Minutes - Risk Committee (RC) Meeting | 27 January 2010

RC Attendees: Bruce Tonkin – Chair; Steve Crocker, and Rajasekhar Ramaraj

RC Apologies: Mike Silber, Suzanne Woolf

Other Board Member Board Attendee: Dennis Jennings

Staff Attendees: Doug Brent – Chief Operating Officer; Samantha Eisner, Patrick Jones, Greg Rattray, Michael Salazar, Diane Schroeder , and Amy Stathos

The following is a summary of discussions, actions taken and actions identified:

  1. Reviewed the proposed RC work plan for future meetings.
    • Actions:
      • Staff to produce a draft Enterprise Risk Management (“ERM”) Policy (or alternatively a framework for a draft ERM Policy) prior to the Nairobi meeting.
      • Staff to create risk strategy for the evaluation of meeting venues for ICANN’s international meetings.
  2. Staff provided an update on the current risk management activities within ICANN, including the drafting of a charter for a risk oversight management team, and the ongoing work on a formal risk management process, including efforts to build risk management activities into the FY11 budget, and mitigation planning.
    • Action:
      • Staff to revise ERM process and risk factors to address committee member comments, and provide to RC for feedback.
  3. Received project level risk management updates on the New gTLD program and business continuity efforts, with a discussion of risks identified within the program.
    • Actions:
      • Staff to revise the New gTLD risk assessment to reflect RC comments.
      • Staff to facilitate communications with the root server community on root scaling activities.
      • Staff to provide an update to the RC at the meeting in Nairobi.
      • Staff to include project level risk evaluation on DNSSEC and IDNs at next committee meetings.
      • Staff to make best efforts to prepare a brief paper on risks in New gTLD program for posting, in advance of Nairobi, if time permits.
      • Staff to include project level risk evaluation for Affirmation of Commitments review process into risk factors.
      • Staff to identify availability of objective standards for auditing risk management activities.