Minutes | Board Risk Committee (RC) Meeting
Published 27 February 2016
BRC Attendees: Rafael Lito Ibarra, Ram Mohan (Co-Chair), George Sadowsky, Mike Silber (Co-Chair), Jonne Soininen, Kuo-Wei Wu, and Suzanne Woolf
Other Board Member Attendees: Asha Hemrajani, Markus Kummer, and Erika Mann
ICANN Executives and Staff Attendees: Susanna Bennett (Chief Operating Officer), Megan Bishop (Board Operations Coordinator), Michelle Bright (Board Operations Content Manager), Xavier Calvez (Chief Financial Officer), Vinciane Koenigsfeld (Board Operations Content Manager), Ashwin Rangan (Chief Innovation and Information Officer), Amy Stathos (Deputy General Counsel), and Nicholas Tomasso (Vice President, Meetings)
The following is a summary of discussions, actions taken, and actions identified:
BRC Workplan – Staff explained that the BRC Workplan for the 2016 calendar year will be redesigned and updated based upon BRC feedback on the roadmap of the Enterprise Risk Management (ERM) strategy implementation, milestones, and deliverables. The Workplan will also include quarterly reviews of ICANN's cyber security efforts as well as risk assessment.
- Staff to develop an interim BRC Workplan for the next several meetings and circulate it to the BRC.
- Staff to develop a draft 2016 Workplan and circulate it to the BRC after the ERM strategy roadmap is completed (see below).
ICANN55 Security Update – Staff provided an overview of the security considerations and analysis prepared for ICANN Public Meetings including risk assessment, security planning, communications, staff preparedness, incident response, evacuation, medical support, and insurance protection. The goal is to ensure that ICANN has sufficient security coverage for all the delegates who are attending ICANN meetings. Some additional security measures will be implemented on a going forward basis for all ICANN meetings. Staff provided an overview of these security measures to the SO/AC leaders, posted a security blog on the ICANN website, and posted security tips on the ICANN meetings webpage.
- Staff to prepare a meeting security framework that addresses a broader scope of security preparation and measures to be undertaken for all ICANN Public Meetings.
- ERM Strategy Roadmap – Staff provided background information regarding ICANN's ERM, explaining that ICANN conducted an assessment of its ERM function, with the assistance of an external firm, and produced an evaluation of the effectiveness of the ERM framework and methodology. Subsequently, there was a Risk Workshop in September 2015 to help fine-tune the ERM strategy that should be adopted going forward. Staff provided an overview of that strategy and roadmap, as well as the current status and target positions for each of the seven types of risk management activities. Staff further explained that, during the Risk Workshop, the BRC had defined a conceptual horizon of three years to achieve the target positions. The BRC discussed the categories of risk management activities, the appropriate target positions, the proposed timeline and objectives to reach each target position, as well as the key success factors used to measure progress.