Minutes - Risk Committee Meeting
10 September 2009
Committee Attendees: Bruce Tonkin – Chair, Steve Crocker, Steve Goldstein, Ray Plzak, and Rajasekhar Ramaraj
Apologies: Wendy Seltzer
Other Board attendees: Peter Dengate Thrush and Suzanne Woolf
Staff members present: Doug Brent, Samantha Eisner, Dan Halloran, Greg Rattray, Theresa Swinehart, and Kevin Wilson
Invited attendee: Jim Negus, KPMG
The following is a summary of discussions, actions taken and actions identified:
- Received update on and discussed ongoing efforts to formalize a successful risk management process within the organization and the risk identification process, including:
- Staff engaged KPMG to assist staff to create an enterprise risk assessment;
- ICANN established a common risk framework and nomenclature to guide future risk assessments;
- Risks were divided into five primary categories with a total of 26 risks assessed. The risk categories were: credit, legal, market/pricing, strategic, and reputation;
- Each risk was assessed via graph, with the Y axis representing severity to ICANN if the risk occurs (minor, moderate, major, severe, catastrophic) and X Axis representing the likelihood of the risk occurring (highly unlikely, unlikely, likely, probably, nearly certain). A risk score for each risk was then determined for each risk as a combination of severity and likelihood.
The Risk Committee gave some feedback on the risk categories and also terminology to ensure an understanding of the impact of a risk is clear from its description.
- Actions:
- Staff to continue to refine work.
- Staff to provide draft charter for proposed institution of a management committee overseeing enterprise risk management processes.
- Staff to draft proposed enterprise risk management policy for organization.
- For Seoul, Staff to present Risk Committee with remediation recommendations for 12-month forecast items and proposals for threshold setting, and with risk assessments for a three-year timeframe to align with strategic plan periods.