15 June 2015 Strategic Risk Committee Minutes
15 June 2015 – 2.00pm
Present: Julie Hammer (Chair), Adam King, Chris Disspain, Graham McDonald, George Pongas, Jo Lim, Simon Johnson, Kartic Srinivasan, Jacki O’Sullivan (Minutes)
1. Continuous Disclosure
There were no matters to be disclosed.
2. Previous Minutes
The Committee noted the previously approved and published 20 April 2015 minutes.
3. Review of Outstanding Action Items:
- Own Cloud: The proposed OwnCloud file structure has been sent to Committee members. The Chair asked all to review the structure and provide feedback on the email list. In relation to framework & guidelines for Board requirements, the Chair suggested, and the Committee agreed, all material should be available to all Board members (current and past) and staff members, unless a decision had been made to keep material confidential. Once the structure and requirements are finalised, a proposal will be sent to the Board for approval. Action C/F.
- Handover Brief, Disaster Recovery and Threat Matrix documents: AK advised the final Disaster Recovery document had now been put into Own Cloud and the Chair asked relevant Committee members to review the document and provide feedback. Action C/F.
- Crisis Communications Plan: AK advised the Crisis Communications plan will be finalised and put into Own Cloud in the next two days and the Chair asked relevant Committee members to review the document and provide feedback. Action C/F.
4. Risk Log Review:
- The Risk Log has now been split into Operational and Strategic Risk Logs and circulated to the Committee for review.
- It was suggested and agreed that any items in the Operational Risk Log that are rated Catastrophic/Critical should be included in the Strategic Risk log along with all Strategic Risks for Board review. The remainder of Operational risks should be reviewed/monitored by the CEO and staff.
- It was suggested and agreed that Operational Risks would be monitored and brought to Committee/Board attention on an incident basis (including retrospectively).
- As part of the review of both the Operational and Strategic Risk Logs, it was agreed CD/JL/AK would now review/complete/adjust probabilities on the 'Impact After Action' columns on incidents that had already occurred. This will be circulated for reassessment at the 17 August 2015 meeting.
- auDA is in the process of implementing OwnCloud to distribute all Committee/Board papers. This process will be tested on the Risk Committee first and extended to the whole Board in due course.
- AK gave Committee members training on the login and use of OwnCloud. Committee members were asked to login and test OwnCloud prior to the next Committee meeting on 17 August when papers will be distributed via OwnCloud for testing.
6. Next meeting
The next meeting will be held on 17 August 2015 at 2.00pm.