[ALAC] ICANN's risk management

Olivier MJ Crepin-Leblond ocl at gih.com
Sat Jan 24 23:44:37 UTC 2015

Dear Rinalia,

thank you for this pointer. I am still nervous about ICANN's tendency to
mix Risks to the DNS and Risks to ICANN. These are entirely different

As such, the first example of Risk Management sends to a reference which
provides an initial, but very incomplete example of DNS Risks:

The document then goes on to list an unordered list of Risks. That said,
I concede that any ordered list with mitigation should be kept
confidential and I therefore hope that the work will be undertaken
competently by risks assessment professionals. My confidence in this
process could be restored if the document which you point to at least
mentioned what methodology (NIST 800-30, ISO31000, CRAMM, other) ICANN
would use for its analysis and mitigation scenario building.

The document also appears to imply that the list of Risks quoted is
complete. I note only four risks relating to scaling and renewal of the
ICANN community. I have given them numbers for easy referral:

1. Policy development process is too slow or ineffective, participants
decrease or
stagnate, or failure to bring new stakeholders into the model.
2. Perception of failure to implement and help achieve a global
distributed IG ecosystem according to the widely accepted Net Mundial
3. Possibility that current supporting organization and advisory
committee (SO/AC)
structures cannot scale to include and support new global entrants and
4. Lack of improving trust in the multi-stakeholder model.

(4) is roughly a duplicate of (2). (1) and (3) also resemble each other.
None of them mention capacity building. The ALAC is on record, on
several occasions, explaining that bringing new stakeholders into the
model is one thing but bringing them up to date and making them
operationally active with the extremely complex topics addressed in
ICANN is another. I would recommend that this risk is also addressed. I
assert that this risk, along with the obvious knowledge/time imbalance
between people whose job is directly related to domain names, versus
people who volunteer to solely defend the public interest, is much more
significant than the broad search for new stakeholders.

Finally, I would suggest that the links in the document be checked: they
failed a direct click on all of my navigators and needed to be cleaned
up prior to pointing to the correct documents.

Kindest regards,


On 24/01/2015 13:33, Rinalia Abdul Rahim wrote:
> Dear ALAC,
> FYI:
> Board Risk Committee shared a document on ICANN's risk management with CCWG
> on Accountability.
> Publicly available at:
> https://www.icann.org/en/system/files/files/summary-risk-management-process-23jan15-en.pdf
> Best regards,
> Rinalia
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)

Olivier MJ Crépin-Leblond, PhD

More information about the ALAC mailing list