Skip to main content

Enterprise risk management

We maintain an Enterprise Risk Management (ERM) program, overseen by our Board of Directors and driven by our Executive Leadership that is designed to promote a culture of risk awareness throughout the company’s business, operations, and support functions.  Our program, which is integrated with the Company’s governance, performance management and internal control frameworks, entails a formal continuous process that identifies, assesses, mitigates, and manages the risks from both internal and external conditions that could significantly impact the Company and influence its business strategy and performance, including environmental, social and governance (ESG) issues.  

The program is designed based on the most recent framework issued by the Committee of Sponsoring Organizations of the Treadway Commission, and we benchmark it against best practices, focusing on the following risk types: 

  • Operational risk - risks arising from systems, processes, people, and external events that affect the Company’s operational objectives or fundamental reason for its existence, including product life cycle and execution; service quality and performance; information management and data protection and security, including cybersecurity; supply chain and business disruption; and other risks, including human capital, reputation and environmental. 
  • Financial risk - risks arising from the Company’s ability to meet its financial obligations pursuant to its strategic and operational objectives, including exposure to broad market and more specific industry risk that could impact liquidity, interest rate, credit, pricing, and reimbursement, and also to internal and external financial reporting. 
  • Legal and compliance risk - risks arising from the regulatory and enforcement environment, legal proceedings and adherence to ethics and compliance policies and procedures. 
  • Strategic risk - risks that will impede the Company’s plan to achieve its mission and vision and apply its core values, including changes in the broad market and Company's industry, business development and restructuring activities, competitive threats and practices, technology and product innovation, and public policy. 

As part of our program, we routinely assess our enterprise level risks, emerging risks, overall, Company-level risk tolerance and the effectiveness of risk management, including monitoring the progress of and resources applied to risk mitigation.

Governance, ethics, & compliance