The Company’s risk management function is designed to be structurally independent of its business lines, and governed in accordance with its Enterprise Risk Management (ERM) program. The program is actively overseen by the Company’s board of directors, managerially driven by its executive leadership and designed to promote a culture of risk awareness throughout the Company’s key business, operations, and support functions. It is integrated with the Company’s governance, performance management and internal control frameworks, and entails a formal continuous process that identifies, assesses, mitigates, and manages enterprise level risks from both internal and external conditions that could significantly impact the Company and influence its business strategy and performance, including environmental, social and governance (ESG) issues.
The ERM Program, directed by an ERM Program Team that is co-led by the Company’s CFO and General Counsel is designed based on the most recent framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), and is regularly benchmarked against best practices. The board of directors through its committees is routinely updated by executive management to ensure that they are kept abreast of the effectiveness of the program and that the Company’s key enterprise level risks are being effectively managed. Updates provided to the board of directors are supplemented by related training and presentations from guest experts on topics that are relevant to overall risk management.
The program is arranged to focus on the following risk types:
· Operational risk - risks arising from systems, processes, people, and external events that affect the Company’s operational objectives or fundamental reason for its existence, including product life cycle and execution; service quality and performance; information management and data protection and security, including cybersecurity; supply chain and business disruption; and other risks, including human capital, reputation and environmental.
· Financial risk - risks arising from the Company’s ability to meet its financial obligations pursuant to its strategic and operational objectives, including exposure to broad market and more specific industry risk that could impact liquidity, interest rate, credit, pricing, and reimbursement, and also to internal and external financial reporting.
· Legal and compliance risk - risks arising from the regulatory and enforcement environment, legal proceedings and adherence to ethics and compliance policies and procedures.
· Strategic risk - risks that will impede the Company’s plan to achieve its mission and vision and apply its core values, including changes in the broad market and Company's industry, business development and restructuring activities, competitive threats and practices, technology and product innovation, and public policy.
The Company’s primary risk factors are discussed in the Risk Factors section of its Annual Report on Form 10-K.