A key role of any Board is to set the risk appetite for their organisation. As outlined within ISO 31000 Risk Management, effective governance includes determining organisational risks against criteria for likelihood and consequences. From there it must be decided which risks need to be treated within an appropriate time-frame.
From a security risk approach the key to risk minimisation is suitable funding, resourcing and commitment. If your Board is not currently focused on risk management, then this needs to be embedded within the culture of the Board. This can be done through a workshop or similar to ensure the Board is suitably informed and skilled. In turn this approach will make certain risk management is an essential element of organisational activity at all levels.
From an organisational perspective the Board also needs to understand the importance of a current and effective crisis management strategy. Often this is through a business continuity and disaster recovery plan. At the Board level, a crisis management strategy is not a detailed document but needs to address three key issues:
- Who declares a crisis within the organisation;
- Who communicates a crisis; and
- Who rectifies crisis.
GPS has worked with organisations to develop effective strategies. We also conduct practical exercises to test plans whether a discussion, functional or field activity. Contact us for more information.