Ce contenu est uniquement disponible en

  • English

Minutes – Board Risk Committee (BRC) Meeting 5 November 2015

Published 5 March 2016

BRC Attendees: Rafael Lito Ibarra, Ram Mohan – Co-Chair, Mike Silber – Co-Chair, George Sadowsky, and Kuo-Wei Wu

BRC Member Apologies: Jonne Soininen and Suzanne Woolf

ICANN Executives and Staff Attendees: Susanna Bennett (Chief Operating Officer), Megan Bishop (Board Operations Coordinator), Xavier Calvez (Chief Financial Officer), and Amy Stathos (Deputy General Counsel)


The following is a summary of discussions, actions taken, and actions identified:

  1. BRC Work Plan – Staff provided an overview of the updated BRC Work Plan for December 2014 through October 2015, which includes oversight of risk management and operational risks.

    • Action:

      • Staff to develop a 2016 Work Plan and circulate it to the BRC after the feasibility and time/resource assessment is completed (see below).

  2. Risk Workshop – Staff provided background information regarding the topics discussed in the September 2014 Risk Workshop, current status, and next steps. ICANN staff, in coordination with outside consultants, created a model to identify and assess the maturity of the function of seven types of risk management activities. During the course of the Risk Workshop, the participants provided a recommendation as to what the target position should be for each of the seven activities. The BRC reviewed these target positions and discussed the proposed three-year time frame (from the date of the Risk Workshop). The next steps include validation of the target positions, understanding any interdependencies between the activities, and assessment of the time and resource requirements.

    • Action:

      • Staff to send enterprise risk methodology materials to new BRC members.

      • Staff to conduct a feasibility analysis of the target positions (with input from outside consultants), including a first assessment of the time and resource requirements.

  3. Risk Rating Methodology – Staff explained that, over the past two years, ICANN has developed a process to identify risks and update the assessment of those risks on a quarterly basis, though no quantified rating has been performed. The risk rating methodology presented is a systematic approach to rating the risks, which takes into account the prioritization level, the severity, and the likelihood of those risks, along with the effectiveness of the mitigating activities that have been put into place. The resulting rating is directional in nature and helps define the urgency of the risks. This methodology will be applied to ICANN's existing list of risks (which is comprised of approximately 30 identified risks).

    • Action:

      • Staff to apply the risk rating methodology to the list of risks and provide those results to the BRC for review and comment.

  4. IT Update – Staff confirmed that members received the last IT update sent on 28 September 2015 and asked if there were any questions regarding the information contained in the update, which included an IT-specific scope of review of risks and mitigating activities.

    • Action:

      • Staff to send 28 September 2015 IT update to new BRC members.

  5. Approval of Minutes – Staff provided an update on the status of the approval of minutes from the 19 June 2015 BRC meeting, explaining that a preliminary report was circulated to the BRC and certain members provided feedback. The BRC asked staff to circulate a revised draft to the BRC for review and approval as minutes.

    • Action:

      • Staff to revise the preliminary report from the 19 June 2015 BRC meeting and circulate to the BRC members for review and approval.