Risk Workshops and Governance
But how does this help with the CAF? Firstly, any good risk assessment sets up the context, involving the stakeholders and those who need to be informed of the outcome. This allows one to identify the governance (CAF A1) structure required and name responsible individuals and risk owners. To help with the context it is always best to include some user input. With the stakeholders, users and risk owners attending an on-site or virtual workshop, lessons learnt, incidents from the past, real fears and worries can be put in the melting-pot and risks can be prioritised. This covers the last part of the CAF, D2. The outcomes between A2 and D2 involve controls. Choosing, selecting and investing in controls will follow analysis of lessons learnt in the risk assessment. The risk workshop can give a sense of priority, which are the real concerns can be targeted and equally one can identify the ‘low hanging fruit’, those quick wins, low cost achievements that will show progress and drive momentum. It also provides a view of the opportunity risk – the business opportunities to be exploited, why some actions are followed and some are not, which risks can…
