Minutes | Board Risk Committee (BRC) Meeting 13 April 2021

BRC Attendees: Harald Alverstrand, Rafael Lito Ibarra (Chair), Merike Käo, Akinori Maemura, Kaveh Ranjbar, Nigel Roberts, and Matthew Shears

Other Board Member Attendees: Avri Doria and Danko Jevtović

ICANN Organization Attendees: Xavier Calvez (SVP, Planning and Chief Financial Officer), Franco Carrasco (Board Operations Specialist), James Caulfield (Vice President, Risk Management), David Conrad (SVP, Chief Technical Officer), Vinciane Koenigsfeld (Senior Director, Board Operations), Elizabeth Le (Associate General Counsel), Wendy Profit (Board Operations Specialist), and Amy Stathos (Deputy General Counsel)

The following is a summary of discussions, actions taken and actions identified:

  1. Organization Risk Register Update – The Committee discussed the updates to the Organization Risk Register and reviewed the controls and mitigation in place for the updated risks.
  2. Update to Risk Management Target Model – The BRC reviewed the status of the risk management target model (Model) and considered whether the Model should be updated to reflect developments since it was established. The Model was developed in 2014-2015 by ICANN org, the BRC, and external consultants, and agreed by the Board. The org's then Risk Management program was benchmarked to the Model and the gaps identified. Over the past few years, the org has worked to close those gaps. With only minor gaps remaining, and in some cases the org exceeded the target or various elements of Model, ICANN org proposes to review the Model and determine whether the target level of maturity of the various elements should be updated to reflect developments since the Model was established. The Committee discussed two actions that ICANN org intends to take during the next quarter. One action is a communications plan which includes publishing an overview paper on the org's Risk Management Framework and presenting the Risk Management Framework as part of a Finance and/or Planning session at an ICANN Public meeting. The other proposed action is to further enhance the assurance process to test and validate risk control and mitigating activities, starting in July 2021. For existing controls, a formal discussion between the risk owners and the Risk Management function will be held for each risk annually to have a thorough understanding of the controls in place and their effectiveness.
  3. BRC Report to the Board - The Committee reviewed a draft of the BRC Report to the Board, which is presented twice a year.
  4. AOB – ICANN org provided the BRC with an update on the proposed revisions to the Committee charter. Following the last BRC meeting, there were some additional revisions exchanged online, which were unanimously approved by the Committee members. The updated proposed changes to the BRC charter will be submitted to the Board Governance Committee for consideration and recommendation to the Board for approval.

The Chair then called the meeting to a close.

Published on 17 May 2021