Minutes | Board Risk Committee (BRC) Meeting
BRC Attendees: Harald Alverstrand, Rafael Lito Ibarra (Chair), Merike Käo, Akinori Maemura, Kaveh Ranjbar, Nigel Roberts, and Matthew Shears
Other Board Member Attendees: Avri Doria, Manal Ismail, and Danko Jevtović
ICANN Organization Attendees: Xavier Calvez (SVP, Planning and Chief Financial Officer), Franco Carrasco (Board Operations Specialist), James Caulfield (Vice President, Risk Management), Elizabeth Le (Associate General Counsel), Ashwin Rangan (SVP, Engineering and Chief Information Officer), Lisa Saulino (Board Operations Specialist), and Amy Stathos (Deputy General Counsel)
The following is a summary of discussions, actions taken and actions identified:
- Annual Risk Register Update – The Committee received a briefing on the annual Risk Register refresh. The refresh asks the org functions to update thoroughly the risks related to their functions as well as consider any additional risks to be added to the risk register. The Committee discussed the results of the refresh and the updates to the Organization Risk Register resulting from the refresh. The Committee also reviewed the controls and mitigation in place for the updated risks.
- Organization Risk Register Update – Top Risks – The Committee reviewed and discussed the top risks on the Risk Register, noting that there are no changes to the top risks and some updates to controls. The Committee also reviewed the overall risk register in addition to the top risks. The Committee agreed that a column should be added to the Register that tracks whether the risks are identified in the ICANN Strategic Plan.
- Risk Management Communications Update – The Committee noted that the Risk Management Overview document has been reviewed by the Committee, Legal and Comms. The plan is to provide a public webinar to go over the document during the ICANN Annual General Meeting (ICANN 72) prep week. The document will be published on the ICANN website two weeks before the webinar.
- Risk Controls Assurance Update – The Committee received an update on risk controls assurance. The org's risk management function has been having assurance meetings with each of the org functions. The purpose of the meetings is to go over the function's risks and the associated controls, and to discuss the effectiveness of the controls.
The Chair then called the meeting to a close.
Published on 01 October 2021