1.3 Deep dives
Some companies perform a ‘deep dive’ into selected risks. A deep dive is an opportunity for the attendees to understand the risk in more detail, to get a more in-depth view of the causes and consequence, and to add their perspective, providing an opportunity to highlight any areas that may have been missed and test the thinking and assumptions. It can be a good way to avoid blind spots.
The risk(s) chosen do not need to be highlighted by the exception report (i.e. the risk has failing controls or overdue mitigation actions). Instead a deep dive is an opportunity for the panel to review treatment activities (actions and controls) and make sure that they are confident the risk is being appropriately managed. It is also a good opportunity to reinforce the tone from the top that risk management is important and valued.
Some companies focus their deep dives into areas with a known problem or where incidents have occurred. These deep dives primarily focus on helping the area to improve.
Take a look at seven key questions to ask in a deep dive [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] .