Language selection

Government of Canada / Gouvernement du Canada

Search

Joint Audit and Evaluation of the Risk-Informed Compliance Verification Processes, Directorate of Nuclear Substances Regulation

Executive Summary

The objective of this joint audit and evaluation engagement was to review the risk-informed compliance verification processes used across Canadian Nuclear Safety Commission (CNSC) directorates to:

  • provide reasonable assurance that the processes are systematic, well documented, objective and incorporate consistency where applicable
  • assess the performance and effectiveness of compliance verification delivery, provide insights on achievement of expected outcomes and assess soundness of performance measures.

This engagement was conducted using a phased approach by directorate. This third and final phase covered the Directorate of Nuclear Substance Regulation (DNSR) and more specifically the divisions responsible for inspections: the Operations Inspection Division (OID), the Accelerators and Class II Facilities Division (ACFD), and the Transport Licensing and Strategic Support Division (TLSSD). The licensing activities managed by the Nuclear Substances and Radiation Devices Licensing Division (NSRDLD) fall outside the scope of this engagement.

Why this is important

The CNSC’s compliance verification activities are in place to ensure that licensees are operating safely, securely and in compliance with the requirements set out in the Nuclear Safety and Control Act (NSCA) and its associated regulations, and in licences and certificates. These activities are guided, in part, by regulatory oversight models across DNSR, which define the types and frequency of compliance activities based on risk rankings and provide direction for developing the annual compliance verification plans.

It is imperative that the development of annual compliance plans, risk rankings of licensed activities, and related processes use a risk-informed approach. This is to ensure that key risks are identified, monitored and efficiently and effectively addressed, and that licensees demonstrate a high level of compliance with the CNSC’s regulatory framework.

Key findings

The engagement found that DNSR’s risk-informed compliance verification processes are supported by a strong governance framework, clear guidance and knowledgeable personnel. Performance indicators are well defined and regularly monitored, and most targets for FY 2024–25 have been met. The separation of licensing and compliance functions between OID and NSRDLD is highly effective for managing high volumes of licensed activities. Risk management processes are robust and align with best practices identified among other nuclear regulators. In terms of employee retention and capacity, DNSR has made significant progress by implementing the career progression program for regional inspectors, which is expected to strengthen retention and to promote skill development. Results of the DNSR licensee survey confirm that compliance verification processes within DNSR are effective overall.

Opportunities for improvement include addressing current resource constraints to help ensure that existing inspection sampling methodology is followed, and implementing mechanisms to minimize disruption from staff movement to improve operational continuity within DNSR. The legacy systems in use, primarily the Licensing Operations User Integrated Systems (LOUIS), continue to hinder productivity. While this will be addressed in the longer term through the CNSC Digital Strategy, it is important that DNSR’s business requirements are considered when developing the new unified system, and that dedicated resources are available for related transformation projects. Collaboration between licensing and compliance could also be strengthened through more joint meetings, improved communication and the consistent application of practices and terminology. There is an opportunity to modify performance indicators to improve visibility of inspection backlogs and trends. Finally, the target for Annual Compliance Report (ACR) reviews has been missed for 3 consecutive years, noted to not affect safety, so the continued relevance of this metric should be examined.

This engagement includes 4 recommendations aimed at addressing the above-noted areas for improvement (see section 7). Management agrees with the recommendations, and its responses indicate its commitment to address them.

Background

The CNSC has a mandate under the NSCA to regulate the development, production, and use of nuclear energy for all nuclear facilities and nuclear-related activities in Canada. To support this mandate, the Regulatory Operations Branch (ROB) and the Technical Support Branch (TSB) conduct compliance verification activities, such as inspections, to ensure that CNSC licensees exhibit a high level of compliance with its regulatory framework.

DNSR provides leadership and expertise in the regulation, licensing, compliance, and certification of activities related to the production, possession, transport, transfer, import, export, use, storage, disposal, and abandonment of nuclear substances and prescribed equipment, as well as the servicing of prescribed equipment. DNSR verifies compliance for approximately 2,000 licensees through desktop reviews, Type I and II inspections, and ACRs. An inspection refers to a particular compliance verification activity conducted by various directorates in ROB and TSB, whereby information is gathered, analyzed and recorded for the purpose of evaluating if a licensee activity complies with regulatory requirements. Inspections are either reactive or planned. Reactive inspections can be triggered by desktop reviews, technical assessments or unplanned events, such as the occurrence of rare or unplanned regulated activities. Unannounced inspections are those for which the licensee is not notified in advance, and they may be performed at any time. Reactive and unannounced inspections are conducted based on pre-established criteria, while ensuring that the entities subject to the reactive and unannounced inspection are aware of the inspection process, criteria and outcomes. For planned inspections, compliance plans are developed annually by each of the ROB directorates. See Appendix F for a description of the key compliance verification activities performed within DNSR.

The planning process ensures that compliance verification activities are planned in a systematic and risk-informed manner, known as risk-informed compliance verification (RICV). RICV considers key elements including regulatory requirements, licensee performance history, organizational considerations, the CNSC’s strategic outcomes, and other considerations.

Compliance plans outline the scope, scheduling, resourcing and timeframe(s) for the verification activities to be undertaken for the next compliance cycle for a particular licensee. Compliance activities are guided by directorate-specific baseline inspection frequencies that are validated periodically. Deviations from the baseline plans may be triggered by a variety of factors including, but not limited to inspections that were not completed during the previous year as planned, recent performance history of the licensee, or significant upcoming changes to the licensee program.

Authority

This joint audit and evaluation is on the CNSC’s approved Risk-Based Audit and Evaluation Plan for 2023–24 to 2024–25.

Objective, scope and approach

The audit objective was to provide reasonable assurance that the risk-informed compliance verification processes used across the CNSC directorates are systematic, well documented, objective and incorporate consistency where applicable.

The evaluation objective was to assess the performance and effectiveness of compliance verification delivery, provide insights on achievement of expected outcomes and assess soundness of performance measures.

The engagement scope covered compliance verification activities in DNSR including processes in place for developing risk-informed inspection plans, conducting risk-informed inspections as planned, and measuring the achievement of intended outcomes. The engagement scope covered the period from fiscal year 2023–24 to 2024–25.

To complete the engagement, the following methods were used:

  • Interviews with relevant stakeholders
  • Documentation review
  • Audit testing of completed compliance verification inspections
  • Benchmarking against other nuclear regulators and federal government departments
  • Surveys of DNSR staff and licensees

Statement of conformance

This engagement conforms with the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing, the Treasury Board Policy on Internal Audit and Directive on Internal Audit, and Canadian Evaluation Society Standards.

Findings and Observations

Governance

A governance framework is a set of rules, practices and structures by which an organization ensures accountability and transparency with all of its stakeholders. Key components include well defined responsibilities and accountabilities, documented policies and guidance, and an established organizational structure that supports reporting, decision making and oversight. A clearly defined and integrated governance structure is essential for ensuring that program outcomes are achieved. The engagement expected to find a governance framework in place to ensure that roles and responsibilities are clearly defined and understood, with adequate oversight of risk-informed inspection planning.

Key findings

The engagement found that DNSR’s compliance verification processes are supported by a comprehensive governance framework with defined responsibilities, accountabilities and oversight mechanisms.

Extensive documentation is in place to support the planning, conduct and reporting of DNSR’s compliance verification activities. The documented responsibilities and accountabilities are clearly understood by DNSR personnel.

DNSR’s existing operating structure, particularly the separation of its licensing and compliance functions, was found to be highly effective among DNSR personnel. A comparative review of other nuclear regulators found that they use a tiered notification system based on the risk of nuclear activities. This practice was suggested by the IRRS Mission and analyzed by DNSR as part of Project Athena. The results indicated no efficiency gains, and no changes were adopted.

Responsibility and Accountability

Responsibilities and accountabilities are clearly understood among DNSR personnel, and oversight mechanisms are in place to ensure that compliance verification activities are reviewed and approved by management.

Responsibilities and accountabilities for key DNSR stakeholders, such as inspectors, regional site supervisors, program officers, directors and subject matter experts, are clearly documented in over 20 procedural documents covering key topics, such as:

  • oversight programs for nuclear substances and radiation devices; accelerators and class II facilities; and transport, certification, sealed source tracking and strategic support
  • guidance for the risk ranking of licensed activities in DNSR and carriers of nuclear substances
  • performance of inspections across OID, ACFD and TLSSD

Discussions with DNSR personnel confirmed a clear understanding of roles, responsibilities, and accountabilities related to the above-mentioned activities, which aligned with the documented guidance.

Oversight mechanisms are also embedded in DNSR’s compliance verification processes and are well documented and understood by staff. These include director-level review and approval of the annual compliance plan in OID, ACFD and TLSSD, developed in consultation with key stakeholders and subject matter experts. Oversight is ensured by assigning final review and approval responsibilities to the respective divisional directors. Additionally, any changes to the inspection plan, such as deferrals or cancellations, require approval from the directors in ACFD and TLSSD, while in OID, such changes are approved at the regional supervisor level.

Documented Guidance

The engagement team assessed whether procedural documentation was comprehensive. The assessment determined that a myriad of documentation was in place to support the planning, conduct and reporting of DNSR’s compliance verification activities.

For example, within OID and ACFD, documented guidance outlines the selection of appropriate compliance activities, such as, descriptions of Type I and II inspections, performance inspections, desktop reviews and reactive inspections, along with examples of triggering parameters for each activity type. For instance, in the OID and ACFD reactive inspections may be initiated due to factors such as repeated or increasing non-compliance (major or recurrent reportable events), or external complaints. Additionally, within ACFD, influencers on the prioritization of a scheduled inspection or triggers for a reactive inspection can also include, but are not limited to, changes in radiation safety oversight. Interviews with DNSR personnel confirmed a clear understanding of these considerations.

Operating Structure

The engagement team assessed whether DNSR’s current operating structure, namely the separation of the licensing and compliance functions between OID and NSRDLD, are effective and if there are any practices to leverage from similar organizations.

Through interviews with DNSR personnel, the general consensus is that the separation of the licensing and compliance functions is logical and effective. Given the significant volume of licensees, staff agree that having 2 distinct groups is the best way to manage the work.

To identify potential best practices, the engagement team conducted two benchmarking studies. The first involved a follow-up survey of Canadian federal government organizations engaged in compliance verification. One response was received, and the findings aligned closely with DNSR’s current structure in several key areas and no transferable practices were identified.

The second benchmarking study involved a review of publicly available information from other nuclear regulators. Key findings included the use of decentralized regulatory models in 1 jurisdiction, where a non-departmental public body oversees the regulation of radioactive substances in the workplace. This regime uses a 3-tier system of authorization: dutyholders must notify the regulator of low-risk activities, apply for a registration for medium-risk activities, or gain consent for high-risk activities. Although regulation in this jurisdiction is decentralized, a similar notification scheme was identified in another jurisdiction, with a regulatory structure more closely aligned with that of the CNSC. In this case, nuclear licensing is regulated based on 3 categories of nuclear activities: those requiring a licence, notification or registration. These processes apply to nuclear activities used for industry, research, veterinary or medical purposes. In this jurisdiction, the licensing system is used for the regulation of nuclear activities with the most significant implications for radiological protection. Additional details are provided in appendix C.

In 2019, the CNSC hosted an International Atomic Energy Agency (IAEA) IRRS Mission to review all of its activities. One of the suggestions from the mission was for the CNSC to consider the establishment of a registration or notification scheme for replacing its low-risk licences currently in place under the Nuclear Substances and Radiation Devices Regulations to better align with the graded approach developed by the IAEA. This recommendation aligns with the notification scheme identified in the benchmarking exercise referenced above. As a result, the CNSC began a review of its operations under Project Athena, which included the suggestion to review the possibility of establishing a notification scheme.

DNSR performed an analysis of the suggestion, taking into consideration the various use types that could be incorporated into a registration or notification scheme, the annual savings related to the change as well as the cost for developing and maintaining the registration scheme. It was concluded that the resource effort to regulate low-risk activities does not represent a significant portion of DNSR effort. Therefore, management agreed not to pursue this initiative.

Conclusion

DNSR’s risk-informed compliance verification processes are supported by a comprehensive governance framework with defined responsibilities, accountabilities and oversight mechanisms. Documented guidance is in place describing key steps to support the planning, conduct and reporting of DNSR’s compliance verification activities which are well understood by personnel.

Regarding the effectiveness of DNSR’s current operating structure, the separation of licensing and compliance functions between OID and NSRDLD was found to be highly effective for managing DNSR’s high volume of licensees. A review of publicly available information from other nuclear regulators highlighted the use of tiered notification systems for low-risk nuclear activities. In these systems only a notification to the regulator is required for activities that pose minimal risk to people and the environment, rather than a full licensing process. Based on previous analysis, this scheme was determined inefficient for CNSC and not pursued.

Risk Management

Risk management refers to the identification and evaluation of risks to organizational objectives. The engagement expected to find a systematic process used to identify, evaluate, and prioritize risks to support the planning and conduct of compliance verification activities, including periodic reviews of the inspection plan, and documented guidance to support staff.

Key findings

The engagement found that DNSR’s compliance verification activities are supported by a robust program to help identify associated risks. Relevant factors are considered when prioritizing and planning inspections, including but not limited to regulatory requirements and licensee performance history; the latter being a best practice.

Documented guidance and templates are available to DNSR personnel to support risk-informed inspection planning and conduct activities. Audit testing confirmed DNSR’s completed inspections are consistent with established plans, priorities, risks and complied with DNSR procedures.

DNSR’s risk-informed planning practices are aligned with best practices identified at other international regulators, such as applying a risk framework to reduce inspection frequencies across all risk levels in the OID to enhance efficiencies and optimize staff resources.

In some instances, large licensees with multiple locations are currently being inspected at a lower frequency than intended due to insufficient resources. Management is working to address this challenge through a business case to acquire more full-time equivalents (FTEs).

The engagement found staffing challenges within DNSR. There are opportunities to mitigate capacity challenges in DNSR by implementing mechanisms to minimize disruption from employee movement between divisions and by adopting retention practices from other organizations.

Planning Risk-Informed Inspections

To ensure that annual planning of inspections in DNSR is consistent with associated levels of risk, mechanisms are in place. These include periodic reviews of risk rankings and documented guidance to support staff.

DNSR has a well-established risk-informed regulatory program (RIRP) for identifying risks associated with both licensed activities and the non-licensed transport of nuclear substances. DNSR regulates approximately 2,000 licensed activities that are grouped into roughly 75 use types based on the purpose of the licence and ranked by risk. Examples of use types include irradiators, neutron generators, industrial radiography and nuclear medicine. Each use type undergoes a comprehensive risk-ranking process, which involves evaluating each relevant safety and control areaFootnote 1 (SCA) based on the potential impact of non-compliance on health and safety, and the likelihood of such non-compliance. This assessment is based on historical licensee performance within each use type and staff expertise from across DNSR. Additional factors considered include the quality of licensee application submissions, event frequency, and licensee complexity (e.g., number of locations, facilities, devices or prescribed equipment). The outcome is a quantified overall risk ranking for each use type, classified as high, medium or low. The review conducted between 2019 to 2020 resulted in a prolonged inspection frequency for all risk levels as outlined in figure 1. These rankings are reviewed every 5 years and updated as needed.

Figure 1: Inspection frequency for high-, medium- & low-risk use types
Risk level Prior frequency Current frequency
High Every 8 to 12 months Every 2 years
Medium Every 2 to 3 years Every 3 to 5 years
Low As required As required

The most recent review of DNSR’s RIRP was performed in 2024 as part of the 5-year review cycle and included consultation with senior OID project officers, regional site office supervisors and NSRDLD licensing staff. Updates were made to the risk level of 8 use types, each supported by clear rationale and documentation. This exercise confirms that DNSR’s risk-informed approach effectively addresses current risks and supports the prioritization and planning of compliance verification activities based on relevant and timely factors.

Divisional inspection plans for licensed activities within OID and ACFD are developed annually, taking into account the risk rankings of licensed activities assigned to each use type. This planning process begins at the start of each calendar year and is facilitated by a project officer or senior program officer, who consults with relevant stakeholders across the directorate. In both divisions, inspections are prioritized based on similar criteria. In ACFD, some considerations include corrective actions that have remained unresolved for an extended period, the appointment of a new radiation safety officer, or persistently high levels of occupational doses as found during inspection activities. Given the significantly higher volume of licensees within OID, inspections are further prioritized into the following categories:

  • Priority 1 (P1): Inspections that must be completed within the year due to factors such as poor compliance history, significantly overdue inspection intervals or the addition of a new location.
  • Priority 1, Supplemental (P1-S): High-priority inspections that should be completed within the year; if not, they are carried over as Priority 1 in the following year
  • Priority 2 (P2): Inspections that support a pre-established priority for the fiscal year
  • Priority 3 (P3): Inspections based on standard frequency requirements, typically scheduled to optimize use of resources (e.g., to complete a full week of inspections)

A separate, formalized process exists to rank the risks of non-licensed carriers of nuclear substances that are inspected by TLSSD. The risk-ranking methodology for carriers is based on the likelihood of worker exposure to ionizing radiation, and considers factors such as shipment frequency, volume of packages transported, physical form of the nuclear substances, and inspection history.

Based on interviews and a review of documentation, it was evident that staff across DNSR have a clear understanding of both the risk-ranking methodology for use types and carriers, and the process for developing annual compliance plans. This finding was reinforced by the DNSR licensee survey results, where 81% of the licensees agree that the CNSC applies a risk-informed approach to compliance verification activities.

While there was general agreement that the risk-informed methodology is sound and defensible across DNSR, concerns were raised regarding staff capacity and workload within OID. These constraints limit OID’s ability to inspect the full range of licensees it would otherwise plan to, which may result in systemic issues that are overlooked. Several measures have been implemented to help mitigate this challenge, including:

  1. Tiered prioritization of backlogged inspections:
    • P1: Must be completed
    • P1-S: Due with scheduling flexibility
    • P2 and P3: Lower priority
  2. Optimized inspection scheduling: Backlogged P2 and P3 inspections are strategically incorporated into planned higher priority inspection trips to optimize time and resource use.
  3. Reduced-scope inspections and pre-approved checklists: These measures have been implemented to improve operational efficiency, particularly for licensees with a strong history of compliance.
  4. Planned buffer time: Inspection plans include buffer periods to accommodate reactive inspections or address backlog items as needed.

Feedback from DNSR personnel identified opportunities to further refine inspection coverage and risk categorization to ensure that systemic issues within large licensees are not overlooked and to complement the measures outlined above. These include the following:

  1. Formalized sub-groups within certain use types: Feedback from some DNSR personnel suggests that the methodology may not formally distinguish between sub-groups within certain use types, resulting in similar inspection frequencies for licensees with vastly different inventories. Future revisions were suggested to introduce formal sub-groupings and tailored inspection intervals to increase oversight alignment with actual risk and optimize resource allocation. An example shared points to the extension of low-risk fixed gauge inspections to every 5 years while maintaining a 3-year cycle for higher-risk licensees. There may be an opportunity to explore sub-groups with staff to see if there are added considerations or to ensure a common understanding.
  2. Tailored inspection model based on based licensee size: Feedback from some DNSR personnel indicated that in their experience, smaller licensees, those with fewer locations, are sometimes inspected more frequently than larger multi-site licensees of the same use type, despite differences in relative complexity or risk.  According to staff, the inspection frequency is per licence, not location, resulting in smaller licensees with just 1 location getting inspected every 2 years. On the other hand, a larger licensee with many locations might only have one of their sites inspected every 2 years. This means each individual location of a large licensee is inspected less often. If a large licensee has a non-compliance issue and doesn’t proactively implement the corrective actions across all of its locations, similar issues may go undetected at their other locations that were not inspected. According to management, the intent is to mitigate this risk by scheduling inspections based on a sampling methodology for multi-site licensees.  However, due to limited resources within the DNSR, the sampling methodology has not been followed in recent years. As a result, large licensees are currently being inspected at a lower frequency than intended, as there are insufficient resources to carry out more inspections of larger licensees.  Management is working to address this challenge through a business case to acquire more FTEs.

Conducting Risk-Informed Inspections

DNSR conducts inspections that are consistent with its established plans, priorities, risks and with procedural requirements.  This was evident based on audit testing of a sample of completed inspections across OID, ACFD and TLSSD.

It was noted during the testing that DNSR has several available tools and templates to support staff when conducting inspections. Templates are available and saved in e-Access for items such as:

  • opening/closing meetings
  • technical review meetings
  • proposal and deferral forms
  • preliminary reports
  • inspection reports

Templates are available for inspection checklists, which are also integrated into the LOUIS system.

A non-statistical sampling approach was used to select inspection files from across DNSR divisions. Samples were selected from divisional tracking sheets using professional judgment, with consideration given to the following criteria:

  • High- and medium-risk classifications
  • Representation across various use types
  • Inclusion of the nuclear medicine use type
  • A mix of announced and unannounced/opportunistic inspections

For OID, the engagement team confirmed that inspections aligned with established plans and priorities. Most inspections tested were classified as P1, P1-S, or involved nuclear medicine licensees, consistent with strategic direction. In cases where inspections did not fall into these categories, they were conducted alongside higher-risk inspections during the same trip, reflecting OID’s practice of optimizing inspection efficiency.

Due to the engagement team’s limited access to LOUIS, the review of OID inspections relied solely on documentation available in e-Access. This was sufficient to confirm compliance with procedural standards and demonstrated that inspection records are well-documented, accessible, and consistent.

Given OID’s significantly higher inspection volume, most testing focused on this division. However, the inspections reviewed from ACFD and TLSSD were also found to be compliant with their respective oversight frameworks. In all cases, inspection documentation was complete, accessible and aligned with DNSR requirements.

The consensus among the DNSR personnel interviewed is that tools and templates are in place, available and useful to support staff when conducting inspections.

Modifying Risk-Informed Inspection Plans

Within DNSR, risk-informed adjustments to completed annual compliance plans are made as new developments arise, including triggers for reactive inspections. Inspectors across OID, ACFD and TLSSD have the ability to flag areas where reactive oversight may be warranted, which can lead to modifications in the inspection plan.

Based on staff interviews, it was noted that processes are in place across OID and ACFD to approve modifications to inspection plans, such as the addition of reactive inspections, acceleration of scheduled inspections, or deferrals. Additionally, process documentation outlines various triggers that may warrant changes to inspection plans. Some examples are outlined below:

OID:

  • Repeated or increasing numbers of non-compliances
  • Indications of inadequate radiological management oversight

ACFD:

  • External complaints
  • Negative trends in radiation safety indicators, such as occupational doses

Although TLSSD leads fewer inspections compared to OID and ACFD, staff demonstrated awareness of reactive inspection triggers and processes, despite the absence of formal documentation.

Within OID, additional examples of risk-informed adjustments and activities were identified, beyond reactive inspections. Key examples cited within OID include the following:

  1. Reduced inspection target: For fiscal year 2025–26, inspection targets were lowered to give staff time to onboard to SharePoint, in alignment with the CNSC’s digital transformation initiative.
  2. Addressing Commission concerns: Increased focus has been placed on nuclear medicine use type due to performance challenges and Commission feedback.
  3. Targeted outreach: Outreach prioritizes high-risk use types, with persistent challenges. Increased engagement with industrial radiography licensees has contributed to a stronger safety culture and mitigated risks associated with inspection backlogs. OID staff attribute this progress largely to enhanced outreach initiatives and the establishment of a joint CNSC-industrial radiography working group in 2009. This group meets annually to discuss regulatory updates, emerging developments and other relevant matters.Footnote 2

Overall, interviews across the DNSR confirmed that staff are well informed about the procedures for modifying inspection plans in response to emerging risks or operational needs.

Risk-Informed Methodologies in Other Similar Organizations

The engagement team undertook a benchmarking exercise involving 4 federal government organizations and 4 international nuclear regulators, outlined in Appendix D. The findings of this comparative analysis indicate that, like DNSR, these organizations deploy distinct models to systematically rank risks. Each risk model considers factors that are specific to each of its regulated parties, rather than applying a generic approach. All 4 organizations include elements that resemble DNSR’s existing practices, highlighting a shared emphasis on tailored risk profiling, driven in part by a science-based model and expert opinion.

Similarly, all international nuclear regulators utilize a risk-informed inspection process, where the level of regulatory oversight is determined by factors such as the level of hazard and risk posed by the facility or activity, as well as the licensee’s safety and security record. These assessments are underpinned by qualitative and quantitative measures gathered through regulatory activities, like the frequency and significance of regulatory issues and incidents. Additional risk identification practices used by international regulators are also similar to DNSR’s processes, particularly within OID, which oversees nearly 2,000 licensees. This underscores the importance of allocating resources efficiently based on risk and complexity. For instance, inspection frequencies were recently revised so low-risk use types are no longer subjected to routine inspection.

It was also found that the use of reactive inspections is deployed across all benchmarked participants. For some participants, the number of reactive inspections conducted was contingent upon associated risk, while for others, a prescribed percentage of resources was allocated for reactive inspections during planning. For example, one federal government organization indicated that 15% of its plan is allocated for reactive inspections, while one of the international regulators indicated a 5% allocation. Anticipating reactive inspections in advance may reduce the risk of high workloads among staff, while ensuring that sufficient capacity is available for unexpected events as needed. This practice is also documented within OID, in which 30% of the inspection plan is reserved for reactive activities.

Resource Capacity

While recent changes in risk-informed inspection frequencies and centralized planning contribute to greater consistency and efficiency in the use of team resources, limited inspector capacity remains a significant challenge, as was consistently noted across interviewed DNSR staff. DNSR personnel emphasized the need for additional resources, particularly staffing and budgetary support, to help ensure the successful completion of planned and unplanned compliance verification activities. These challenges are especially pronounced during periods of staff turnover or when existing capacity and budget constraints are present. It was noted that time constraints and difficulties in recruiting and retaining qualified personnel have further compounded the issue of limited inspector availability. While licensing activities are outside the scope of this joint audit and evaluation, the engagement team met with NSRDLD staff to better understand its collaboration and communication with inspection counterparts in OID, given their involvement with shared licensees. Through these meetings, relevant experiences were shared pertaining to resourcing and workload challenges that may indirectly impact the work in OID.

Shortages in staff capacity and time constraints directly impact the ability to meet the baseline inspection frequencies, resulting in extended intervals between inspections. These delays may contribute to a decline in licensee performance or allow performance issues to go unnoticed. Staff turnover has been identified as an issue, particularly within OID and NSRDLD. Personnel noted that training new staff, filling in for staff on leave, supporting other initiatives and the limited number of carded inspectors have placed additional strain on available resources.

Additionally, training periods are noted to be long, with new inspectors typically requiring 1 to 2 years to develop the necessary expertise to independently and safely conduct inspections of medium-risk use types. This training involves mentoring by experienced staff, which can reduce capacity to meet the annual inspection plan. Recruitment and retention of specialized staff remain ongoing challenges, as inspectors may transfer to other CNSC divisions upon completion of training, using DNSR as a stepping stone to gain experience in the organization. These staffing pressures are further exacerbated by unpredictable licensing demands that further increase workload pressures.

To better understand turnover trends in these divisions, the engagement team reviewed staff movement data provided by the Human Resources Directorate (HRD) for the period between June 2022 and June 2025. The data revealed that both divisions have experienced a net reduction in staff over this 3-year period.  OID lost 3 individuals and NSRDLD lost two. Additionally, both divisions had 5 individuals each who assumed acting roles, which may have necessitated additional training and redistribution of responsibilities within their respective teams. A detailed breakdown of this data is presented in figure 2.

Figure 2: Staff Movement in OID and NSRDLD
June 2022 to June 2025 OID NSRDLD
Individuals who joined the division (temporarily or permanently) 10 5
Individuals who left the division (temporarily or permanently) 13 7
Net reduction in staff over 3-year period 3 2

To address ongoing challenges related to staff turnover and salary budget constraints, the DNSR presented a business case to the DG Advisory Committee in June 2025. At the time of this engagement, the business case remained under review and was not yet submitted for formal consideration.

At the corporate level, the Strategic Workforce Plan developed by the HRD addresses the above noted risks, particularly those linked to the talent shortage in the nuclear industry. The plan includes initiatives aimed at refreshing recruitment efforts, such as pursing non-traditional candidates to expand talent pipelines, diversifying talent segments and exploring reciprocal agreements with industry partners. To support retention, HRD intends to conduct environmental scanning to identify best practices and will develop a tailored implementation plan for CNSC. According to the plan, these initiatives have been actively underway since 2024 and are expected to continue throughout 2028.

Currently, the CNSC has several monetary and non-monetary retention practices implemented that may help mitigate the turnover challenges experienced within DNSR over the longer term. A notable non-monetary retention practice at the CNSC is the career progression program to build a skilled and agile workforce. Key outcomes include the progression of high-performing employees through reclassification, increased employee satisfaction and flexibility for managers as they build their workforce. Currently, DNSR regional inspectors are one of the 2 core job families participating in the program. Career progression for DNSR regional inspectors is outlined in the Regional Inspector Progression Directive, which specifies criteria for education, training, and knowledge requirements across regional inspector levels (REG-4 to REG-6). At the REG-4 level, through on-the-job training, inspectors learn to conduct low- and medium-risk inspections. By REG-5 level, an inspector is expected to have completed all requirements within the Inspector Training and Qualification Program and to have earned an inspector’s card allowing them to conduct low- and medium-risk inspections. At REG-6, an inspector can independently conduct high-risk inspections. In addition to strengthening the workforce, this program fosters both employee retention and operational continuity.

Other examples of non-monetary retention practices at the CNSC include flexible work schedules, training and development opportunities, and access to employee assistance programs. In terms of monetary retention practices, a new $5,000 pensionable annual retention allowance was introduced in the collective agreement effective April 1, 2024. This allowance applies to all incumbents who are at the maximum level of the wage grids for the REG-6, REG-7and REG-7TS classifications. While this is a positive step forward, it does not directly address retention challenges for staff below the REG 6 level or not yet at the maximum wage grid.

It is worth noting that similar, and in some cases more extensive, retention practices have been identified through publicly available information on a similar international nuclear regulator. For example, one international regulator offers a broader range of incentives to retain employees in positions fulfilling special agency needs.Footnote 3 Appendix E provides a comparative overview of the retention practices employed by the CNSC and a similar organization.

There is an opportunity to further explore the applicability of the other retention practices to alleviate turnover challenges. Given the frequency of internal transfers within the organization, it may also be beneficial to examine mechanisms to minimize disruption from employee movement between divisions. This could include implementing measures to support operational continuity, such as establishing agreed-upon transitional periods between transferring divisions and developing contingency plans to manage potential workload gaps to ensure alignment with branch-wide priorities.

Conclusion

DNSR’s risk management processes include strong mechanisms to ensure that its inspections are informed by the associated levels of risk. This includes periodic reviews of risk rankings, and documented guidance to support staff. Benchmarking results indicate that other nuclear regulators similarly deploy distinct models to systematically rank risks. Inspections are aligned with established plans, priorities, risks and procedural requirements, and adjusted as needed based on emerging risks. To address staff capacity and workload challenges, DNSR has implemented measures such as the career progression program, tiered prioritization of backlogged inspections, optimized inspection scheduling and reduced-scope inspections.

In terms of workload capacity and turnover challenges, there is an opportunity to explore the use of the other retention practices identified in the industry, along with the implementation of internal controls over internal employee transfers.

Recommendation

  1. It is recommended that DNSR, in consultation with HRD, implement additional mechanisms to minimize disruption from employee movement between divisions to manage potential workload gaps while strengthening operational continuity.

Operations, Information and Knowledge Management

Operations management is the administration of business practices to build efficiency within an organization.Footnote 4  InformationFootnote 5 and knowledgeFootnote 6 management serve to identify, collect, store and disseminate information to harness collective knowledge within an organization. The engagement expected to see a formal approach to information and knowledge management to promote the effectiveness and business continuity of DNSR’s compliance verification activities. This includes the consistent use of tools that deliver accessible, reliable and accurate information, and effective collaboration within the directorate.

Key findings

The engagement found that the use of information management (IM) tools is consistent within each DNSR division, with staff showing a keen interest in adopting the more modern tools being introduced through the CNSC Digital Strategy. However, inconsistencies persist across divisions, partly due to the performance limitations of legacy systems. These challenges have led staff to develop workaround solutions that are not supported by the Information Management and Technology Directorate (IMTD). These challenges are expected to be resolved once the legacy systems are decommissioned by 2027.

Interviews with DNSR personnel confirmed that collaboration is strong within divisions and across regional offices. Opportunities exist to enhance collaboration between the OID and the NSRDLD. Suggestions for improvement point to increasing communication and fostering more ground-level collaborative initiatives.

Information Management in DNSR

DNSR personnel use a variety of digital tools for the purposes of information management. Appendix G identifies the main tools used across the CNSC and their general application within DNSR. Several tools, such as e-Access, the Regulatory Information Bank (RIB) and LOUIS are legacy systems scheduled for decommissioning as part of the CNSC’s digital transformation strategy.

DNSR staff have shown strong interest in adopting modern tools introduced through this initiative. Some examples currently used by staff include workflow automation and project management tools. User feedback suggests that these tools enhance work organization and efficiency. However, DNSR personnel remain uncertain about the effectiveness of existing legacy systems in place, the limited support available and the transition process once these systems are phased out.

Interviews demonstrated significant operational challenges with LOUIS. There is a strong consensus among staff that LOUIS is no longer fit for purpose, with persistent issues such as slow performance, frequent crashes, lack of basic functionality (e.g., spell check), and inefficient data entry processes. These limitations directly impact staff productivity. Additionally, concerns are mounting regarding potential data loss, limited support from IMTD, the absence of a clear, actional plan to address system failures or to guide a full transition to a more modern and reliable platform. To better understand LOUIS’ performance in a production environment, the engagement participated in a system walkthrough. This exercise validated staff feedback, confirming that the tool’s slow performance contributes to operational inefficiencies.

Through a staff survey administered by the engagement team, DNSR personnel were invited to suggest improvements to compliance verification activities across planning, conduct and reporting phases. Of the 28 respondents, a majority highlighted the urgent need to modernize tools and systems, particularly the LOUIS database and outdated report-writing software, which were described as inefficient, prone to errors, and overly time-consuming. These findings align with insights gathered during interviews and the LOUIS walkthrough.

Rather than replacing each legacy system individually, there is an intention to utilize MS365 tools to provide the capabilities from LOUIS, RIB and the Case Management System. According to IMTD, the intent is not to replace each individual system, but to identify DNSR business requirements and re-platform them into one unified solution and streamline business processes. The target date for this implementation is in 2027.  At the time of this engagement, minimal actions have been initiated to address ongoing issues with the legacy systems used for compliance verification processes, given the pending change in tools. Currently, effort is focused on developing a unified information management system to implement using SharePoint. In preparation for the implementation of the unified IM system and adoption of M365 tools, a team within DNSR has developed a comprehensive business requirements document outlining the needs of the directorate. It is essential that DNSR allocates appropriate resources to support this initiative, and that these requirements are consistently considered throughout the development of the unified system.

Information Management in Other Similar Organizations

The benchmarking exercise identified 4 organizations with an efficient and integrated software system for IM purposes. Findings are outlined in figure 3. These findings are timely, given that the CNSC is in the initial stages of planning its transition from legacy systems.

Figure 3: Information management at other international nuclear regulators and Canadian federal government organizations

  • One international nuclear regulator developed its information system as part of a strategy to digitize key tasks, increase accessibility and visibility of information, and enhance efficiency and effectiveness of its regulatory team. Inspection data in this system was controlled and aggregated in one place so that inspectors could see trends in compliance. There was also a secure link where licensees could seamlessly upload files for inspectors, this was a suggested opportunity for improvement raised in the DNSR licensee survey.
  • One international nuclear regulator used an in-house developed digital tool to plan, conduct, report and document their inspection activities. It provided a web-based online tool for concurrent input by multiple inspectors working on a team inspection.
  • One Canadian federal department built its information system using an integrated, modularized workflow approach for several activities, including but not limited to, compliance verification, remediation, and other enforcement activities. Their information system supported planning, conditional oversight and data analysis.
  • One Canadian federal department developed an in-house information management tool, which supported risk assessment activities, compliance and related information tracking.

Collaboration and Knowledge Management

Interviews with DNSR personnel confirmed the existence of both formal and informal mechanisms supporting collaboration across the directorate. While practices vary by division, there is a general consensus that collaboration is strong within individual divisions and across regional offices. However, opportunities remain to enhance collaboration between OID and NSRDLD.

In the ACFD, collaboration is evident and well-documented at various stages. For example:

  • The development of the annual inspection plan involves coordination and communication with key stakeholders from across the division. This process is clearly documented and was communicated effectively to staff, as confirmed through interviews.
  • A formal exercise occurs at the conclusion of each inspection, where the lead inspector and team deliver a technical review presentation summarizing findings. These regularly scheduled ACFD meetings promote consistency in compliance interpretations and serve as a platform for collaboratively sharing lessons learned.

In the OID, collaboration is also well-documented and occurs at multiple stages. Key examples include:

  • The annual inspection planning process incorporates input from key stakeholders across the division. Collaboration is demonstrated through a robust analysis involving regional office supervisors, project officers and the OID director. The result is a proposed inspection plan reflecting this collective input.
  • Inspectors noted inter-regional collaboration, such as temporarily deploying staff to other regional offices to support the timely completion of inspections, as well as the exchange of inspection findings and recommendations.

There is documented evidence of ongoing collaboration between OID and NSRDLD. For instance, there are regular joint outreach meetings with new licensees each year. During these meetings, a licensing specialist provides an overview of the licence and CNSC website, while a representative from OID explains the inspection process. Additionally, NSRDLD licensing specialists have the opportunity to accompany OID inspectors on inspections. This occurs where feasible, based on workload and scheduling. Although these active efforts are underway, interviews with staff from both groups highlighted challenges in interdivisional collaboration. While both groups identified overlapping issues, some of their proposed mitigation strategies varied in some respects. Both divisions also acknowledged that communication related to inspections has been inconsistent. To improve this, they proposed the more consistent inclusion of licensing specialists in inspection notifications and follow-up communications, which is expected to support continuity, particularly during periods of high workload or staff transitions. This was also raised in the DNSR staff survey, reinforcing the importance of consistent communication between the two divisions. Furthermore, the international benchmarking exercise revealed a best practice in this area. In France, inspections for medical purposes are integrated with the ASN's licensing delivery procedures, including inspections preceding the operation of nuclear activities and periodic inspections which occur during the licence renewal process. Additionally, they noted that current feedback mechanisms and decision-making processes often result in limited communication of outcomes. The NSRDLD-OID working group was noted as an example, which is intended to support decision-making at the ground level without escalation. Despite its intent, the group’s impact has been constrained by inconsistent communication and follow through of decisions. Both divisions agreed that improving the documentation and implementation of decisions would ensure clarity and accountability.

Additional challenges identified, though not shared by both groups, include the following:

  • The emphasis placed on certain SCAs varies across regional offices due to differing circumstances, such as the concentration of particular use types within each region. This may result in a disproportionate number of license amendment requests across offices.  While this variation is typical within the OID, it can create uncertainty around expectations for staff in NSRDLD, who serve as the primary point of contact for licensees. These challenges are pronounced when licensees operate across multiple regions, requiring additional coordination and effort from licensing staff. Enhancing communication between both divisions may help to clarify expectations.
  • Despite high workloads in both divisions, efforts have been made to increase cross-divisional outreach and to ensure that licensing specialists accompany OID inspectors during inspections, where feasible and relevant. To further strengthen collaboration and support joint decision making, suggestions raised by staff included involving OID staff in pre-licensing assessments and continuing shadowing opportunities.

Conclusion

Overall, the use of IM tools is consistent within each DNSR division. Legacy tools continue to present challenges, including poor system performance, limited functionality, and inefficient data entry. Uncertainty around their replacement has led to the adoption of unsupported alternatives, which may not have sufficient quality controls built in and are not officially supported should issues arise within the applications. The CNSC Digital Strategy includes a high-level decommissioning schedule for the legacy tools and outlines plans to implement a unified system integrating compliance and licensing functionalities by 2027. While this is a positive step, it is imperative that DNSR allocates sufficient resources to support this initiative.

As part of its benchmarking exercise, the engagement team identified four organizations using integrated IM systems. This is relevant, given that the CNSC is in the initial stages of planning its transition from legacy systems. It would be advantageous for the CNSC to consider both the IM practices identified in this report, and the feedback from DNSR staff, when implementing the CNSC Digital Strategy initiatives.

In addition to IM considerations, collaboration practices were also examined. It was noted that collaboration is strong within each division. However, DNSR personnel identified opportunities to enhance coordination between the licensing and compliance groups. These opportunities primarily relate to improving communication, increasing collaboration through more joint meetings, and ensuring consistent application of practices and terminology.

Recommendations

  1. It is recommended that DNSR allocate resources to support the definition and development of the new unified system implementation.
  2. It is recommended that DNSR increase collaboration to strengthen coordination, effectiveness and communication between the OID and NSRDLD, such as including licensing specialists in inspection notification memos and other relevant communications to support consistency and foster mutual understanding or processes. This will help align expectations and practices across divisions and regions.

Effectiveness – Performance Measurement, Monitoring and Reporting

Performance measurement is a systematic approach used to assess the efficiency and effectiveness of projects, programs and initiatives in an organization to ensure that desired outcomes are achieved.Footnote 7  The engagement expected to find appropriate performance measures linked to planned results that are continuously monitored and reported on periodically.

Key findings

The engagement found that DNSR compliance verification activities are consistently monitored against planned results and periodically reported to management, with an adequate process to manage performance data related to activities.

Compliance verification activity indicators appear achievable and measurable, with most performance metrics meeting targets in FY 2024–25. The percentage of annual compliance reports reviewed has missed its target for 3 consecutive years. While management has noted that this does not negatively impact safety, it is worth examining the value of this metric. Further, there is an opportunity to modify performance indicators to improve visibility of inspection backlogs and trends.

It appears that CNSC compliance verification activities have a positive influence on the safety culture of licensees, and that inspections are perceived as value-added activities. Licensees agree that the CNSC’s compliance activities are a driver for continuous improvement, and the CNSC’s processes are mostly understood among licensees. The value added from inspections and ACRs varies across respondents, with the majority viewing inspections more favorably.

Performance Metrics and Planned Results

Documentation review and interviews demonstrate that a robust process is in place to collect, store, and analyze DNSR’s performance data on inspections. This process is a collaborative effort involving a Senior Program Officer from the TLSSD, who compiles and tracks the data throughout the year, and stakeholders from the Strategic Planning Directorate (SPD) within the Regulatory Affairs Branch (RAB), who maintain corporate-level performance data for reporting. Stakeholder interviews confirmed that this process is well understood by staff.

Performance indicators for DNSR’s risk-informed compliance verification activities are clearly defined, documented and align with the planned results established for the Nuclear Substances and Prescribed Equipment Program. Stakeholder perceptions on the validity and usefulness of the current performance indicators suggest that indicators are useful for decision making, specifically to adjust the timing of the inspection plan and provide a good sense of licensee performance. The performance information profile (PIP) for the program consists of 6 performance indicators that pertain to DNSR’s compliance verification activities, including:

  1. Number of inspections conducted
  2. Percentage of planned vs. actual inspections
  3. Number of annual compliance reports (ACRs) reviewed
  4. Percentage of Type II inspection reports issued within service standards
  5. Percentage of Type I inspection reports issued within service standards
  6. Percentage of satisfactory grades for Type II inspections

Actual productivity performance of DNSR compliance verification activities is documented, measured against planned results, reported to required authority levels and factors into decision making. On a quarterly basis, the first 3 indicators noted above are compiled by SPD and presented to the Management Committee. The remaining indicators are tracked and maintained internally within DNSR. In addition to the performance indicators outlined above, licensee performance is monitored and reported annually in the Regulatory Oversight Report on the Use of Nuclear Substances. These robust reports offer information on the safety performance of DNSR licensees in the medical, industrial, academic and research and commercial sectors. The metrics used include compliance performance, enforcement actions, doses to workers and reportable events. These metrics are valuable for tracking outcomes and should be included as part of CNSC’s corporate reporting process to support transparency and informed decision-making.

As noted in the first 2 phases of IAEED’s Joint Audit and Evaluation of the CNSC’s Risk-Informed Compliance Verification Processes, specific metrics pertaining to Gender-based Analysis PlusFootnote 8 (GBA Plus) were not captured in any performance indicators and awareness of its relevance to compliance verification programs was limited. A GBA Plus lens could be applied within the program in various ways, such as reviewing tools, templates and communication products for gendered language. Incorporating such practices may also help to ensure that the CNSC is meeting mandatory federal GBA Plus requirements.

At the time of the engagement, the CNSC’s GBA Plus responsibility centre had limited capacity to proactively support organizational efforts. Therefore, a low level of awareness and understanding was expected. While no evidence suggested this had a negative impact on staff or licensees, a management action plan was developed to address the gap.

To ensure consistency and avoid duplicative efforts across directorates, a branch-level approach, led by SPD in its role as the CNSC’s GBA Plus Responsibility Centre, was recommended. The recommendation included 2 key actions:

  1. Raise awareness of GBA Plus best practices across ROB
  2. Provide guidance on how a GBA Plus lens may be applied to relevant compliance activities

The first action has been completed, the second is underway, with planning in progress to meet the targeted completion date of April 2026.

The NSC’s GBA Plus Responsibility Centre reports on GBA Plus in the Departmental Plan and Departmental Results Report, as required by the Treasury Board. According to Women and Gender Equality Canada, the role of a GBA Plus Responsibility Centre is to lead, support and monitor implementation of a GBA Plus framework, and to provide oversight, direction and promotion of GBA Plus across an organization. However, responsibility for GBA Plus extends across the entire organization and to all individuals, from the senior managers who endorse the policy or statement of intent, to the subject matter experts, who are best positioned to apply GBA Plus to specific issues.

In this third and final phase of the engagement, interviews with some DNSR personnel demonstrated a strong awareness of GBA Plus, supported by real-life workplace examples. In ACFD, it was noted that there is a strong informal culture of accommodation, with flexible planning and support for personal needs, ranging from physical disabilities to family responsibilities. In OID, examples were also cited, such as adopting gender-neutral language in official communications (e.g., inspection reports and letters), pairing inspectors in challenging environments and creating safe spaces to raise concerns with their director or supervisor.

Achievement of Performance Activity Measures

Based on DNSR’s performance reporting dashboard, compliance verification activities appear to be both achievable and measurable. In fiscal year 2024–25, most performance targets were met, as outlined in figure 4. The results have demonstrated consistency over time, with the percentage of planned versus actual DNSR inspections achieving the target of 80% for the third consecutive year, dating back to 2022–23.

Figure 4:  2024-25 DNSR performance results
Indicator Planned/target Actual
Planned inspections completed 900 952
Percentage of Type II reports Issued as per service standard 80% 98.75%
Percentage of Type I reports issued as per service standard 80% 100%
Percentage of satisfactory grades for Type II inspection 90% 94.63%

While this indicator suggests a generally positive result, it does not clearly reflect the challenges in meeting baseline inspection frequencies. As of June 2025, there were 3,187 high- and medium-risk inspectable locations across 4 sectors.  Of these, 37% had not been inspected within their prescribed baseline frequency, 17% had never been inspected, and 11% had been overdue since May 2023 (see figure 5). There is an opportunity to update existing performance indicators to capture inspection backlogs and trends over time. Doing so would provide greater visibility into resource and capacity constraints and better support operational decision making.

Figure 5: Baseline inspection frequency completion: High- and medium-risk locations
Sector Total inspectable locations Inspected within baseline frequency Not inspected within baseline frequency Never been inspected Overdue since May 2023
Academic and research 528 196 332 84 172
Commercial 173 88 85 39 30
Industrial 1845 1243 602 337 113
Medical 641 472 169 72 24
Total 3187

1999

(63%)

1188

(37%)

532

(17%)

339

(11%)

Additionally, the percentage of ACRs reviewed has not achieved the target of 80% in fiscal year 2024-25, continuing a trend observed over the past 3 years, as shown in figure 6. According to management, this has no impact on safety. It is worth exploring the ACR process to ensure that the review of ACRs and the indicator add value given the workload pressure in DNSR.  It is also important to ensure that any missing ACR submissions are followed up on, as this could indicate that a licensee has gone out of business or is facing other challenges that may indirectly impact safety.

Figure 6: Percentage of annual compliance reports reviewed
Fiscal year Planned (%) Actual (5)
2024-25 80 41.80
2023-24 80 48.05
2022-23 80 70.46

The engagement team conducted an external survey of DNSR licensees, and several comments raised about ACRs may warrant further consideration. These largely pertained to perceptions that ACRs do not add value to their organization, noting that the same data is recorded in other documents and that safety practices are followed regardless.

According to DNSR management, recently introduced tools as part of the CNSC’s Digital Strategy, are used to track the receipt of ACR information from licensees and support staff in completing ACR reviews. It was indicated that these changes have helped staff save time when completing ACR assessments. While this is a positive development, there is still an opportunity to further improve and/or re-evaluate the process, as the annual ACR review target has not been met in recent years, and feedback from the survey also points to some areas for improvement.

Program Effectiveness

The engagement found that the majority of DNSR licensees perceive the CNSC’s compliance verification program positively and considered it effective overall.

The engagement team conducted a survey of 1,579 DNSR licensees (respondents) in May 2025 to evaluate the effectiveness of CNSC’s compliance verification program within DNSR. The response rate was 44%, with 687 responses received. The survey explored a range of topics, including clarity of regulatory regulations, overall understanding of CNSC’s compliance verification processes, how regulated parties have adopted a safety culture, the impact of compliance verification activities, and areas for improvement. The majority of licensees respondents agreed that:

  • regulatory requirements are clear.
  • CNSC applies a risk-informed approach in the selection and conduct of its compliance verification activities.
  • CNSC’s compliance verification activities influence the safety culture or safe work practices of their organization.
  • CNSC’s inspections and annual compliance reports add value by increasing the efficiency and effectiveness of an organization’s resources in completing their safety activities. Comparatively, a larger proportion of respondents agree that inspections add more value compared to ACRs.

Two recurring themes were identified in the 568 open-ended responses regarding the extent to which the CNSC’s ACRs increase the efficiency and effectiveness of their organization’s resources in completing safety activities. Responses were mixed and include:

  • ACRs positively impact efficiency (284 mentions): Respondents perceive the activities associated with annual reporting as helpful for improving the efficiency of operations.
  • ACRs do not positively impact efficiency (227 mentions): A similar number of respondents expressed that ACRs do not positively influence efficiency, although many did not elaborate as to why. Some expressed that ACRs request duplicative information with other safety compliance activities or that ACRs are time-consuming.
  • ACRS do not add value to their organization (99 mentions): Respondents expressed a perception that ACRs not add value to the organization because the same data is recorded in other documents and they follow safety practices regardless.

Conclusion

Clearly defined performance metrics, primarily focused on productivity, are in place within DNSR to ensure risk-informed compliance verification inspections are carried out successfully and are linked to planned results. Productivity metrics are measured against planned activities, reported to required authority levels and factor into decision making. Additionally, compliance verification activities appear achievable and measurable, with most performance metrics meeting targets in FY 2024–25. The CNSC’s compliance verification program is viewed by licensees positively and considered effective overall.

To better understand licensee performance and support informed decision making, existing performance information can be leveraged to support more robust analytical efforts, providing greater visibility into inspection backlogs and long-term performance trends. Additionally, the percentage of annual compliance reports reviewed has missed its target for 3 consecutive years. This warrants further examination to determine the value of this metric. It’s worth noting that ACRs had mixed response in the licensee survey, with the majority viewing inspections more favourably.

Recommendation

  1. It is recommended that DNSR, in consultation with SPD, leverage existing outcomes-based performance indicators into the corporate reporting process to enhance transparency of inspection backlogs and capacity constraints. This will support informed decision making and provide greater insight into operational challenges.

Overall Conclusion

DNSR’s risk-informed compliance verification processes are supported by a comprehensive governance framework, with personnel demonstrating strong knowledge of the documented guidance in place to support this work. Performance metrics are clearly defined, regularly measured and monitored, with most targets achieved for fiscal year 2024–25. The separation of licensing and compliance functions between the OID and NSRDLD was found to be highly effective in managing the large volume of licensed activities. Risk management processes include strong mechanisms to ensure that inspections are consistent with associated levels of risk, and benchmarking results confirm that similar approaches are used by other nuclear regulators. In terms of staff capacity and retention challenges, DNSR has made significant progress by implementing the career progression program for regional inspectors. Overall, the results of the DNSR licensee survey indicate that DNSR’s compliance verification program is perceived to be effective.

There is an opportunity to ensure that the existing inspection sampling methodology is followed, which should strengthen oversight of larger licensees with multiple locations. Workload capacity and turnover challenges continue to impact risk management processes, highlighting the need to explore alternative strategies, such as the use of monetary retention practices used in industry. Persistent challenges of legacy tools hinder productivity; it is imperative that the needs outlined in DNSR’s business requirements document are considered in the development of the replacement unified system. Collaboration between licensing and compliance could also be strengthened through more joint meetings, improved communication and the consistent application of practices and terminology. Additionally, it is worth examining the value of measuring the percentage of ACRs reviewed on an annual basis, as well as incorporating more outcomes-based performance indicators into the quarterly reporting process to support informed decision making.

The successful implementation of the recommendations identified in this report, along with the completion of other initiatives already underway by management, will strengthen DNSR’s risk-informed compliance verification processes at the CNSC. A management action plan to address the recommendations of this joint audit and evaluation can be found in appendix A.

Appendices

Appendix A: Observations, Recommendations, and Management Action Plans

Observation Recommendation Management action plan
1. Given the frequency of internal transfers within the organization, it may be beneficial to examine mechanisms to minimize disruption from employee movement between divisions. This could include implementing measures to support operational continuity, such as establishing agreed-upon transitional periods between transferring divisions, developing contingency plans to manage potential workload gaps and requiring vice president-level approval to ensure alignment with directorate-wide priorities. 1. It is recommended that DNSR, in consultation with HRD, implement additional mechanisms to minimize disruption from employee movement between divisions to manage potential workload gaps while strengthening operational continuity.

As part of DNSR’s ongoing business case for an increase in salary budget, IPRMC approved 5 additional FTEs for the directorate, to be allocated at the start of FY 2026–27. This will help alleviate DNSR’s workload pressures. In Q4 2025–26, IPRMC is expected to make a decision regarding the allocation of additional FTEs.

In the meantime, DNSR will also collaborate with HRD to develop a strategic workforce plan with appropriate mitigation measures to proactively address staff turnover and ensure organizational resilience.

Action owner: DG, DNSR

Target completion date: March 2026
2. There is a strong consensus among staff that LOUIS is no longer fit for purpose, with persistent issues such as slow performance, frequent crashes, lack of basic functionality (e.g., spell check), and inefficient data entry processes. These limitations directly impact staff productivity. In preparation for the implementation of the unified IM system and adoption of M365 tools, a team within DNSR has developed a comprehensive business requirements document outlining the needs of the directorate. It is essential that DNSR allocate appropriate resources to support this initiative, and that these requirements be consistently considered throughout the development of the unified system. 2. It is recommended that DNSR allocate resources to support the definition and development of the new unified system implementation.

For the past 4 years, DNSR has prioritized digital transformation. The directorate was one of the first within Operations to be onboarded to SharePoint, and it consistently allocates resources to this initiative.

As noted above, DNSR will receive an additional 5 FTEs in FY 2026–27. In light of this development, DNSR has allocated 0.6 FTEs to advancing digital transformation efforts in the 2026–27 operational plan.

DNSR will continue to evaluate the effort required for digital transformation once there are additional details regarding the phasing out of the legacy systems, including LOUIS, and will allocate additional resources as necessary.

Action owner: DG, DNSR

Target completion date: January 2026
3. Although collaboration within each division is strong, interviews from both the NSRDLD and OID identified persistent challenges in inter-divisional collaboration. Both divisions acknowledged that communication related to inspections has been inconsistent. To improve this, they proposed the more consistent inclusion of licensing specialists in inspection notifications and follow-up communications, which is expected to support continuity, particularly during periods of high workload or staff transitions. Additionally, they noted that current feedback mechanisms and decision-making processes often result in limited communication of outcomes. 3. It is recommended that DNSR increase collaboration to strengthen coordination, effectiveness and communication between the OID and NSRDLD, such as including licensing specialists in inspection notification memos and other relevant communications to support consistency and foster mutual understanding or processes. This will help align expectations and practices across divisions and regions.

The directors of OID and NSRDLD manage the NSRD program (the CNSC’s largest regulatory program) and during the last 5 years implemented measures to strengthen coordination, effectiveness and collaboration between the 2 divisions.  These include: the Program Working Group, licensing specialists accompanying inspectors on inspection and working together to address licensees with systemic poor performance.

  1. To further improve the consistency of communication and follow through of decisions made by the Program Working Group (PWG), NSRD management will:
    1. Explore with the PWG co-chairs how best to leverage the MS 365 tools to document the group’s work, improve its accessibility to the wider program and more clearly communicate decisions for implementation.
    2. Survey OID and NSRDLD staff to identify areas for improvement in the NSRD program.
  2. Director OID will ensure that inspectors include licensing specialists on notifications sent to licensees regarding planned inspections.  While the NSRD inspection plan is already shared with NSRDLD, given the high volume of licensees, this additional step to consistently include licensing specialists on these notifications will increase awareness of upcoming planned inspections and provide them the opportunity to raise and/or discuss with inspectors any concerns licensing may have with the licensee ahead of the inspection.

Action owner: DG, DNSR

Action lead(s): Directors of OID and NSRDLD

Target completion dates:

  1. February 2026
  2. November 2025
4. While performance indicator on the percentage of planned inspections completed suggests a generally positive result over 3 years, it does not clearly reflect the challenges in meeting baseline inspection frequencies. As of June 2025, there were 3,187 high and medium risk inspectable locations across 4 sectors.  Of these, 37% had not been inspected within their prescribed baseline frequency, 17% had never been inspected, and 11% had been overdue since May 2023. There is an opportunity to enhance existing performance indicators to capture inspection backlogs and trends over time. Doing so would provide greater visibility into resource and capacity constraints and better support operational decision making. Additionally, it is worth exploring the value of the ACR indicator, given the limited impact on safety and low results over recent reporting periods. 4. It is recommended that DNSR, in consultation with SPD, leverage existing outcomes-based performance indicators into the corporate reporting process to enhance transparency of inspection backlogs and capacity constraints. This exercise should also review existing performance indicators to ensure they remain relevant and add value. This will support informed decision making and provide greater insight into operational challenges.
  1. DNSR will explore ways to incorporate the performance indicators used in external reporting into the internal reporting process.
  2. Treasury Board Secretariat is planning to release an update to the federal government’s Policy on Results in 2026. Once that new policy is released, SPD will launch a review of the CNSC’s performance information profiles (PIPs). That will provide the opportunity for DNSR to update its PIP with the additional performance indicators.

Action owner: DG, DNSR

Target completion date:

  1. June 2026
  2. January 2027

Appendix B: Audit Criteria and Evaluation Indicators

Objectives Criteria/Indicators Data source/Method
Governance
Audit sub-objective 1.1: A governance framework is in place to ensure adequate oversight of risk-informed inspection planning.

1.1.1: Responsibility and accountability are clear and communicated with respect to risk-informed inspection planning activities across the CNSC, specifically between ROB and TSB.

1.1.2: There is clear governance with respect to identifying reactive inspections.

1.1.3- The existing operating structure ensures that compliance verification activities are carried out effectively.

Document review

Internal interviews
Risk management
Audit sub-objective 2.1: There are defined processes and practices to plan and prioritize inspections using a risk-informed approach. 2.1.1: There are processes in place to support risk-informed inspection planning across the CNSC, which incorporates key factors, such as licensee performance.

Document review

Internal interviews
Audit sub-objective 2.2: Mechanisms are in place to ensure that inspection planning and the conduct of inspections are consistent with its associated level of risk.

2.2.1: Risk-informed inspection plans are periodically reviewed to ensure relevancy and accuracy of risks.

2.2.2: A review and approval process is in place for modifying existing risk-informed inspection plans.

2.2.3: There are processes in place for identifying and subsequently documenting risks and/or triggers for reactive inspections.

2.2.4: The CNSC conducts inspections that are consistent with established plans, priorities, risks and with its own procedures.

2.2.5: Tools and guidance are provided to support risk-informed inspection planning.

2.2.6: Tools and templates (e.g., inspection guides) are available to support staff when developing multi-year risk-based inspection plans and conducting inspections.

Document review

Internal interviews

Audit testing of completed inspections
Audit sub-objective 2.3: Sufficient resourcing is available to ensure that compliance verification activities are completed as planned. 2.3.1: Sufficient resources (e.g., staff & budget) are in place to support the successful completion of planned and unplanned compliance verification activities

Document review

Internal interviews
Operations, Information and knowledge management
Audit sub-objective 3.1: Management has a formal approach to information and knowledge management to ensure knowledge continuity.

3.1.1: Information management tools are consistently used across directorates, well documented, and deliver accessible, consistent, reliable and accurate information.

3.1.2: Processes and procedures have been developed, implemented and communicated to support collaboration.

Document review

Internal interviews
Effectiveness – Performance measurement, monitoring and reporting
Evaluation question 1: Is the delivery of compliance inspection services effective?

EQ 1.1: Effectiveness of program delivery, best practices and areas for improvement

  1. Views on collaboration: Between and among directorates, with specialists, with other branches (e.g., ROB)
  2. Views on capacity of resources
  3. Views on how GBA+ has been incorporated into programs
  4. How is safety culture included in the compliance verification of the licensees and is it effective?

Document review

Internal interviews

Benchmarking

Survey of licensees
Evaluation question 2: Is the program set up to report on progress and performance in a way that tells the full story of program success? Are changes required to current indicators, and/or options to add new ones? Are changes required to the collection, storage and tracking of data?

EQ 2.1: State of quality, consistency, coverage and timing of data

collection and reporting

  1. Perceptions on validity and usefulness of current performance indicators
  2. State of quality, consistency, coverage and timing of data collection and reporting
  3. Systems and processes in place to store, collect and analyze performance data
  4. Limitations encountered during the collection, storage, analysis, tracking, and use of performance data
  5. Perceptions on possible new indicators and opportunities for improvement to processes
  6. Indicators currently being tracked by the program (covered by audit sub-objective 4

Document review

Internal interviews

Benchmarking
Audit sub-objective 4.1: Management has identified appropriate performance measures linked to planned results.

4.1.1: Performance metrics for planned compliance verification activities are clearly defined and documented to ensure risk-informed inspection plans and related activities are carried out successfully.

4.1.2: Planned compliance verification activities are achievable and measurable.

Document review

Internal interviews
Audit sub-objective 4.2: Management monitors actual performance against planned results and adjusts course as needed. 4.2.1: Results of performance measurement are documented, are reported to required authority levels and factor into decision-making.

Document review

Internal interviews
Effectiveness – Outcomes achievement
Evaluation question 3: To what extent has the program made progress towards achieving its compliance inspection intended outcomes?

EQ 3.1: Evidence that risks are identified, monitored and

controlled (i.e., key performance indicators are defined and measured)

  1. Outcomes produced related to (see logic models and PIP indicators):
    • Stakeholders understand regulatory requirements
    • Compliance verification is conducted in an effective, efficient and risk-informed manner
  2. Performance targets have been met
  3. Perceptions on factors facilitating or hindering the achievement of outcomes

Performance data review

Internal interviews

Survey of licensees

Appendix C: DNSR Compliance Verification activities

Compliance verification activity Description
Desktop review When assessing licence applications, CNSC staff review all activities proposed by the applicant to ensure compliance with regulations. The same is true of any information submitted by current licensees who wish to make amendments to their licence(s). Inspectors also perform desktop reviews prior to visiting licensees for Type I or Type II inspections. The licensee's most recent documentation is reviewed as well as annual compliance reports and incident reports (if applicable) that have been submitted since the last inspection. This helps ensure that inspectors are fully informed on relevant information and the licensee's operations before visiting the licensee site.
Type I Inspection Type I inspections evaluate programs or processes described in the licensing basis and typically consist of a documentation review and an onsite visit.
Type II Inspection Type II inspections evaluate the outputs of programs and documents identified in the licensing basis and typically consist of a documentation review and an onsite visit.
Reactive Inspection These consist of compliance verification activities that are not part of the baseline compliance verification plan. They may include compliance verification activities dependent on external factors outside of CNSC control, such as scheduling of maintenance outages or major projects, or in response to inputs. Necessary reactive compliance verification activities are identified based on areas that require or appear to require further regulatory attention.

Appendix D: IT Tools for DNSR Compliance Verification Activities

IT tool/function How it is Used by DNSR staff
Licensing Operations User Integrated Systems* A computer application and database to manage licensing information on ACFD and OID licensees and a repository for OID inspections.
Inspection buddy An internally developed advanced spreadsheet used as database for retaining ACFD inspection data on scope, findings and compliance status.
Harmonized inspection tool An internally developed application that generates electronic preliminary inspection reports within OID.
Case Management System A web-based system to store licensing documentation in NSRDLD.
Regulatory Information Bank A web-based system tracking actions from inspection reports.
e-Access* A filing repository to securely manage work documents.
Events Information Tracking System* A web-based system to manage information on events reported to DNSR.
Spreadsheets A program used to organize and data. Used across divisions to plan and track inspections and to calculate performance indicators.
Word processing A document creation and editing application to write key documents.
Data visualization A tool to create, analyze and present data through interactive dashboards and reports. Used by staff for quarterly performance reporting.
Electronic presentations A visual communication platform used to create presentations, such as technical reviews after ACFD inspections.
Digital notetaking An application used to capture, organize and share notes. This is commonly used in the field during inspections.
Task and project management A collaborative planning tool to organize tasks, assign responsibilities, set deadlines, and track progress. It is used by some staff to track inspections and organize work.
Custom list and data tracking A flexible tool for creating and managing structured data in list format used by some staff.
Workflow automation A platform to create automated workflows between applications and streamline repetitive tasks. This is used in ACFD to automate tracking.

* Scheduled for decommissioning by August 2027 as part of the CNSC’s digital transformation strategy.
This is not officially supported by IMTD.
Scheduled for decommissioning by February 2027 as part of the CNSC’s digital transformation strategy.

Appendix E: Acronyms

Term Meaning
ACFD Accelerators and Class II Facilities Division
ACR Annual compliance report
ASN Autorité de sûreté nucléaire (France’s Nuclear Safety Authority)
CFIA Canadian Food Inspection Agency
CPD Corporate Planning Division
DG Director General
DNCFR Directorate of Nuclear Cycle and Facilities Regulation
DNSR Directorate of Nuclear Substance Regulation
DPRR Directorate of Power Reactor Regulation
FANR Federal Authority for Nuclear Regulation
FTE full-time equivalent
GBA Plus Gender-Based Analysis Plus
HRD Human Resources Directorate
IAEA International Atomic Energy Agency
IAEED Internal Audit, Evaluation and Ethics Division
IM Information Management
IMTD Information Management and Technology Directorate
IPRMC Integrated Planning and Resource Management Committee
IRRS Integrated Regulatory Review Service
LOUIS Licensing Operations User Integrated Systems
NRC Nuclear Regulatory Commission (United States)
NSCA Nuclear Safety and Control Act
NSRDLD Nuclear Substances and Radiation Devices Licensing Division
OID Operations Inspection Division
ONR Office for Nuclear Regulation (United Kingdom)
PIP Performance Information Profile
PWG Program Working Group
RIB Regulatory Information Bank
RICV Risk-informed Compliance Verification
ROB Regulatory Operations Branch
ROR Regulatory oversight report
SCA Safety and control area
SPD Strategic Planning Directorate
TSB Technical Support Branch

Page details

Date modified: