• Documents
•  

Committee Attendees: Bruce Tonkin – Chair, Steve Crocker, Steve Goldstein, Ray Plzak, and Rajasekhar Ramaraj

Apologies: Wendy Seltzer

Other Board attendees: Peter Dengate Thrush and Suzanne Woolf

Staff members present: Doug Brent, Samantha Eisner, Dan Halloran, Greg Rattray, Theresa Swinehart, and Kevin Wilson

Invited attendee: Jim Negus, KPMG

The following is a summary of discussions, actions taken and actions identified:

• Received update on and discussed ongoing efforts to formalize a successful risk management process within the organization and the risk identification process, including:
  • Staff engaged KPMG to assist staff to create an enterprise risk assessment;
  • ICANN established a common risk framework and nomenclature to guide future risk assessments;
  • Risks were divided into five primary categories with a total of 26 risks assessed. The risk categories were: credit, legal, market/pricing, strategic, and reputation;
  • Each risk was assessed via graph, with the Y axis representing severity to ICANN if the risk occurs (minor, moderate, major, severe, catastrophic) and X Axis representing the likelihood of the risk occurring (highly unlikely, unlikely, likely, probably, nearly certain).  A risk score for each risk was then determined for each risk as a combination of severity and likelihood.

The Risk Committee gave some feedback on the risk categories and also terminology to ensure an understanding of the impact of a risk is clear from its description.

• Actions:
• Staff to continue to refine work.
• Staff to provide draft charter for proposed institution of a management committee overseeing enterprise risk management processes.
• Staff to draft proposed enterprise risk management policy for organization.
• For Seoul, Staff to present Risk Committee with remediation recommendations for 12-month forecast items and proposals for threshold setting, and with risk assessments for a three-year timeframe to align with strategic plan periods.