Governance, Ethics & Compliance: Enterprise Risk Management
Our approach to Enterprise Risk Management is based on the widely recognized corporate ERM framework issued in 2004 by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). We oversee our exposure to risk at every level of the company, from The Board of Directors and Senior Management, to Line of Business Heads, Support Heads and Risk Owners. Protecting the company from undue risk is a responsibility shared by every employee. The Company’s management is responsible for managing risk, which it does through a committee of senior managers who lead the Company’s enterprise risk management program. The Board has delegated to its Audit and Finance Committee primary responsibility for overseeing that program, which each year the full Board of Directors reviews.
Quest Diagnostics’ ERM framework assures:
- Education and Awareness - Business leaders and their teams are well aware of all key risks and the effectiveness of risk mitigation.
- Risk Measurement - Risks are measured for their relative impact to the Company or line of business. This measurement considers both the degree of severity and the potential of the risk occurring.
- Risk Response - The management of each risk assures that an appropriate risk response (i.e., risk mitigation) is implemented.
- Improve Mitigations - Management actively improves levels of risk mitigation when necessary for higher impact risks.
ERM at Quest Diagnostics encompasses all material risks arising out of the business process. Risks can be caused by events that are internally generated, such as changes in process associated with a new product offering, or by events that are externally generated, such as natural disasters.