financial Management^{Footnote 8}	5.5.1 Resource Management
		5.5.2 Reporting
		5.5.3 Corporate Accounting
		5.5.4 Transfer Payment Programs
		5.5.5 Costing
		5.5.6 Internal Controls over Financial Reporting
	5.6 Information Management
	5.7 Information Technology
	5.8 Real Property
	5.9 Materiel
	5.10 Acquisition
	5.11 Occupational Health and Safety^{Footnote 9}
	5.12 Security^{Footnote 10}	5.12.1 Business Continuity Planning
		5.12.2 Emergency Management
		5.12.3 Mission Security
		5.12.4 Domestic Security
		5.12.5 IT Security

Appendix B – Linkage of 2016-2019 Audits to Corporate Risks

Please note that the table below lists only those audits that are linked to a given corporate risk^{Footnote 11}. Other planned audits may have been selected based on their risk assessment against relevant Program Alignment Architecture programs and sub-programs.


Audit Projects	Personal and Physical Security	Cyber Threats and Exfiltration of Information	Emergency Response and Business Continuity Planning
Ongoing
1. Preliminary Survey of Human Resources Administrative Processes	✓
2. Special Project – Data Analytics Pilot – Telecommunication Devices and Acquisition Cards		✓
2016-2017
1. IT Security		✓
2. Physical Security	✓
3. Business Continuity Planning			✓
4. OCG and Internal Audits of Business Continuity Planning			✓
5. Management Practices for Selected Missions	✓	✓	✓
2017-2018
1. Management Practices at Select Missions	✓	✓	✓
2. Digital Diplomacy / Social Media		✓
3. Security of Communications	✓	✓
4. IT Security (topic to be determined)		✓
5. Business Management Offices			✓
6. Information Management		✓	✓
7. Emergency Response			✓
8. Real Property – Lifecycle Management	✓
9. Occupational Health and Safety	✓
10. Field Support Service Implementation		✓
2018-2019
1. Management Practices for Selected Missions	✓	✓	✓
2. International Banking		✓	✓
3. Common Service Delivery Points – Regionalization Initiative		✓	✓
4. IM/IT Governance		✓	✓
5. Procurement Modernization Initiative	✓

Appendix C – Methodology for Risk Assessment and Prioritization

This table presents the impact risk factors and their weight used for assessing risk and ranking each auditable entity accordingly. Rating can range from a potential maximum of 4.0 (very high) to a minimum of 1.0 (low). The total score for each entity is a weighted sum comprised of a rating for each impact risk factor.

**Risk Assessment Matrix**
Rating	Risk Level	Description	Impact Risk Factors and Weight^{Footnote 12}
Rating	Risk Level	Description	Operational (25%)	Strategic (20%)	Security (30%)	Reputational (15%)	Fraud (10%)
4	Very High	A major event that will require GAC to make large scale, long term realignment to its operations, objectives or finances.	Almost certain to affect the operations of the Department.	Almost certain to result in serious compromise of strategic/business initiatives or removal of funding; or external events will change GAC priorities.	Almost certain to affect physical and personnel security.	Almost certain to result in heightened public visibility and impact on stakeholders.	Almost certain to result in heightened vulnerability to fraud.
3	High	A critical event that, with proper management, can be endured by GAC.	Likely to affect the operations of the Department.	Likely to result in serious compromise of strategic/business initiatives or removal of funding; or external events will change GAC priorities.	Likely to affect physical and personnel security.	Likely to result in heightened public visibility and impact on stakeholders.	Likely to result in heightened vulnerability to fraud.
2	Medium	A significant event that can be managed under normal circumstances by GAC. The consequences could mean that the activity could be subject to significant review or changed ways of operations.	Moderate chance of affecting the operations of the Department.	Moderate chance of a compromise of strategic / business initiatives or removal of some funding; or external events may impact GAC priorities.	Moderate chance of affecting physical and personnel security.	Moderate chance of resulting in heightened public visibility and impact on stakeholders.	Moderate chance of resulting in heightened vulnerability to fraud.
1	Low	An event, the consequences of which can be absorbed through normal activity or minimal management effort.	Limited chance of affecting the operations of the Department.	Limited chance of a recoverable compromise of strategic/business initiatives or minor removal of funding; or external events may impact GAC priorities in the normal course.	Limited chance of affecting physical and personnel security.	Limited chance of resulting in heightened public visibility and impact on stakeholders.	Limited chance of resulting in heightened vulnerability to fraud.

Appendix D – Crosswalk of Ministerial Mandate Letters to Planned Audits

The following table outlines the Risk-Based Audi Plan’s audit coverage against Global Affairs Canada’s Ministers’ mandate letters*.


Priority	2016-2017 Engagements	2017-2018 Engagements	2018-2019 Engagements
Foreign Affairs
Reduce Impediments to Trade and Commerce (with the United States)			Trade: Dispute Settlement and Litigation
Clean Energy / Environment / Climate Change			Climate Change Initiatives
Defence and Foreign Policy / National Security		Global Peace and Security Fund (Peace and Stabilization Operations)
Public Diplomacy / Stakeholder Engagement (Canada/abroad)		Digital Diplomacy / Social Media	Diplomacy – Bilateral/Regional/Multilateral
Educational and Cultural Interaction	Canada Fund for Local Initiatives (2015-16 carry over) International Education Strategy
International Trade
Implement / Consult on Trade Agreements		Results and Delivery
Trade and Export Strategy (promotion / investment / implementation)		CanExport Program	Trade Commissioner Service
Invest in Clean Technology / Energy			Climate Change Initiatives
International Development
Development Assistance	Maternal, Newborn and Child Health (2015-16 carry over)	International Humanitarian Assistance	International Development Authorized Programming Process
Governance / Human Rights		Global Peace and Security Fund (Peace and Stabilization Operations)	Development and/or humanitarian programming aspects of Canada’s response to the Middle East crises and violent extremism (Iraq, Syria, Jordan and Lebanon)
Development Innovation Climate / Development Financing			Climate Change Initiatives

*Ministerial Mandate Letters

Footnotes

Footnote *

If you require a plug-in or a third-party software to view this file, please visit the alternative formats section of our help page.

Return to pdf * referrer

Footnote 1

Privy Council Office

Return to footnote 1 referrer

Footnote 2

Global Affairs Canada’s legal responsibilities are detailed in the 2013 Department of Foreign Affairs, Trade and Development Act.

Return to footnote 2 referrer

Footnote 3

Global Affairs Canada Integrated Corporate Business Plan 2016-17, p.20

Return to footnote 3 referrer

Footnote 4

Ibid. The LES figure does not include the 1,252 employees whose salaries are cost recovered from the partners and co-locators to which these LES provide service.

Return to footnote 4 referrer

Footnote 5

Treasury Board of Canada Secretariat, Policy on Internal Audit, section 3.1 (2012).

Return to footnote 5 referrer

Footnote 6

Source: Governance of risk: Three lines of defence

Return to footnote 6 referrer

Footnote 7

Applies to the management of Canada-Based Staff only; management of Locally-Engaged Staff is covered through Strategic Objective 4 – Canada’s Network Abroad. Also, a breakdown was provided to allow for a more detailed risk assessment for audit planning. The breakdown is from the Common Human Resources Business Process Value Chain.

Return to footnote 7 referrer

Footnote 8

A breakdown was included to allow for a more detailed risk assessment for audit planning.

Return to footnote 8 referrer

Footnote 9

Occupational Health and Safety is covered in TB Guidance under workplace management and real property, however it was felt that it should be a separate entity in the audit universe.

Return to footnote 9 referrer

Footnote 10

Given the importance of security risks within Global Affairs Canada, a separate section was created combining some program activities and other internal services.

Return to footnote 10 referrer

Footnote 11

As identified in the 2016-17 Corporate Risk Profile

Return to footnote 11 referrer

Footnote 12

Overall scores from 1.0 to 1.74 are categorized as ‘Low Risk’, from 1.75 to 2.50 as ‘Medium Risk’, from 2.51 to 3.25 as ‘High Risk’ and 3.26 to 4.0 as ‘Very High Risk’.

Return to footnote 12 referrer

Report a problem or mistake on this page

Date modified:: 2017-01-27

Language selection

Search and menus

Search