Board Activities and Meetings
Minutes | Meeting of the Risk Committee of the Board (BRC) | 22 February 2023
BRC Attendees: Harald Alvestrand (Chair), Chris Chapman, James Galvin, Wes Hardaker, Christian Kaufmann, Patricio Poblete, and Matthew Shears
Other Board Member Attendees: Manal Ismail and Katrina Sataki
ICANN Organization Attendees: Xavier Calvez (SVP, Planning and Chief Financial Officer), Franco Carrasco (Board Operations Specialist), James Caulfield (Vice President, Risk Management), Matt Larson (VP, Research), Elizabeth Le (Associate General Counsel), and Amy Stathos (Deputy General Counsel)
The following is a summary of discussions, actions taken, and actions identified:
- Introduction and Opening Remarks – The Chair opened the meeting and introduced the agenda.
- Review of Committee Charter – The Committee conducted its annual review of the Committee Charter and agreed that no changes to the Charter are required.
Review of Workplan – The Committee reviewed its Workplan for the year. The Committee discussed refining the frequency of the Committee's Risk Report to the full Board, which is currently scheduled to be completed semi-annually. The Committee agreed that material changes to top risks should be reported to the full Board immediately and requested ICANN organization to update the Workplan to reflect that the BRC Risk Report to the full Board will be provided semi-annually, or as deemed necessary.
- Action – ICANN org to update Workplan to reflect the Committee's discussion.
- Risk Committee Chair Alternate – The Committee discussed what happens if the Chair is unavailable for a Committee meeting. Following the discussion, it was decided that committee member Matthew Shears will fill in for the Chair at a Risk Committee meeting in event that the Chair is unavailable.
- Risk Controls Assessment – The Committee received a briefing on the Risk Controls Assessment. The Risk Management Target Model specifies the maturity for risk controls assurance that is provided by this assessment of control effectiveness for risks in the Risk Register. Every risk in the Risk Register was reviewed with its respective executive owner and all material controls in the existing controls sections of the Risk Register were deemed to be effective in reducing the residual risk of the respective risk item. The Risk Controls Assessment was reviewed by the org's CEO Risk Management Committee and approved by the former President and CEO.
- Org Risk Register Update – The Committee discussed the most recent updates to the Risk Register and reviewed the controls and mitigation measures in place for the updated risks. The updates are a result of a periodic validation of the Risk Register and the Risk Controls Assessment process. The Risk Register was reviewed by the org's CEO Risk Management Committee and approved by the Interim President and CEO. The Committee also discussed how risks are described in the org Risk Register and the distinction between a risk event and the consequences of that event.