Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
no. dn-010 august 2010
Enhanced Disclosure in the Dow 30 and Select Financial Companies
The Role of the Board in Risk Oversightby Louis L. Goldberg and Mutya Fonte Harsch
The analysis of disclosure included in 2010 proxy statements by leading U.S. publiccompanies shows that, at the board level, two models of risk oversight are emerging:the committee model and the active board model. A slight majority of the surveyedcompanies delegates the primary responsibility for coordinating risk oversight to astanding committee of the board (typically, the audit committee or, in the case offinancial institutions, a dedicated risk committee). Even among organizations withthe committee model, most reported that their board exercises some degree of direct and active oversight for risks related to the company’s strategic direction andbusiness plan.
I n an attempt to address the perception that risk oversight
failures played prominently in recent business crises, the SEC
enacted Item 407(h) of Regulation S-K, which requires
companies to disclose in their proxies, “the extent of the board’s
role in the risk oversight of the registrant, such as how the board
administers its oversight function, and the effect that this has
on the board’s leadership structure.”1
This Director Notes is the first in a series of studies developed in
collaboration with Davis Polk & Wardwell LLP to provide
guidelines and examples to member companies of The
Conference Board on emerging practices following the SEC
enhanced disclosure reform of December 2009. It is based on the
analysis of 2010 proxy statements of the 30 companies in the
Dow Jones Industrial Average as well as those of five additional
select financial institutions (see “The Survey” on p. 3).
Director NotesThe 2010 Proxy Season
Although the disclosure varies widely—
reflecting the fact that companies are still
at the early stage of the rule implementa-
tion and that interpretive guidance from
the SEC remains somewhat limited—a
number of important observations can be
made. The results for financial companies
are presented separately, in recognition of
their particular approach to risk oversight
in light of differences in their business
model and regulatory regime. (See
Appendix 1 on p. 8 for a comparative table
reproducing the disclosure language used
by surveyed companies.)
Risk Oversight at the Board LevelAt the board level, two models of risk oversight seem to be
emerging: the “committee model” and the “active board
model,” with significant variations within each. In a handful
of cases, the disclosure is much less developed, making it
difficult to determine whether the board or a committee had
primary responsibility for risk oversight.
The committee model A slight majority of the non-financial
companies surveyed for this study delegates the primary
responsibility for coordinating risk oversight to the audit
committee (or, in one case, to the risk committee), even
though some of these companies have included in their prox-
ies a statement to the effect that the full board retained “ulti-
mate” responsibility in this area.
The duties of the relevant committee in this committee model
vary, but typically include:
1. the responsibility for reviewing the company’s risk over-sight framework (i.e. the policies and procedures withrespect to risk assessment and risk management); and
2. working with management to identify the company’s
major risk exposures and the steps taken to monitor and
address such risks. In most of these cases, the audit com-
mittee or risk committee regularly report their risk over-
sight findings to the full board.
Of the companies surveyed for this study, 52 percent of the
non-financials and 60 percent of the financials delegate the
primary responsibility for coordinating risk oversight to the
audit committee or a dedicated, stand-alone risk committee.
The survey also revealed that only one non-financial com-
pany and four of the five financial companies surveyed have
a stand-alone risk committee and charter.
The active board model In the active board model, boards
retain primary responsibility for coordinating risk oversight
functions, with individual board committees tasked to over-
see specific risks. Under this model, either the full board or
the audit committee reviews the company’s risk oversight
framework, and the board receives regular reports not only
from board committees but also directly from the chief risk
officer (CRO) and/or senior management regarding certain
major risks facing the company and the steps taken by man-
agement to manage and mitigate those risks.
Strategic risk oversight Regardless of whether the board
retains primary responsibility for risk oversight or delegates
it to the audit committee or risk committee, a large majority
of non-financial companies reported that their board exer-
cises some degree of direct and active oversight for risks
related to the company’s strategic direction and business
plans and for specifically identified risks.
2 director notes the role of the board in risk oversight www.conferenceboard.org
Risk Oversight Models – Non-financial companies
Chart 1
Committee modelActive board model
52%48
Risk Oversight Models – Financial companies
Chart 2
Committee modelActive board model
60%40
Seventy percent of all non-financial companies surveyed
included disclosure that the board retained direct oversight of
strategic business risks at the board level. None of the financial
companies surveyed included such disclosure.
Hybrid models in financial companies The risk oversight
structure of financial companies generally contains aspects of
both the committee model and the active board model. Three
of the five financial companies surveyed report delegating
primary risk oversight responsibility to the risk committee or
audit committee, whereas the other two have active boards
that retain primary responsibility for risk oversight and a
direct reporting line between the CRO and the CEO or the
board. All of the financials surveyed have a CRO. Only one
of the financials surveyed does not have a formal risk com-
mittee and charter.
Of the four financial companies with a stand-alone risk com-
mittee and charter, two do not seem to delegate primary
responsibility for the coordination of risk oversight to the
risk committee but rather retain primary risk oversight
responsibility with the full board.2
director notes the role of the board in risk oversight www.conferenceboard.org 3
Strategic Business Risk Oversight – Non-financial companies
Chart 3
Direct oversight by the full boardOther
70%30
The SurveyFindings discussed in this report are based on the analysis of 2010 proxy statements filed with the U.S. Securities and Exchange Commission by corporations in the Dow Jones Industrial Average, as well as those of select financial institutions. See Appendix 1 on p. 8 for a comparative table reproducing the disclosure language used by surveyed companies.
Dow 30 Companies
3M Company
Intel Corporation
Alcoa Inc.
International Business MachinesCorporation
American Express Company
Johnson & Johnson
AT&T Inc.
JPMorgan Chase & Co.
Bank of America Corporation
Kraft Foods, Inc.
The Boeing Company
McDonald’s Corporation
Caterpillar Inc.
Merck & Co., Inc
Chevron Corporation
Microsoft Corporationa
Cisco Systems, Inc.a
Pfizer Inc.
The Coca-Cola Company
The Procter & Gamble Companya
E.I. du Pont de Nemours andCompany
The Travelers Companies, Inc.
Exxon Mobil Corporation
United Technologies Corporationa
General Electric Company
Verizon Communications Inc.
Wal-Mart Stores, Inc.
Hewlett-Packard Companya
The Walt Disney Companya
The Home Depot, Inc.
Select Financial Institutions
Bank of America Corporationb
Citigroup Inc.
The Goldman Sachs Group, Inc.
JPMorgan Chase & Co.b
Morgan Stanley
a These companies (collectively the “Early Filers”) filed their proxy statement before the effective date of the new Regulation S-K rules. As a result, they are largely excluded from the Survey results except in instances where the company provided the new disclosures in full voluntarily or the information was available from another source, as noted.
b Bank of America and JPMorgan Chase are also in the Dow 30.
Risk Management at the Management LevelAlthough the SEC disclosure requirement focuses on the
board’s role in risk oversight, as opposed to risk management,many surveyed companies (as many as 43 percent in the non-
financial sector) also included disclosure of their approach to
risk management at the senior management level.
From this limited information, the following should be noted:
Efforts to integrate ERM Reflecting the prominence of risk
issues in today’s environment, more than two-thirds of the
non-financial companies surveyed included a discussion of
“enterprise” risk management in their disclosure. Of those
companies, more than half specifically disclosed the adoption
of a formal enterprise risk management (ERM) system (see
“Enterprise Risk Management Framework” below). Though
not discussed in detail, the ERM systems generally included
a process by which management identified, monitored, and
managed major risks. The remaining companies that decided
not to cover enterprise risks in the filings either did not dis-
cuss their risk management approach at all or included a gen-
4 director notes the role of the board in risk oversight www.conferenceboard.org
Enterprise Risk Management FrameworkIncreasingly, boards and management teams are embracing the concept of enterprise risk management (ERM) to connecttheir risk oversight responsibilities with the desire to create and protect shareholder value. The ERM process was first formalized by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in guidelines released in2004.a COSO’s framework has since been adopted by a number of companies as a means by which to effectively managerisks across complex business units.b
The COSO guidelines define ERM as a process (developedunder the oversight of the entity’s board of directors, management and other personnel) that:
1. applies across the entire enterprise including in thecreation of the entity’s business strategy.
2. identifies potential risk events that may affect the entity.
3. ensures that risks are managed within the risk appetiteof the entity.
4. provides reasonable means by which to measure theentity’s achievement of objectives.
To implement the ERM framework, COSO highlights the following four areas:
• Understand the entity’s risk philosophy and concur withthe entity’s risk appetite.
• Know the extent to which management has establishedeffective enterprise risk management of the organization.
• Review the entity’s portfolio of risk and consider itagainst the entity’s risk appetite.
• Be apprised of the most significant risks and whethermanagement is responding appropriately.
a Committee of the Sponsoring Organizations of the Treadway Commission (COSO), Enterprise Risk Management—Integrated Framework, September2004. For guidelines on the role of the board of directors in the process, also see COSO, Effective Enterprise Risk Oversight: The Role of the Board of Directors, August 2009.
b For a number of notable case studies of ERM application driven by board members, see Matteo Tonello, Emerging Governance Practices in EnterpriseRisk Management, The Conference Board, Working Group Report No. 1398, 2007.
Risk Management Disclosure – Non-financial companies
Chart 4
Disclosure of senior management role in risk managementNo disclosure on this issue
43%57
eral statement that it is the responsibility of senior manage-
ment to manage risk and bring the material risks to the atten-
tion of the board.
• Seventy percent of the non-financial companiessurveyed used the word “enterprise” in their riskoversight disclosure, and 63 percent of those companies have a formal ERM framework in place.
The rise of the chief risk officer Those surveyed, non-finan-
cial companies that have either adopted a formal ERM sys-
tem or discussed the management of “enterprise” risks in
their disclosure also typically report availing themselves of a
dedicated CRO or an existing officer (such as the VP of
internal audit and corporate compliance) who also fulfills the
same role. In most cases, the CRO (or equivalent) reports to
the risk committee or audit committee. In a few cases, that
person reports to the full board.
• Only three of the non-financial companies surveyed have a dedicated CRO, although six of the non-financialcompanies have existing officers who also fulfilled chiefrisk officer duties.
• One hundred percent of the financial companiessurveyed have a CRO.
Even though all of the financial companies surveyed pro-
vided detailed disclosure of the firm’s risk management
structure and programs, surprisingly, most of them did not
expressly mention “enterprise” risk in their discussion. The
financial companies that discussed enterprise risks did so in
the context of their ERM framework.
All of the financial companies surveyed have a dedicated
CRO with detailed enterprise-wide responsibilities: in three
cases the CRO reports to the risk committee or the audit
committee, while in the other two the CRO reports directly to
the board. This finding could indicate that even the compa-
nies that did not discuss “enterprise” risks in their disclosure
may have a formal ERM-type system in place, but use a dif-
ferent terminology to identify it and describe it.
Other ObservationsEven though the SEC rule suggests that companies address
“the effect that the board’s risk oversight role had on its lead-
ership structure,” only few surveyed companies actually
included such disclosure. This may indicate that most issuers
still have not identified any real linkage between the two
aspects. Companies that included such disclosure did so in
mostly conclusory terms.
Compensation risks are commonly discussed as among the
risks overseen by the compensation committee. However,
only a handful of companies addressed in the disclosure sec-
tion on “board oversight of risk” the separate SEC require-
ment in new Item 402(s) of Regulation S-K that companies
disclose compensation risks that are “reasonably likely to
have a material adverse effect on the registrant.” In the few
cases where this rule was expressly addressed, the companies
included an affirmative statement that no material adverse
effect was likely.
All but one company provided the required board oversight
of risk disclosure in a separately captioned section. The only
company that did not do so included the same information
within the description of the responsibilities of each of the
board’s committees.
Endnote1 SEC Release No. 33-9089; 34-61175 (“Proxy Disclosure Enhancements”),
December 16, 2009, available at www.sec.gov/rules/final/2009/33-9089.pdf. The rules apply to proxy and information statements, annualreports and registration statements under the Exchange Act, and registra-tion statements under the Securities Act as well as the InvestmentCompany Act. They do not apply to foreign private issuers. For an extensivediscussion of the practical implications of the reform, see William M. Kellyand Mutya Fonte Harsch, “Directors’ Duties Under the New SEC Rules onDisclosure Enhancement,” Director Notes No. DN-005, February 2010.
2 Under The Wall Street Reform and Consumer Protection Act of 2010 (alsoknown as the Dodd-Frank Act), the Federal Reserve is mandated to issuerules requiring bank holding companies with over $10 billion in assets toestablish a risk committee of the board of directors.
director notes the role of the board in risk oversight www.conferenceboard.org 5
6 director notes the role of the board in risk oversight www.conferenceboard.org
Sample Risk Committee Charter*
Neither the NYSE nor Nasdaq requires a risk committee of theboard of directors. Some companies, primarily financial institu-tions, have determined that having a separately designatedrisk committee is useful in helping to fulfill the board’s riskoversight role. Other companies, however, might conclude thatit is not necessary to have a separate risk committee and thatan existing committee, typically the audit committee, shouldrather play a primary role in risk oversight.
Subject to the specific regulatory requirement of the Dodd-Frank Act that certain bank holding companies institute a riskcommittee of the board, the risk committee charter should bestructured to best fit the needs of a particular company.
Presently, as a regulatory matter, risk committee membersneed not be independent.
In drafting a risk committee charter, attention should be paidto footnote “a” below for relevant NYSE/Nasdaq/SEC consid-erations, including possible corresponding changes to theaudit committee or compensation committee charters, or thecharters of other committees that may also share risk over-sight in particular areas.
[COMPANY NAME]
A [Delaware] Corporation
(the “Company”)
Risk Committee Chartera
Adopted _________, 20__
Purposeb
The Risk Committee is created by the Board of Directors of theCompany (the “Board”) to [assist the Board in its oversight ofthe Company’s risk management] OR [assist the Board in itsoversight of the Company’s risk management and risk assess-ment regarding credit risk, market risk, liquidity risk, invest-ment risk, interest rate risk and funding risk].
MembershipThe Risk Committee shall consist of at least [three] members.The [Board] [Nominating and Corporate GovernanceCommittee]c shall recommend nominees for appointment tothe Committee annually and as vacancies or newly createdpositions occur. Committee members shall be elected by theBoard and may be removed by the Board at any time. The[Nominating and Corporate Governance Committee shall rec-ommend to the Board, and the Board shall designate,][Boardshall designate]d the Chairman of the Committee.
Responsibilitiese
In addition to any other responsibilities, which may beassigned from time to time by the Board, the Risk Committeeis responsible for the following matters.
Risk Management Processes
Review and discuss with management the Company’s [riskmanagement and risk assessment processes][enterprise riskmanagement framework], including any policies and proce-dures for the identification, evaluation and mitigation of majorrisks of the Company.
Receive periodic reports from management [and the internalrisk management function][chief risk officer] as to efforts tomonitor, control and mitigate major risks.
* Prepared by Ning Chiu, a counsel in Davis Polk's corporate department whospecializes in corporate governance matters.
a NYSE Sections 303A.07(b)(iii)(D) requires the audit committee to discuss poli-cies with respect to risk assessment and risk management. According to thecommentary, the audit committee must discuss guidelines and policies to gov-ern the process by which the CEO and senior management assess and managethe listed company’s exposure to risk. The audit committee should discuss thelisted company’s major financial risk exposures and the steps management hastaken to monitor and control such exposures. The commentary indicates thatwhile the audit committee is not required to be the sole body responsible forrisk assessment and management, the committee must discuss guidelines andpolicies to govern the process by which risk assessment and management isundertaken. The commentary recognizes that many companies, particularlyfinancial companies, manage and assess their risk through mechanisms otherthan the audit committee. The commentary goes on to state that the processesthese companies have in place should be reviewed in a general manner by theaudit committee, but they need not be replaced by the audit committee.Nasdaq does not have any particular requirements related to board or commit-tee oversight of risk.
If this Risk Committee Charter is adopted, corresponding changes may need tobe made to the Audit Committee charter or the charter of any other committeethat is also responsible for specific elements of risk oversight, such as theCompensation Committee.
Item 407(h) of Regulation S-K requires disclosure of the extent of the board’srole in the risk oversight of the company, such as how the board administersits oversight function, and the effect that this has on the board’s leadershipstructure.
b Depends upon whether the Risk Committee is responsible for oversight of acompany’s general risk areas, or whether the Committee is responsible foroversight of specific risk areas.
c Depends upon how the Board chooses to assign this responsibility.
d Same as preceding footnote.
e Subject to the Dodd-Frank Act, with respect to certain bank-holding compa-nies, the Risk Committee’s responsibilities may be established by the Board. Inaddition, a regulated financial institution may wish to include specific responsi-bilities with respect to certain areas, such as risk tolerance or risk metrics.
director notes the role of the board in risk oversight www.conferenceboard.org 7
Review certain major categories of risk exposure of theCompany such as operational, market, credit, interest rate,liquidity, and reputational risks, against any benchmarks ormethodologies as appropriate.
[Evaluate senior management’s performance in complyingwith risk-related policies and procedures].
Risk Management Function
[At least annually,] the Risk Committee shall evaluate the per-formance, responsibilities, budget, and staffing of theCompany’s risk management function.f
[At least annually,] the Risk Committee shall evaluate the per-formance of the [Chief Risk Officer]g [senior officer or offi-cers] responsible for the risk management function of theCompany, and make recommendations to the Board andmanagement regarding the responsibilities, [compensation],retention or termination of such officer or officers.
CoordinationThe Chairman of the Risk Committee [shall coordinate withthe Chairman of the Audit Committee and the Chairman ofthe Compensation Committee as necessary] OR [shall coordi-nate with the Chairman of the Audit Committee with respectto the Audit Committee’s responsibilities as to risk assess-ment and risk management and the Chairman of theCompensation Committee as to the CompensationCommittee’s responsibilities with respect to the review andevaluation of risks in compensation arrangements].
Reporting to the BoardThe Risk Committee shall report to the Board periodically.This report shall include a review of risk oversight processes,any issues that arise with respect to management’s identifi-cation, review and mitigation of the Company’s risks, the per-formance of the risk management function, and any othermatters that the Risk Committee deems appropriate or isrequested to include by the Board.
At least annually, the Risk Committee shall evaluate its ownperformance and report to the Board on such evaluation.
The Risk Committee shall periodically review and assess theadequacy of this charter and recommend any proposedchanges to the [Nominating and Corporate GovernanceCommittee][Board].
Authority and DelegationsThe Risk Committee is authorized (without seeking Boardapproval) to retain special legal, accounting, or other advisorsand may request any officer or employee of the Company orthe Company’s outside counsel or independent auditor tomeet with any members of, or advisors to, the RiskCommittee.
The Risk Committee shall have available appropriate fundingfrom the Company as determined by the Risk Committee forpayment of:
• compensation to any advisers employed by the RiskCommittee; and
• ordinary administrative expenses of the Risk Committeethat are necessary or appropriate in carrying out itsduties.
The Risk Committee may delegate its authority to subcommit-tees or the Chairman of the Risk Committee when it deemsappropriate and in the best interests of the Company.
ProceduresThe Risk Committee shall meet as often as it determines isappropriate to carry out its responsibilities under this charter,but not less frequently than quarterly. The Chairman of theRisk Committee, in consultation with the other committeemembers, shall determine the frequency and length of com-mittee meetings and shall set meeting agendas consistentwith this charter.
Limitations Inherent in the Risk Committee’s RoleWhile the Risk Committee is responsible for reviewing theCompany’s oversight framework (i.e., policies and procedureswith respect to risk assessment and management), it is theresponsibility of the CEO and senior management to assessand manage the Company’s exposure to risk.
f If the company has a separate risk management function.
g If the company has a chief risk officer. Some companies may have a chief riskofficer reporting directly (or on a dotted-line basis) to the Risk Committee.
Sample Risk Committee Charter continued
8 director notes the role of the board in risk oversight www.conferenceboard.org
Ap
pen
dix
1
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
No.
Audit C
om
mitte
e h
as p
rim
ary
re
sponsib
ility
for
risk o
vers
ight.
Audit
Com
mitte
e r
equired t
o d
iscuss
polic
ies a
nd p
rocedure
s w
ith r
espect
to r
isk a
ssessm
ent
and r
isk
managem
ent,
the c
om
pany’s
majo
r risk e
xposure
s a
nd t
he s
teps t
o
addre
ss the r
isk.
Com
pensation C
om
mitte
e is
responsib
le for
risks a
ssocia
ted w
ith
com
pensation p
ractices, in
clu
din
g a
n
annual re
vie
w o
f th
e c
om
pany’s
ris
k
assessm
ent
of
its c
om
pensation a
nd
polic
ies for
its e
mplo
yees.
Fin
ance C
om
mitte
e r
evie
ws r
isks
associa
ted w
ith t
he c
om
pany’s
capital
str
uctu
re,
cre
dit r
atings a
nd its
cost
of
capital, long-t
erm
benefit
oblig
ations
and its
use o
f or
investm
ent
in
financia
l pro
ducts
, in
clu
din
g
derivatives u
sed t
o m
anage r
isk
rela
ted t
o fore
ign c
urr
encie
s,
com
moditie
s a
nd inte
rest
rate
s.
Nom
inating a
nd G
overn
ance
Com
mitte
e r
evie
ws r
isks a
ssocia
ted
with t
he o
vera
ll govern
ance a
nd
successio
n p
lannin
g p
rocess to
ensure
that
the c
om
pany h
as a
sla
te
of
futu
re,
qualif
ied c
andid
ate
s for
key
managem
ent.
Board
receiv
es m
inute
s a
nd
sum
maries o
f m
atters
dis
cussed in e
ach o
f th
e
com
mitte
es t
hat
overs
ee r
isk.
The C
EO
brings k
ey b
usin
ess
issues a
nd r
isks to the b
oard
’s
att
ention.
Board
may r
eceiv
e r
eport
s
from
executives r
esponsib
le
for
managin
g a
part
icula
r risk
on h
ow
the r
isk is b
ein
g
managed a
nd m
itig
ate
d.
Not
dis
cussed.
N
o.
The V
P a
nd
Genera
l A
uditor
is
responsib
le for
leadin
g t
he form
al
risk a
ssessm
ent
and m
anagem
ent
pro
cess.
Report
s to A
udit
Com
mitte
e.
The V
P a
nd G
enera
l A
uditor,
thro
ugh
consultation w
ith t
he
com
pany's
senio
r m
anagem
ent,
periodic
ally
assesses
the m
ajo
r risks f
acin
g
the c
om
pany a
nd w
ork
s
with t
hose e
xecutives
responsib
le for
managin
g e
ach s
pecific
risk.
The V
P a
nd G
enera
l A
uditor
periodic
ally
re
vie
ws w
ith t
he A
udit
Com
mitte
e the m
ajo
r risks facin
g t
he
com
pany a
nd the s
teps
managem
ent
has taken
to m
onitor
and m
itig
ate
th
ose r
isks.
The e
xecutive
responsib
le for
managin
g a
part
icula
r risk m
ay a
lso r
eport
to
the f
ull
board
on h
ow
th
e r
isk is b
ein
g
managed a
nd
mitig
ate
d.
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es –
C
om
pensation
Com
mitte
e.”
No.
Audit C
om
mitte
e o
vers
ees r
isk
pert
ain
ing t
o (
1)
ente
rprise-w
ide r
isk
managem
ent,
whic
h f
ocuses p
rim
arily
on t
he r
ela
tionship
betw
een t
he
com
modity p
ricin
g o
f alu
min
um
on
the L
ondon M
eta
l E
xchange a
nd
majo
r cost in
puts
, in
clu
din
g fore
ign
exchange r
ate
s a
nd e
nerg
y a
nd (
2)
treasury
ris
ks (
insura
nce,
cre
dit a
nd
debt)
, financia
l and a
ccounting,
legal
and c
om
plia
nce r
isks, in
form
ation
technolo
gy s
ecurity
ris
ks a
nd o
ther
risk m
anagem
ent fu
nctions.
Public
Issues C
om
mitte
e c
onsid
ers
Board
consid
ers
str
ate
gic
risks a
nd o
pport
unitie
s a
nd
regula
rly r
eceiv
es d
eta
iled
report
s f
rom
the c
om
mitte
es
regard
ing r
isk o
vers
ight
in
their a
reas o
f re
sponsib
ility
. B
oard
overs
ees p
rocesses
esta
blis
hed to r
eport
and
monitor
syste
ms for
mate
rial
risks a
pplic
able
to t
he
com
pany.
Yes. S
ee “
Ris
ks
dele
gate
d t
o c
om
mitte
es
– A
udit C
om
mitte
e.”
None s
pecifie
d.
It is m
anagem
ent’s
responsib
ility
to
manage r
isk a
nd b
ring
to t
he b
oard
’s a
ttention
the m
ost m
ate
rial risks
to t
he c
om
pany.
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es –
C
om
pensation
and B
enefits
C
om
mitte
e.”
S
tate
ment
that
com
pany
dete
rmin
ed t
hat
it
is n
ot
reasonably
lik
ely
that
com
pensation
and b
enefit
pla
ns
1x
di
np
pe
A
al
ci
na
nif-n
on(
yn
ap
mo
C
)n
oitutit
sni
Fo
Chm
oC
R (Y
la
mo
r
?retr
ha
/te
et
mm
ik
siR
)N
Y /
om
c o
ff e
mn
au
de
ln
ci(
cot
de
at
gel
ed
ks
siR
of
on
ip
tri
cs
de
htti
Ct
di
AN
nd
ae
ettim
ms
eetti
mm
co
)s
ks
rid
eew
iv
erks
siR
tc
uo
thiw
le
ev
l
id
Bi
dar
ob
eh
tta
ttee
im
mco
?d
se
scu
sid
nt
em
ge
na
am
re
isrrp
etn
“e
Is
If?
wo
hs,
ye
ddi
tN
dt
i
?”t
kisr ?
fC
hie
are
he
tsI
he
r s
o h
es
do
em
ow
hot
s,
ye
ff Ir?
eicffff
Ok
isR
?tp
orrt
erA o
f hT
dP
hV
TN
on
ita
oc
ll a
oh
tc
oa
pp
rn
te
mg
en
aa
mot
ks
riff
np
eC
om
su
sc
sd
iar
ne
ge
uln
ci
kisr
hs,
ye
ffI
SY
ld
GP
Vh
on
ita
ns
on
?i
sk
sri
la
nd
iu
de
?w
oh
ki
R“
pm
oc
stioff
ent
ms
se
sas
ohe c
toff
ew
iev
rannual
se
citc
aon p
rit
apens
mo
cs
as
sk
siror
ef
bl
ipons
es
rtti
mm
oC
on
iat
spen
om
C
.k
sirhe
ts
es
addr
he
and t
es
ur
pos
ex
ksir
pm
oc
he
t,t
en
manage
mand
ent
ms
es
sas
kksi
or
tes
edur
co
and p
rs
eici
pol
dot
ed
requi
ee
rtti
mom
Cov
kksir
orr
fytil
bi
ipons
es
r p
rhas
ee
ttim
mo
Ct
udi
A.
No
i m
and
anaged
msi
ksi
he
rt
on
how
png a
anagi
mor
f r
es
viut
ec
ex
morf
vie
ec
ray
md
oar
B
.on
ient
tat
ts
ksir
and
ues
ssi
ngs
ibr
OE
he
CT
ohat
tees
ttm
mi
oc
eac
ned
is
su
cs
di
am
of
es
ira
mum
sm
es
vei
ec
d r
oar
B
nd
aon
iat
spen
ksir
s’y
na
pm
ng a
n
iud
lnc
i,
shti
ed
wat
ioc
sis
ee
t
o t
eps
ts
ro
aj
ms’
panyk
sirt
ec
ps
eh r
tiw
ss
su
csi
dt
udi
A.
ght
isr
ev
yra
mir
.ed
ss
uc
s d
iot
N
.ed
gat
itng
bei
sk
sirarr
ul
citpar
e
bl
ipons
es
rst
eporrt
er
v
sd’
boar
he
ot
ts
nes
is
bu
ey
k.
ksi
ee r
ser
ov
he
tf
ho
srrsett
aand
es
tnu
im
hT
sira
mes
ri
whe
the
tpea
mo
co
cu
Ah
T
ee.
ttim
om
Ct
udi
Aot
stepor
R
.s
es
oc
pr
ent
manage
and
mt
ne
ms
se
ss
akk
siral
mor
he f
tng
eadi
lor
ef
bl
ipons
es
rsi
orr
tudi
Aal
ener
Gand
Phe V
To.
N
ettim
om
Cs
pen
om
Cee
ttim
mo
ced
egat
del
ee
S.
se
Y
al
ener
and
GP
Vhe.k
scifi
cpe
sh
eac
ng
anagi
or
ef
bl
ipons
ses
viut
ec
e e
xhos
h t
ts
kor
and w
pany
mo
e c
gni
ac
fs
ksir
orr
aj
me
es
ss
es
sa
ylal
codi
ier
,ten
manage
or
eni
ss'
pany
mo
he
h t
ti w
on
iat
tul
ons
ough
hr
t,
or
tudi
al
ener
and G
PV
he
”e.on
iat–
eso
d t
ks
siR“
ner
ov
and
Gng
itna
iom
N
eer
nt
i a
nd
seiti
od
mm
oc
en
rur
gn c
ei
orre
of
ted
at
el
ran
mot
ed
us
es
viat
vider
ulc
ni,
stoduc
prro
al
inanc
ifmt
es
nv
iorr
eof
su
stand
ibenef
mer
t-ong
l,
al
tapi
cs
ng
iat
rt
edi
rc
e,
ur
tc
urts
mo
che
thti
wed
at
ic
os
as
ver
ee
ttim
mo
eC
nanc
iF
ee
oy
pl
me
stiorr
fs
eici
pol
pm
oc
stioff
ent
ms
se
sas
enanc
.es
tar
ts
,s
einc
ksi
nage r
ng
di
nit
en
mns
oigat
iobl
tifof
ts
oc
st i
and
al
tpi
ac
s’pany
ms
ksir
sw
ei
.es
nd
aon
iat
spen
sri
ame
sr
hTh
oto
t
amo
csiro
Cev
ru
Ah
T
o tt
epor
o r
sal
ay
mk
sar
ul
cita p
ar
ng
anagi
or
ef
bl
ipons
se
viut
ec
he e
x
.s
ksir
eos
e
gat
itiand m
rot
oni
men
ak
ts
ha
ten
manage
sep
the
sand
tpany
mo
he
tng
ic
a f
sk
sor
jaaj
he m
ee t
ttm
mi
ot
udi
Ahe
ht
tiw
sw
eiv
ylal
codi
i p
er
orr
tudi
al
ener
and G
PV
he
.ten
manage
mand
ed
cifi
qual
e,
ur
tuf
of
pan
mo
che
that
e t
ur
ens
opr
ng
iann
pl
on
is
es
cuc
sna
er
gov
lal
er
ov
he
thti
wk
sirs
ew
iev
ree
ttim
om
Cg
ha
cx
Eal
et
MLondon
he
tu
al
fng o
ici
pr
ytiod
mm
oc
wet
bp
hi
ons
iat
el
he
ron
tc
ofh
chi
w,t
en
manage
mpr
er
ent
)(1
ong t
ni
ai
tper
es
er
ov
ee
ttim
mo
Ct
udi
A.
No
ey
korr
fs
edat
ie
tal
s a
has
ny
ots
se
oc
and
eanc
det
aic
os
s a
s
ser
ffo
eas
ar
rrhei
te
ov
kksi
ng r
di
egar
rhe
ct
morf
stepor
res
vei
ec
ryl
ar
egul
rut
oppor
and
sk
sirs
der
is
no
cd
oar
B
and
ange
on
mnu
im
uhe
een
tw
yliar
mi p
rs
eus
ck
side r
iw-
esir
ksir
ees
ee
ttim
mo
Ct
udi
A–
mm
oo
ct
ed
egat
del
ks
siR“
ee
S.
se
Y
ytilbi
ipons
night
is
er
ees
ttim
mo
ced
lai
det
sand
seit
uni
cegi
at
rts
im
am
ehthe
t ote
htota
mes
ri
tIed.
ifipec
one
sN
”e.
see
ttim
ed.
tga
itiand
anaged
ng
ei
bs
k i
sire
don
how
oar
bl
ul
ef
py
ettim
om
Cene
and
Bs
pen
om
Cee
ttm
mi
oc
ed
egat
del
ee
S.
se
Y
pany
mo
che
ts
ksir
lair
eat
mt
os
me
on
iten
tta
sd’
boar
he
tng
ibr
and
ksir
anage
otytil
bi
ipons
ss’t
en
manage
msi
”e
stifon
iat–
eso
dt
sk
siR“
ettim
mo
Cues
ssI
ciubl
P
itunc
ft
en
manage
mkk
sirk
siryti
ur
ec
sogy
hnol
ec
tni
,s
ksir
eanc
ipl
mo
and
co
cc
and
aal
inanc
if,)
debt
anc
ur
sni
(s
ksi
ry
ur
eas
trene
and
es
at
hange r
cex
ud
lc
ni,
snput
it
so
cr
oaj
mha
cx
Eal
et
MLondon
he
t
.pany
mo
co
et
lab
ci a
ppl
sk
sirs
met
sy
sorr
toni
mep
o r
thed
siabl
tes
pees
ser
ov
doar
B
ser
ff o
eas
ar
rrhei
t
sder
is
on
ee
c
.ons
rhe
t a
nd o
sk
on
ita
mor
nf
gal
elng,
itoun
d
an
tedi
r c
e,
2)
and (
gy
er
ng
ei
or
fng
di
and
ange
eh
ot
al
ier
ta
morr
fand
tpor
se
ses
oc
pr
.ytil
bi
ipons
o
t
and
benefa
pens
mo
chat
ty
el
kileas
rt
no
sine
im
er
det
pany
mo
cen
me
at
tS
ettim
om
C.
pany
mo
che
t
ans
pl
tifon
ita
yonabl
sti
tha
ted
hat
tte.
App
endi
x 1
director notes the role of the board in risk oversight www.conferenceboard.org 9
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
risks r
ela
ted to t
he c
om
pany’s
re
puta
tion a
nd r
evie
ws r
isks r
ela
ted
to t
he s
usta
inabili
ty o
f its o
pera
tions.
Govern
ance a
nd N
om
inating
Com
mitte
e c
onsid
ers
ris
ks r
ela
ting t
o
successio
n p
lannin
g a
nd o
vers
ees
the a
ppro
priate
allo
cation o
f re
sponsib
ility
for
risk o
vers
ight am
ong
the c
om
mitte
es o
f th
e b
oard
.
Com
pensation a
nd B
enefits
C
om
mitte
e c
onsid
ers
ris
ks r
ela
ted to
the a
ttra
ction a
nd r
ete
ntion o
f ta
lent
and r
isks r
ela
ting to the d
esig
n o
f com
pensation p
rogra
ms a
nd
arr
angem
ents
.
would
have a
m
ate
rial advers
e
eff
ect
on t
he
com
pany.
Yes.
Audit a
nd R
isk C
om
mitte
e (
1)
meets
re
gula
rly in e
xecutive s
essio
n w
ith t
he
CR
O w
ith r
egard
to t
he c
om
pany’s
risk m
anagem
ent
pro
cesses, contr
ols
and c
apabili
ties a
nd (
2)
appro
ves the
ER
M p
olic
y a
s w
ell
as r
isk p
olic
ies in
specific
ris
k a
reas.
C
om
pensation C
om
mitte
e o
vers
ees
executive c
om
pensation
arr
angem
ents
, in
clu
din
g t
he
com
pany’s
actions to a
ttra
ct
and
reta
in e
xecutive t
ale
nt,
foste
r th
e
appro
priate
lin
kage b
etw
een p
ay a
nd
perf
orm
ance a
nd d
evelo
p
com
pensation p
rogra
ms that
are
alig
ned w
ith t
he c
om
pany’s
ris
k
managem
ent
pro
file
. M
eets
with t
he
CR
O t
o a
ssess the e
ffectiveness o
f th
e d
esig
n a
nd o
pera
tion o
f th
e
com
pany’s
incentive c
om
pensation
pro
gra
ms in c
ontr
olli
ng e
xcessiv
e r
isk
takin
g.
Board
overs
ees e
nte
rprise
risks (
unle
ss t
he r
isk f
alls
w
ithin
the p
urv
iew
of
a
part
icula
r com
mitte
e).
Board
m
onitors
the “
tone a
t th
e t
op”
and c
ulture
of th
e c
om
pany,
overs
ees s
trate
gic
ris
ks
thro
ugh r
egula
r and
com
pre
hensiv
e r
evie
ws o
f th
e
com
pany’s
str
ate
gie
s a
nd
pla
ns a
nd r
evie
ws s
pecific
risks a
s n
eeded.
B
oard
appro
ves d
ecis
ions
regard
ing m
ajo
r str
ate
gic
in
itia
tives, such a
s
acquis
itio
ns a
nd d
ivestitu
res,
majo
r in
vestm
ents
, financin
gs
and c
apital com
mitm
ents
.
Yes.
The c
om
pany’s
E
RM
pro
cess is u
sed t
o
aggre
gate
, m
onitor,
m
easure
and m
anage
risks. T
he E
RM
appro
ach
is d
esig
ned to e
nable
the
board
to e
sta
blis
h a
m
utu
al unders
tandin
g
with m
anagem
ent
of th
e
eff
ectiveness o
f th
e
com
pany’s
ris
k
managem
ent
pra
ctices
and c
apabili
ties, to
re
vie
w t
he c
om
pany’s
risk e
xposure
and t
o
ele
vate
cert
ain
key r
isks
for
dis
cussio
n a
t th
e
board
level.
ER
M p
rogra
m is
overs
een b
y t
he C
RO
.
The E
RM
Polic
y d
efines
risk m
anagem
ent
obje
ctives,
risk a
ppetite
, risk lim
its a
nd e
scala
tion
trig
gers
, and e
sta
blis
hes
the inte
rnal govern
ance
str
uctu
re for
managin
g
Yes.
The C
RO
is
an e
xecutive
off
icer
and a
m
em
ber
of
senio
r m
anagem
ent.
R
eport
s to t
he
Audit a
nd R
isk
Com
mitte
e.
Managem
ent id
entifies
ente
rprise r
isks.
There
are
indiv
idual
managem
ent
com
mitte
es,
e.g
., E
RM
C
om
mitte
e,
chaired b
y
the C
RO
, and t
he
Asset-
Lia
bili
ty
Com
mitte
e,
chaired b
y
the C
FO
, w
hic
h a
re
responsib
le for
imple
menting t
he E
RM
P
olic
y a
cro
ss t
he
com
pany.
The A
udit a
nd R
isk
Com
mitte
e r
eceiv
es
regula
r re
port
s o
n r
isk
managem
ent fr
om
the
CR
O a
nd s
enio
r risk
leaders
in the a
reas o
f finance,
fundin
g a
nd
liquid
ity, com
plia
nce,
fraud,
technolo
gy a
nd
info
rmation s
ecurity
, and p
rivacy,
as w
ell
as
on r
isk m
anagem
ent
pra
ctices g
enera
lly.
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es –
C
om
pensation
Com
mitte
e.”
al
ci
na
nif-n
on(
yn
ap
mo
C
)n
oitutit
sni
Fo
Chm
oC
R (Y
la
mo
r
?retr
ha
/te
et
mm
iksi
R
)N
Y /
om
c o
ff e
mn
au
de
ln
ci(
cot
de
at
gel
ed
ks
siR
of
on
ip
tri
cs
de
nd
ae
ettim
ms
eetti
mm
co
)s
ks
rid
eew
iv
erks
siR
t c
uo
thiw
le
ev
l
dar
ob
eh
tta
ttee
im
mco
?d
se
scu
sid
nt
em
ge
na
am
re
isrrp
etn
“e
Is
If?
wo
hs,
ye
?”t
kisr ?
fC
hie
are
he
tsI
he
rs
oh
es
do
em
ow
hot
s,
ye
ff Ir?
eicffff
Ok
isR
?tp
orrt
erA o
f
on
ita
oc
ll a
oh
tc
oa
pp
rn
te
mg
en
aa
mot
ks
riff
np
eC
om
su
sc
sd
iar
ne
ge
uln
ci
kisr
hs,
ye
ff I
on
ita
ns
on
?i
sk
sri
la
nd
iu
de
?w
oh
nued
iinon
tc
he
tot
ng
iat
el
rs
ksi
and
rt
en
et
on
and
rit
ac
rtat
he
tsir
sder
ions
ee c
ttim
om
Cen
and
Bon
iat
spen
om
C
bhe
tf
os
ee
ttim
mo
che
tov
ksir
or
fytil
bi
ipons
es
roi
at
col
eal
at
iopr
appr
he
tng a
nanni
pl
on
is
es
cuc
ssi
rs
der
ions
cee
ttim
om
Cni
mo
eand
Nnanc
er
ov
G
tif
oytil
nabi
ai
ts
us
he
ot
ts
ew
iev
on a
nd r
iat
eput
rm
oc
he
ot
ted
ta
el
rs
ksir
fgn
oi
sde
nt
eal
tf
on
oit
oed t
at
el
rs
ks
stifne
d.
boar
ong
ma
ht
gis
er
vof
on
see
ser
d o
vo
tng
iat
el
rs
ks
ng
inat
.s
on
iat
oper
std
eat
el
rs
ksir
s’pany
.pany
mo
ct
on
tec
fef
aal
ier
ta
md
hav
oul
w
he
te
ser
adv
ea
v
Y
.s
ent
angem
rar
sm
aogr
on p
rit
apens
mo
che
tot
ng
iat
el
rs
ksi
and
r
ttim
mo
Con
iat
spen
om
C
.eas
ar
kk
si r
cifipec
sr
sll
ae
ws
ay
ci p
ol
MR
E2)
and (
es
itilapabi
and
ce
oc
pr
ten
manage
mk
sirhe
o t
td
egar
h r
tiw
OR
Ce
e s
viut
ec
ex
n
iyl
ar
legu
rtti
mm
oC
ksi
and
Rt
udi
A.
se
Y
and
sf
gn o
is
de
ee
rvi
ehens
pr
mo
ca
arr
egul
ough r
hr
teg
at
rt s
ees
ser
ov
he
tof
eurre
tul
cand
on
t“he
ts
or
toni
mti
mm
oc
arr
ul
citpar
ew
iv
he p
urrv
nt
hi
tiw
eht
ss
eln
u(ks
sire
ees
ser
d o
voar
B
es
es
er
ov
ee
t
ins
iecli
o p
kksir
he
tes
ov
ppr
as
ol
rroont
c,es
ss
es’
pany
mo
che
h t
tiw
on
is
es
set
em
)(1
ee
t
tn
em
anage
hm
tiw
and
ts
under
ual
tu
mh
siabl
tes
o
d t
oar
bena
oned
tig
se
dis
ap
MR
Ehe
T.
sk
siran
and m
eur
sea
mot
oni
me,
egat
aggr
us
sis
es
oc
pr
MR
Epany
mo
che
T.es
Y
he
toff
sew
ievd
an
sk
sirci
,pany
mo
ec
op”
the
tt
ae
d
oar
B.
ee)
tta
of
wwsll
afskk
ire
sipr
er
ent
sA
ehto
Co
ca
mh
Tena
M
ee.
ttim
om
Ck
si a
nd R
tudi
Ahe
tot
stepor
R
.ten
manage
mor
ien
soff
berr
me
m a
nd a
err
cifofff
evi
ut
ec
an e
xis
CR
Oe
hT
.s
eY
eth
fon
gdia
he
et
abl
hoac
ppr
age
,rot
ed
ss’
y
ettim
om
Cs
pen
om
Cee
ttim
mo
ced
egat
del
ee
S.
se
Y
ytilabi
Li
-te
ss
he
and t
,C
RO
eed b
yr
hai
cee,
ttim
om
MR
E.,
.ge
,ees
ttim
mo
ten
manage
dual
iv
ndi
ei
ear
her
.s
ksi
e r
sipr
er
nt
es
ifident
ient
anagem
”e.on
iat–
eso
d t
sk
siR“
ng
ilol
ront
n c
is
am
ogr
pr
oe
cvi
ent
cni
s’pany
mo
coi
at
and o
per
gn
ihe
des
tef
he e
ffft
ss
es
so a
tC
RO
eM
e.
liof
pr
ten
manage
mpan
mo
che
ht
tigned w
ial
sm
arog
on p
rit
apens
mo
co
el
and
dev
ec
an
mor
fperrf
wtage b
enk
ie
lat
iopr
apprro
f,ent
al
te
viut
ec
ex
n
ai
et
ro
at
ts
on
itac
s’pany
mo
cng
udi
lnc
i,
sent
angem
rar
on
ita
pens
mo
e c
viut
ec
ex
ttim
mo
Con
iat
spen
om
C
mm
o cl
atapi
cand
ent
mtes
nv
iorr
jaaj
mand
son
itis
qui
ac
h a
cu
s,es
viat
itni
is
orr
aj
ng m
di
egar
rd
es
ov
d a
ppr
oar
B
needed.
sa
sk
sirew
iev
rand
ans
pl
eat
rts
s’pany
mo
ce
er
viehens
pr
mo
c
ksi
e r
vis
es
cex
noi
at
spen
mhe
tf
on
of
os
enes
vitc
eh
ht
tiw
seet
ksir
s’ny
e
ar
hat
tso
pand
een p
ay
whe
terr
tos
fand
tac
rtthe
g t
n
es
es
er
ov
ee
t
he C
teen b
ys
er
ov
siam
ogr
pr
MR
E
.el
ev
ld
oar
bht
on
at
is
su
cs
di
orr
fey
kn
ai
ter
e c
at
ev
el
eand
ur
pos
ex
kksir
pan
mo
he
ct
wwei
ev
rot
,es
itilapabi
cnd
ac
a p
rt
en
manage
mk
sis
r’
yn
ap
mo
cht
ff o
senes
vitec
fefff
tn
em
anage
hm
tiw
.s
ent
mtim
sng
inanc
if,
st,
es
ur
tits
ev
dis
ac
egi
at
rts
son
isi
dec
cific
pe
ss
wand
se
egi
he
toff
sew
iev
ea
lCRa
meg
ro
Ch
T
oc
oPmie
srh
et
oC
sA
ee.
ttim
om
C
.O
RCh
es
ksi
ry
ots’
ny
o
se
cite
eth
fo
fo
eas
he
ar
tni
sder
ak
sirorr
eni
and s
RO
he
tm
or ft
en
manage
ksir
on
stepor
rarr
gul
es
vei
ce
ee r
ttim
om
ksi
and R
tudi
he A
.pany
mo
he
ts
sor
ac
yci
ol
MR
Ehe
ng t
iten
me
pl
mor
e f
bl
ipons
se
ar
hc
hi
w,
OF
e C
d b
yer
hai
cee,
ttim
om
ytilabi
Li
te
ss
.ng
iak
t
ana
morr
e f
urre
tc
urts
ner
gov
nal
er
nt
ihe
tab
tand e
s,
sgger
irta
c e
sand
stimil
kk
sir a
pp
ksir
,s
evit
ec
obj
ten
manage
mkk
sir d
ey
cilo
PM
Rhe E
T
pr
on
annf
iarfqilnif
ng
agi
enanches
sibl
on
iat
al
e,
tipet
sne
ief
.yl
al
gener
es
citac
ent
mge
ana
mk
sirn
as
lel
ws
a,y
ac
vind p
r,
ytiur
ce
son
iat
mor
fand
ogy
hnol
cet
aud,
,e
anc
ipl
mo
c,
ytdi
qui
and
ng
undi
fe,
nanc
App
endi
x 1
cont
inue
d
10 director notes the role of the board in risk oversight www.conferenceboard.org
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
risks. T
he E
RM
Polic
y
focuses o
n t
he m
ajo
r risks that are
rele
vant to
th
e c
om
pany,
giv
en its
busin
ess m
odel: c
redit
risk (
institu
tional and
indiv
idual),
opera
tional
risk, m
ark
et
risk a
nd
reputa
tional risk.
See a
lso “
Is ‘ente
rprise
risk m
anagem
ent’
dis
cussed?”
No.
Audit C
om
mitte
e r
evie
ws a
nd
dis
cusses w
ith m
anagem
ent
the
com
pany’s
majo
r financia
l risk
exp
osure
s a
nd the s
teps
managem
ent
has taken t
o m
onitor
and c
ontr
ol such e
xposure
s, in
clu
din
g
the c
om
pany’s
ris
k a
ssessm
ent
and
risk m
anagem
ent
polic
ies.
Als
o
receiv
es r
egula
r re
port
s o
n c
om
ple
ted
inte
rnal audits o
f th
e fin
ancia
l,
opera
ting a
nd c
om
plia
nce r
isk a
reas.
Fin
ance/P
ensio
n C
om
mitte
e r
evie
ws
polic
ies d
esig
ned b
y m
anagem
ent
regard
ing f
inancia
l and m
ark
et
risk
and a
ctions taken b
y m
anagem
ent to
contr
ol th
e r
isk (
e.g
., the n
atu
re a
nd
exte
nt
of
insura
nce c
overa
ge,
inte
rest
rate
and f
ore
ign c
urr
ency e
xposure
, counte
rpart
y r
isk).
Board
overs
ees a
nd r
evie
ws
cert
ain
aspects
of th
e
com
pany’s
ris
k m
anagem
ent
eff
ort
s.
Annually
, th
e b
oard
revie
ws
the c
om
pany’s
str
ate
gic
busin
ess p
lans, w
hic
h
inclu
des e
valu
ating the
obje
ctives o
f and r
isks
associa
ted w
ith t
hese p
lans
(e.g
., c
om
petitive, te
chnolo
gy,
econom
ic).
Not
dis
cussed.
None s
pecifie
d,
but
dis
clo
sure
sta
tes t
hat
com
pany’s
chie
f audit e
xecutive
meets
annually
in
executive s
essio
n
with t
he A
udit
Com
mitte
e.
The
chie
f audit
executive r
evie
ws
with t
he A
udit
Com
mitte
e e
ach
year’s a
nnual
inte
rnal audit p
lan,
whic
h is focused
on s
ignific
ant
are
as o
f financia
l,
opera
ting a
nd
com
plia
nce r
isk.
Assessin
g a
nd
managin
g r
isk a
re t
he
responsib
ilities o
f th
e
managem
ent
of A
T&
T.
Mem
bers
of th
e
Fin
ance a
nd
Com
plia
nce g
roups a
re
responsib
le for
managin
g r
isk in t
heir
are
as a
nd r
eport
ing
regula
rly t
o t
he A
udit
Com
mitte
e.
No.
Yes.
Ente
rprise R
isk (
“ER
”) C
om
mitte
e (
1)
overs
ees s
enio
r m
anagem
ent’s
identification,
pla
nnin
g f
or
and
managem
ent
of m
ate
rial risks f
acin
g
the c
om
pany,
(2)
overs
ees
esta
blis
hm
ent
by m
anagem
ent
of
risk
polic
ies a
nd g
uid
elin
es a
nd s
yste
ms
to s
upport
contr
ol of m
ark
et,
inte
rest
rate
and liq
uid
ity r
isk,
(3)
revie
ws
managem
ent str
ate
gy,
polic
y
pro
cedure
for
managin
g m
ark
et
risk,
inte
rest ra
te r
isk, liq
uid
ity r
isk a
nd
reputa
tional risk a
nd (
4)
overs
ees
managem
ent
activitie
s w
ith r
espect
to
capital m
anagem
ent
and liq
uid
ity
Board
appro
ves c
om
pany’s
art
icula
tion o
f its r
isk a
ppetite
annually
and a
ppro
ves,
at
a
hig
h level, follo
win
g p
roposal
by m
anagem
ent, t
he
com
pany’s
fra
mew
ork
for
managin
g r
isk.
Yes, see “
Ris
ks
dele
gate
d t
o
com
mitte
es.”
A
udit,
Cre
dit a
nd E
R
com
mitte
es w
ork
in
tandem
to p
rovid
e
ente
rprise-w
ide o
vers
ight
of
risk.
Yes, th
e C
RO
is
responsib
le for
institu
ting r
isk
managem
ent
pra
ctices
consis
tent
with
overa
ll busin
ess
str
ate
gy a
nd r
isk
appetite
. R
eport
s
to C
EO
.
See “
Is there
a C
hie
f R
isk O
ffic
er?
”
GC
manages legal risk
and r
eport
s to C
EO
.
Corp
ora
te G
enera
l A
uditor
assesses t
he
com
pany’s
contr
ol
environm
ent
and is
independent
of
managem
ent.
Report
s
directly to A
udit
Com
mitte
e a
nd
adm
inis
tratively
to
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es –
C
om
pensation
Com
mitte
e.”
al
ci
na
nif-n
on(
yn
ap
mo
C
)n
oitutit
sni
Fo
Chm
oC
R (Y
la
mo
r
?retr
ha
/te
et
mm
iksi
R
)N
Y /
om
c o
ff e
mn
au
de
ln
ci(
cot
de
at
gel
ed
ks
siR
of
on
ip
tri
cs
de
nd
ae
ettim
ms
eetti
mm
co
)s
ks
rid
eew
iv
erks
siR
t c
uo
thiw
le
ev
l
dar
ob
eh
tta
ttee
im
mco
?d
se
scu
sid
nt
em
ge
na
am
re
isrrp
etn
“e
Is
If?
wo
hs,
ye
?”t
kisr ?
fC
hie
are
he
tsI
he
rs
oh
es
do
em
ow
hot
s,
ye
ff Ir?
eicffff
Ok
isR
?tp
orrt
erA o
f
on
ita
oc
ll a
oh
tc
oa
pp
rn
te
mg
en
aa
mot
ks
riff
np
eC
om
su
sc
sd
iar
ne
ge
uln
ci
kisr
hs,
ye
ff I
on
ita
ns
on
?i
sk
sri
la
nd
iu
de
?w
oh
nued
iinon
tc
.N
o
cnan
iforr
aj
ms’
pany
mo
canage
hm
tiw
es
ss
uc
sdi
ew
iev
ree
ttim
mo
Ct
udi
A
ksir
al
ic
he
tent
m a
nd
sw
km
sirs’
yn
ap
mo
co
stpec
sn
aai
ter
ca
ees
ser
ov
doar
B
.k
sironal
iat
eput
ran
kk
si rt
ek
ar
m,
ksir
iat
oper
,)dual
iv
ndi
ia
onal
iut
titns
i(k
sirc
: odel
ms
nes
ibus
ev
gi
,pany
mo
he
ct
ev
el
re
ar
hat
ts
ksir
am
he
on t
es
su
oc
fo
PM
RE
eh
T.
sk
sir
.d
es
su
csi
dtN
o
ent
mage
na
mhe
tof
sew
iev
rand
sdisire
S
ndonal
nd
tedi
rst
en
iot
ant
vor
aj
ycli
o
hat
tes
tat
se
ur
sol
cs
di
but
ed,
ifipec
one s
N
es
ra
ms
A
ed?”
ss
uc
s’t
en
manage
mk
se
sipr
er
ent
‘sI
o“
see
al
.N
o
he
tf
os
eitilbi
ipons
she
te
ar
ksir
ng
anagi
and
ng
is
es
ss
am
by
en
kat
son
itand a
cand
al
inanc
ing f
di
egar
ra
mby
gned
is
de
sei
cipol
mm
oon C
iens
Pe/
nanc
iF
an
ipl
mo
ng a
nd c
iat
oper
nifhe
tf
ost
audi
nal
er
nt
ist
epor
rarr
egul
res
vei
ec
rei
cipol
ten
manage
mk
sire
ss
ak
sirs’
yn
ap
mo
che
tpos
ex
hc
us
ol
ront
and
cen
ak
ts
ha
ten
manage
mep
the s
and t
es
ur
os
pex
cnan
iforr
aj
ms
pany
mo
c
o
tten
manage
ksir
et
kar
mt
en
manage
sew
iev
ee r
ttim
.eas
ar
ksir
ec
,al
ianc
ed
et
lp
mo
con
so
lsA
.s
ed
an
tn
em
ss
eng
udi
lnc
i,
es
ur
or
toni
mot
ns
ksir
al
ic
).ci
mono
ec
eviti
pet
mo
c,
g.
e.
(t
htiw
ed
at
ic
os
as
and
off
se
vitec
obj
iuat
al
ev
udes
lnc
iw
,s
an
pl
snes
ibus
t s
s’pany
mo
che
the
boa
t,
ylnnual
A
. tsrrt
offe
km
sirs
yn
ap
mo
c
,ogy
hnol
ec
te,
san
pl
es
he
sk
si r
he
ng t
hc
hi
wc
egi
at
rts
ew
iev
rd
ar
ent
mage
na
m
ed
su
oc
fsi
h
chi
wan,
pl
taudi
nal
er
nt
iannual
s’ear
yh
cee e
atti
mom
Ct
udi
he
Ah
tti
ws
wei
ev
er
viut
ec
ex
taudi
ef
hi
che
Tee.
ttim
om
Ct
udi
he
Ah
tti
won
is
es
e s
viut
ec
ex
niyl
annual
set
em
evi
ut
ec
ex
taudi
ef
ih
cs’
pany
mo
chat
tes
tat
s
oCe
gr
eara
mes
ro
Cni
Fe
M
ame
sr
ee.
ttim
om
tudi
Ahe
tot
ylar
gul
ng
itepor
and
reas
rihe
n t
ik
si r
ng
anagi
or
ef
bl
ipons
se
ar
soup
e g
ranc
ipl
om
e a
nd
nanc
he
toff
sber
em
.T
&T
Af
ot
en
manage
he
tf
os
eitilbi
ipons
s
Y
.)k
siryt
par
er
ount
cenc
rur
cgn
ei
or
e a
nd f
at
re
ov
ce
can
ur
ns
ioff
ent
tex
he
t,.
ge.
(k
sihe
rt
ol
ront
cy
am
fo
ol
ront
ct
uppor
os
tnes
idel
and g
ui
sei
cipol
anag
mby
ten
mh
siabl
tes
es
er
ov
2)
(,
pany
mo
che
tai
er
at
mf
ot
en
manage
mf
ng
anni
pl
on,
iat
cifident
ianag
morr
eni
sees
ser
ov
C)”
ER
“ (
ksi
Re
sipr
er
nt
E.
se
Y
e,
ur
pos
ex
yc
tes
erre
nt
ige,
aer
de
an
ur
te
nag
.k
sirng
anagi
me
marf
s’pany
mo
c,
ent
manage
mby
iow
lol
f,
el
ev
gh l
hi
and a
pp
ylannual
stion
off
ita
ul
citar
ces
ov
d a
ppr
oar
B
ts
eer
nt
iet
kar
sm
ets
yand s
ksir
ffo
ent
mges
ee
ng
ic
afs
ksi
ral
and
orr
fs’t
en
me
) (1
ett
ei
mm
oC
de
ov
iw
esi
pr
er
ent
de
iov
prro
o t
mande
ti
kor
wees
ttim
mo
cand
Et
edi
rC
,tudi
A
”.ees
ttim
mo
co
ed
tegat
del
sk
siR“
ee
s,
es
Y
or
fk
or
ewh
et
al
opos
ng p
ri
aat
,es
ov
pr
eti a
ppet
kksir
s’pany
mo
c
.k
sire
can
ipl
mo
cng a
nd
iat
oper
,al
ic
nan
ifoff
eas
ar
ant
cifgni
ion
s
uA
oCanC
G
iR
eS
ksir
and
egy
at
rrats
snes
ibus
lal
erra
ov
htiw
ten
tsi
ons
ces
citac
pr
ten
manage
mk
sirng
iut
titns
ior
ef
bl
ipons
es
rsi
OR
he C
t,
es
Y
ght
is
er
vnRE
etti
mom
Cs
pen
om
Cee
ttim
mo
ced
egat
del
ee
S.
se
Y
he
tes
ss
es
sa
orr
tudi
al
ener
e G
at
por
or
.O
Eo
Ct
stepor
nd
rk
si r
egal
lanages
mC
”r?
eciff
Ok
sf
ehi
e a
Cher
tsI
ee “
”e.on
iat–
eso
d t
sk
siR“
an
ten
manage
mal
tapi
cw
seiti
vitc
at
en
manage
m4)
and (
kk
si r
onal
iat
eput
rt
di
qui
il,
ksi
er
at
rt
es
er
nt
ing
anagi
morr
fe
edur
oc
pr
p,
egy
tart
st
en
manage
m (
3,
ks
riyti
dqui
ie
and
lat
ra
mf
ool
ront
ct
uppor
os
t
ytdi
qui
id
lot
tc
pe
es
hr
tiw
see
ser
ov
)and
ksir
yt,
ksir
te
kar
mg
yci
pol
sw
eiv
) re
3t
se
er
nt
i,
et
kar
.k
sif
ro
de
ov
iw-
esi
pr
er
ent
da
oC
rdia
mnd
ieno
cu
A
O.
E C
otst
epor
Re.
tippet
ak
sirand
egy
at
rrats
ght
is
er
v
o
ty
el
viat
rratsi
nidm
ee a
nd
ttim
om
tudi
oA
tylt
ec
rst
epor
R.ten
manage
of
dependent
s a
nd i
ent
onm
rinv
ol
rton
cs’
pany
mo
he
tes
ss
es
sa
orr
tudi
App
endi
x 1
cont
inue
d
director notes the role of the board in risk oversight www.conferenceboard.org 11
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
pla
nnin
g.
Cre
dit C
om
mitte
e (
1)
overs
ees c
redit
exp
osure
s o
n e
nte
rprise-w
ide b
asis
, (2
) overs
ees m
anagem
ent syste
ms
that support
measure
ment
and
contr
ol of cre
dit r
isk,
(3)
overs
ees
managem
ent’s r
esponse to tre
nds in
cre
dit r
isk a
nd (
4)
coord
inate
s the
overs
ight
of
cre
dit r
isk w
ith E
R
Com
mitte
e.
Com
pensation C
om
mitte
e (1
) m
eets
re
gula
rly w
ith s
enio
r risk o
ffic
ers
to
revie
w a
nd e
valu
ate
ris
k in e
mplo
yee
com
pensation p
rogra
ms a
nd (
2)
dis
cusses c
om
pensation r
isk f
or
purp
oses o
f cert
ifyin
g t
hat
com
pensation p
rogra
ms d
o n
ot
drive
inappro
priate
ris
ks t
o c
om
pany.
A
udit C
om
mitte
e (
1)
revie
ws w
ith
managem
ent
and t
he G
enera
l C
ounsel, the n
atu
re a
nd s
tatu
s o
f sig
nific
ant
legal m
att
ers
and legal
risks a
nd (
2)
coord
inate
s w
ith E
R
Com
mitte
e w
ith r
espect to
com
pany’s
overa
ll m
anagem
ent
and h
andlin
g o
f risk in o
rder
to a
ssis
t w
ith o
pera
tional
and legal/com
plia
nce r
isk.
CE
O.
No.
Audit C
om
mitte
e (
1)
dis
cusses the
com
pany’s
overa
ll risk a
ssessm
ent
and r
isk m
anagem
ent
pra
ctices, per
its c
hart
er,
(2)
perf
orm
s a
centr
al
overs
ight
role
with r
espect
to f
inancia
l and c
om
plia
nce r
isks a
nd (
3)
report
s
on its
fin
din
gs a
t each r
egula
rly
schedule
d m
eeting o
f th
e full
board
aft
er
meeting w
ith the S
VP
, O
ffic
e o
f In
tern
al G
overn
ance,
the C
orp
ora
te
Auditor
and the independent
auditor,
D
elo
itte
& T
ouche L
LP
.
Fin
ance C
om
mitte
e a
ssesses r
isks
rela
ted t
o c
apital str
uctu
re,
sig
nific
ant
Board
responsib
le for
consid
era
tion a
nd o
vers
ight
of
risks. R
egula
rly r
evie
ws
mate
rial str
ate
gic
, opera
tional, fin
ancia
l,
com
pensation a
nd
com
plia
nce r
isks w
ith s
enio
r m
anagem
ent
and in
conju
nction w
ith its
com
mitte
es.
Not
dis
cussed.
None s
pecifie
d.
Not
specifie
d.
No.
App
endi
x 1
cont
inue
d
12 director notes the role of the board in risk oversight www.conferenceboard.org
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
financia
l exposure
s,
risk m
anagem
ent
and m
ajo
r in
sura
nce p
rogra
ms,
em
plo
yee p
ensio
n p
lan p
olic
ies a
nd
perf
orm
ance a
nd r
egula
rly e
valu
ate
s
financia
l risks a
ssocia
ted w
ith s
uch
pro
gra
ms.
No.
Audit C
om
mitte
e r
evie
ws t
he
com
pany’s
ris
k a
ssessm
ent
and r
isk
managem
ent
polic
ies a
nd p
rocedure
s
at
least
annually
, in
clu
din
g its
majo
r financia
l risk e
xposure
s a
nd s
teps
taken to m
onitor
and c
ontr
ol such
exp
osure
s.
Com
pensation C
om
mitte
e r
evie
ws
risks c
reate
d b
y c
om
pensation p
lans.
The r
isk o
vers
ight fu
nction is
adm
inis
tere
d b
oth
in full
board
dis
cussio
ns a
nd in
indiv
idual com
mitte
es that
are
ta
sked b
y the b
oard
with
overs
ight
of
specific
ris
ks.
Board
overs
ees e
nte
rprise
risk a
s p
art
of its r
ole
in
revie
win
g a
nd o
vers
eein
g t
he
imple
menta
tion o
f th
e
com
pany’s
str
ate
gic
pla
ns
and o
bje
ctives.
Board
and its
com
mitte
es
regula
rly r
eceiv
e info
rmation
and r
eport
s fro
m
managem
ent
on t
he s
tatu
s o
f th
e c
om
pany a
nd t
he r
isks
associa
ted w
ith t
he
com
pany’s
str
ate
gy a
nd
busin
ess p
lans.
Yes. S
ee “
Ris
ks r
evie
wed
at
the b
oard
level w
ithout
com
mitte
e.”
None s
pecifie
d.
Not
specifie
d.
See “
Ris
ks
dele
gate
d t
o
com
mitte
es –
C
om
pensation
Com
mitte
e.”
No.
Audit C
om
mitte
e a
ssis
ts b
oard
in
monitoring the c
om
pany’s
ris
k
exp
osure
and d
evelo
pin
g g
uid
elin
es
and p
olic
ies to g
overn
pro
cesses for
managin
g r
isks a
nd d
iscusses its
polic
ies w
ith r
espect to
ris
k
assessm
ent
and r
isk m
anagem
ent in
th
e c
onte
xt
of com
plia
nce a
nd
inte
rnal contr
ols
. R
eceiv
es a
nnual
report
s f
rom
the c
om
pany’s
Tre
asury
D
epart
ment.
Board
Nom
inating a
nd G
overn
ance
Com
mitte
e a
ssis
ts b
oard
in
monitoring r
isks incid
ent to
the
com
pany’s
govern
ance s
tructu
res
Board
revie
ws p
ort
folio
, capital allo
cation a
nd
geopolit
ical risks in t
he
conte
xt
of its a
nnual str
ate
gy
sessio
n a
nd t
he a
nnual
busin
ess p
lan a
nd c
apital
budget
revie
w.
B
oard
receiv
es r
outine
report
s f
rom
managem
ent
on
risk m
att
ers
in t
he c
onte
xt
of
the c
om
pany’s
str
ate
gic
, busin
ess a
nd o
pera
tional
pla
nnin
g a
nd d
ecis
ion
makin
g.
Not
dis
cussed.
None s
pecifie
d.
Managem
ent m
anages
and m
onitors
ris
ks a
t all
levels
of th
e c
om
pany,
inclu
din
g o
pera
ting
com
panie
s, busin
ess
units, corp
ora
te
depart
ments
and
serv
ice c
om
panie
s, and
regula
rly r
eport
s t
o t
he
board
thro
ugh
pre
senta
tions fro
m
various c
ente
rs o
f m
anagem
ent le
vel risk
exp
ert
ise, in
clu
din
g
Corp
ora
te S
trate
gic
P
lannin
g,
Legal,
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es –
M
anagem
ent
Com
pensation
Com
mitte
e.”
App
endi
x 1
cont
inue
d
director notes the role of the board in risk oversight www.conferenceboard.org 13
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
and p
rocesses. In
connection w
ith a
n
annual evalu
ation o
f th
e c
om
pany’s
govern
ance p
ractices,
the C
om
mitte
e
dis
cusses r
isk m
anagem
ent
in the
conte
xt
of
genera
l govern
ance
matt
ers
, in
clu
din
g a
mong o
ther
topic
s,
board
and m
anagem
ent
successio
n p
lannin
g,
dele
gations o
f auth
ority
and inte
rnal appro
val
pro
cesses, sto
ckhold
er
pro
posals
and
activis
m,
and D
&O
lia
bili
ty insura
nce.
Public
Polic
y C
om
mitte
e a
ssis
ts
board
in m
onitoring r
isks a
ssocia
ted
with t
he c
om
pany’s
role
in the
com
munitie
s in w
hic
h it
opera
tes.
Routinely
dis
cusses r
isk m
anagem
ent
in t
he c
onte
xt
of,
am
ong o
ther
thin
gs,
legis
lative initia
tives,
environm
enta
l ste
ward
ship
, em
plo
yee r
ela
tions,
govern
ment
and n
ongovern
ment
org
aniz
ation r
ela
tions a
nd t
he
com
pany’s
reputa
tion.
Managem
ent
Com
pensation
Com
mitte
e a
ssis
ts b
oard
in
monitoring r
isks a
ssocia
ted w
ith
com
pensation p
rogra
ms a
nd
pra
ctices. A
ssis
ted b
y its
ow
n
independent
com
pensation
consultant.
Annually
revie
ws t
he
desig
n a
nd g
oals
of com
pensation
pro
gra
ms a
nd p
ractices in the c
onte
xt
of
possib
le r
isks to the c
om
pany’s
financia
l and r
eputa
tional w
ell-
bein
g.
Corp
ora
te C
om
plia
nce,
Health E
nvironm
ent
and S
afe
ty,
Glo
bal
Explo
ration a
nd
Reserv
es,
Corp
ora
tion
Fin
ance,
and o
thers
.
P
roxy
filin
g pr
eced
es e
ffect
ive
date
of n
ew S
EC
di
sclo
sure
rule
s.
No.
Fin
ance C
om
mitte
e r
evie
ws
insura
nce r
isk m
anagem
ent
polic
ies
and e
quity r
isk m
anagem
ent
polic
ies
and p
rogra
ms.
Com
pensation C
om
mitte
e r
evie
ws
com
pensation r
isk.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
Yes.
Dis
clo
sure
in
clu
des
sta
tem
ent th
at
sto
ck o
wners
hip
guid
elin
es for
executive o
ffic
ers
and d
irecto
rs
dis
coura
ge
excess a
nd
unnecessary
ris
k
takin
g.
App
endi
x 1
cont
inue
d
14 director notes the role of the board in risk oversight www.conferenceboard.org
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
P
roxy
filin
g pr
eced
es e
ffect
ive
date
of n
ew S
EC
di
sclo
sure
rule
s.
cont
inue
d
The c
om
pany’s
executive
com
pensation is
str
uctu
red to
pre
vent
inappro
priate
ris
k
takin
g b
y
executives.
The
Com
pensation
Com
mitte
e
belie
ves t
hat th
e
focus o
n
world
wid
e
revenue a
nd
opera
ting incom
e
gro
wth
as the
perf
orm
ance
targ
ets
encoura
ges
managem
ent to
ta
ke a
bala
nced
appro
ach t
hat
focuses o
n
corp
ora
te
pro
fita
bili
ty.
Yes.
Ris
k M
anagem
ent
and F
inance
Com
mitte
e e
nhances the b
oard
’s
overs
ight
of
risk m
anagem
ent.
R
esponsib
ilities inclu
de (
1)
revie
win
g
risk m
anagem
ent
and c
om
plia
nce
polic
ies a
nd p
rogra
ms for,
and
report
s o
n,
the c
om
pany a
nd its
subsid
iaries,
(2)
appro
vin
g a
nd
adju
sting r
isk lim
its s
ubje
ct to
ra
tification b
y t
he b
oard
and (
3)
consultin
g w
ith m
anagem
ent
on t
he
eff
ectiveness o
f risk identification,
measure
ment
and m
onitoring
pro
cesses a
nd t
he a
dequacy o
f sta
ffin
g a
nd a
ction p
lans, as n
eeded.
Com
pensation C
om
mitte
e r
evie
ws
com
pensation p
rogra
ms to e
nsure
th
at th
ey d
o n
ot, a
mong o
ther
thin
gs,
Board
overs
ees t
he
com
pany’s
glo
bal risk
managem
ent fr
am
ew
ork
.
Board
receiv
es a
ris
k r
eport
fr
om
the C
RO
at
each
regula
rly s
chedule
d b
oard
m
eeting, w
ith r
espect to
the
com
pany’s
appro
ach to
managem
ent
of m
ajo
r risks,
inclu
din
g m
anagem
ent’s r
isk
mitig
ation e
ffort
s, w
here
appro
priate
.
Yes.
Ris
k M
anagem
ent
and F
inance C
om
mitte
e
report
s t
o t
he b
oard
re
gard
ing t
he c
om
pany’s
risk p
rofile
, as w
ell
as its
E
RM
fra
mew
ork
in
clu
din
g the s
ignific
ant
polic
ies, pro
cedure
s a
nd
pra
ctices e
mplo
yed to
manage r
isks in t
he
com
pany’s
busin
esses.
Yes.
The C
RO
le
ads G
lobal R
isk
Managem
ent,
a
com
pany-w
ide
function t
hat
is
responsib
le for
an
inte
gra
ted e
ffort
to
identify
, assess
and m
anage r
isks
that m
ay a
ffect th
e
com
pany’s
abili
ty
to e
xecute
on its
corp
ora
te s
trate
gy
and f
ulfill
its
busin
ess
obje
ctives.
Report
s p
rim
arily
to
the b
oard
. S
ee
“Ris
ks r
evie
wed a
t
Managem
ent is
re
sponsib
le for
executing t
he
com
pany’s
ris
k
managem
ent
polic
ies.
See “
Is there
a C
hie
f R
isk O
ffic
er?
”
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es –
T
he
Com
pensation
Com
mitte
e.”
App
endi
x 1
cont
inue
d
director notes the role of the board in risk oversight www.conferenceboard.org 15
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
encoura
ge u
nnecessary
or
excessiv
e
risk-t
akin
g.
the b
oard
level
without
com
mitte
e.”
No.
Board
im
ple
ments
ris
k o
vers
ight
function b
oth
as a
whole
and t
hro
ugh
com
mitte
es.
Audit C
om
mitte
e o
vers
ees r
isks
rela
ted t
o the c
om
pany’s
fin
ancia
l sta
tem
ents
, th
e f
inancia
l re
port
ing
pro
cess, accounting a
nd legal
matt
ers
. O
vers
ees t
he inte
rnal audit
function a
nd the c
om
pany’s
eth
ics
pro
gra
ms, in
clu
din
g t
he C
ode o
f B
usin
ess C
onduct.
Com
pensation C
om
mitte
e e
valu
ate
s
the r
isks a
nd r
ew
ard
s a
ssocia
ted w
ith
the c
om
pany’s
com
pensation
philo
sophy a
nd p
rogra
ms.
Revie
ws
and a
ppro
ves c
om
pensation
pro
gra
ms w
ith f
eatu
res that m
itig
ate
risk w
ithout
dim
inis
hin
g t
he incentive
natu
re o
f th
e c
om
pensation.
Fin
ance C
om
mitte
e o
vers
ees c
ert
ain
financia
l m
att
ers
and r
isks r
ela
ting t
o
pensio
n p
lan investm
ents
, curr
ency
risk a
nd h
edgin
g p
rogra
ms, m
erg
ers
and a
cquis
itio
ns a
nd c
apital pro
jects
.
Public
Issues a
nd D
ivers
ity R
evie
w
Com
mitte
e o
vers
ees issues t
hat
could
pose s
ignific
ant
reputa
tional
risk t
o t
he c
om
pany.
Managem
ent
Develo
pm
ent
Com
mitte
e o
vers
ees m
anagem
ent
develo
pm
ent
and s
uccessio
n
pla
nnin
g a
cro
ss s
enio
r m
anagem
ent
positio
ns.
Board
seeks t
o u
nders
tand
and o
vers
ee c
ritical busin
ess
risks. R
isks a
re c
onsid
ere
d in
virtu
ally
every
busin
ess
decis
ion a
nd a
s p
art
of
the
com
pany’s
busin
ess s
trate
gy.
Eff
ective r
isk o
vers
ight
is a
n
import
ant
priority
of
the
board
. T
he b
oard
has
imple
mente
d a
ris
k
govern
ance f
ram
ew
ork
to
unders
tand c
ritical risks in the
com
pany’s
busin
ess a
nd
str
ate
gy; allo
cate
re
sponsib
ilities for
risk
overs
ight
am
ong t
he full
board
and its
com
mitte
es;
evalu
ate
the c
om
pany’s
ris
k
managem
ent
pro
cesses a
nd
see t
hat th
ey a
re f
unctionin
g
adequate
ly;
facili
tate
open
com
munic
ation b
etw
een
managem
ent
and d
irecto
rs;
and f
oste
r an a
ppro
priate
culture
of
inte
grity
and r
isk
aw
are
ness.
A
nnually
, at
least
one
meeting o
f th
e b
oard
is
dedic
ate
d p
rim
arily
to
evalu
ating a
nd d
iscussin
g
risk,
risk m
itig
ation s
trate
gie
s
and t
he c
om
pany’s
inte
rnal
contr
ol environm
ent.
T
opic
s
inclu
de fin
ancia
l risks,
polit
ical and r
egula
tory
ris
ks,
legal risks, supply
chain
and
qualit
y r
isks, in
form
ation
technolo
gy r
isks, econom
ic
risks a
nd r
isks r
ela
ted t
o t
he
com
pany’s
tra
nsfo
rmation
Yes.
The c
om
pany h
as
robust
inte
rnal pro
cesses
and a
str
ong inte
rnal
contr
ol environm
ent to
id
entify
and m
anage
risks a
nd t
o
com
munic
ate
with t
he
board
, in
clu
din
g a
n E
RM
pro
gra
m.
No.
The R
isk
Managem
ent
Com
mitte
e is
cochaired b
y the
CF
O a
nd t
he G
C.
The c
om
pany h
as
robust
inte
rnal
pro
cesses a
nd a
str
ong
inte
rnal contr
ol
environm
ent
to identify
and m
anage r
isks a
nd
to c
om
munic
ate
with
the b
oard
. T
hese
inclu
de a
n e
nte
rprise
risk m
anagem
ent
pro
gra
m, a r
isk
managem
ent
com
mitte
e c
ochaired b
y
the C
FO
and t
he G
C,
regula
r in
tern
al
managem
ent
dis
clo
sure
com
mitte
e
meetings,
Code o
f B
usin
ess C
onduct,
robust
pro
duct
qualit
y
sta
ndard
s a
nd
pro
cesses,
a s
trong
eth
ics a
nd c
om
plia
nce
off
ice a
nd a
com
pre
hensiv
e inte
rnal
and e
xte
rnal audit
pro
cess.
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es –
C
om
pensation
Com
mitte
e.”
App
endi
x 1
cont
inue
d
16 director notes the role of the board in risk oversight www.conferenceboard.org
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
eff
ort
s. T
he b
oard
als
o
dis
cusses r
isk t
hro
ughout th
e
year
in r
ela
tion to s
ignific
ant
risks a
nd s
pecific
pro
posed
actions.
No.
Each c
om
mitte
e p
lays a
key r
ole
in
overs
eein
g t
he c
om
pany’s
m
anagem
ent
of
risks w
ithin
the
com
mitte
e’s
are
a o
f fo
cus.
Com
pensation C
om
mitte
e o
vers
ees
managem
ent
of
risks r
ela
ting to
executive c
om
pensation p
ractices.
Audit C
om
mitte
e o
vers
ees
managem
ent
of
accounting,
auditin
g,
exte
rnal re
port
ing a
nd inte
rnal contr
ol
risks.
Corp
ora
te G
overn
ance C
om
mitte
e
addre
sses r
isks a
ssocia
ted w
ith
directo
r in
dependence a
nd p
ote
ntial
conflic
ts o
f in
tere
st.
Environm
enta
l P
olic
y C
om
mitte
e
focuses o
n r
isks a
ssocia
ted w
ith
em
erg
ing r
egula
tory
develo
pm
ents
re
late
d t
o the e
nvironm
ent.
Scie
nce a
nd T
echnolo
gy C
om
mitte
e
consid
ers
key r
esearc
h a
nd
develo
pm
ent
initia
tives a
nd the r
isks
rela
ted t
o those p
rogra
ms.
Board
regula
rly r
evie
ws a
nd
dis
cusses w
ith m
em
bers
of
managem
ent in
form
ation
regard
ing t
he c
om
pany’s
busin
ess d
isru
ption,
econom
ic,
environm
enta
l,
legal, r
egula
tory
, re
puta
tional,
str
ate
gic
, te
chnolo
gic
al and
oth
er
risks, th
eir p
ote
ntial
impact
and the c
om
pany’s
risk m
itig
ation e
ffort
s.
Board
regula
rly info
rmed b
y
its c
om
mitte
es a
bout
rele
vant
risks, enablin
g the b
oard
to
coord
inate
ris
k o
vers
ight
and
rela
tionship
s a
mong t
he
various r
isks.
Not
dis
cussed.
None s
pecifie
d.
Not
specifie
d.
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es –
C
om
pensation
Com
mitte
e.”
No.
Audit C
om
mitte
e o
vers
ees r
isks
associa
ted w
ith f
inancia
l and
accounting m
att
ers
, in
clu
din
g
com
plia
nce w
ith legal and r
egula
tory
re
quirem
ents
, and the c
om
pany’s
financia
l re
port
ing a
nd inte
rnal contr
ol
syste
ms.
Board
Aff
airs C
om
mitte
e o
vers
ees
risks a
ssocia
ted w
ith c
orp
ora
te
govern
ance,
inclu
din
g b
oard
str
uctu
re
Responsib
ility
for
risk
overs
ight
rests
with t
he
board
. C
om
mitte
es h
elp
the
board
carr
y o
ut th
is
responsib
ility
by focusin
g o
n
specific
key a
reas o
f risk
inhere
nt
in the b
usin
ess.
Board
receiv
es r
egula
r update
s fro
m the c
om
mitte
es
and a
t le
ast
annually
Not
dis
cussed.
None s
pecifie
d.
Not
specifie
d.
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es –
C
om
pensation
Com
mitte
e.”
App
endi
x 1
cont
inue
d
director notes the role of the board in risk oversight www.conferenceboard.org 17
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
and d
irecto
r successio
n p
lannin
g.
Com
pensation C
om
mitte
e h
elp
s
ensure
that
the c
om
pany’s
com
pensation p
olic
ies a
nd p
ractices
support
the r
ete
ntion a
nd
develo
pm
ent
of
executive t
ale
nt
with
the e
xperience r
equired t
o m
anage
risks inhere
nt
to t
he b
usin
ess a
nd d
o
not
encoura
ge o
r re
ward
excessiv
e
risk-t
akin
g b
y e
xecutives.
Fin
ance C
om
mitte
e o
vers
ees r
isks
associa
ted w
ith f
inancia
l in
str
um
ents
, financia
l polic
ies a
nd s
trate
gie
s a
nd
capital str
uctu
re.
Public
Issues a
nd C
ontr
ibutions
Com
mitte
e o
vers
ees o
pera
tional risks
such a
s t
hose r
ela
ting t
o e
mplo
yee
and c
om
munity s
afe
ty,
health,
environm
enta
l and s
ecurity
matt
ers
.
part
icip
ate
s in r
evie
ws w
ith
managem
ent
addre
ssin
g t
he
pro
gre
ss o
f sig
nific
ant
pro
jects
and o
pera
tional
activitie
s.
Update
s a
re
measure
d a
gain
st
benchm
ark
exp
ecta
tions, all
of
whic
h
reflect
identified r
isk facto
rs
and t
he im
pact
of
those
identified r
isks o
n e
xpecte
d
outc
om
es a
nd r
esults.
No.
Responsib
ility
for
the o
vers
ight
of
specific
ris
ks h
as b
een d
ele
gate
d to
board
com
mitte
es.
Audit C
om
mitte
e o
vers
ees r
isk
polic
ies a
nd p
rocesses r
ela
ting t
o t
he
financia
l sta
tem
ents
and fin
ancia
l re
port
ing p
rocesses,
as w
ell
as k
ey
cre
dit,
liquid
ity,
and m
ark
et
risks a
nd
com
plia
nce,
and t
he g
uid
elin
es,
polic
ies a
nd p
rocesses f
or
monitoring
and r
eport
ing.
Public
Responsib
ilities C
om
mitte
e
overs
ees r
isks r
ela
ted t
o p
ublic
polic
y
initia
tives, th
e e
nvironm
ent
and
sim
ilar
matt
ers
. M
anagem
ent
Develo
pm
ent
and
Com
pensation C
om
mitte
e m
onitors
risks a
ssocia
ted w
ith m
anagem
ent
resourc
es, str
uctu
re a
nd s
uccessio
n
pla
nnin
g.
Board
has o
vera
ll re
sponsib
ility
for
risk
overs
ight
with f
ocus o
n m
ost
sig
nific
ant
risks facin
g t
he
com
pany.
At
year-
end, m
anagem
ent
and t
he b
oard
join
tly d
evelo
p
a lis
t of m
ajo
r risks to
prioritize in the n
ext
year.
T
he b
oard
and its
com
mitte
es
dedic
ate
a p
ort
ion o
f th
eir
meetings t
o r
evie
w a
nd
dis
cuss s
pecific
ris
k topic
s in
more
deta
il.
Str
ate
gic
and o
pera
tional
risks a
re p
resente
d a
nd
dis
cussed in t
he c
onte
xt
of
the C
EO
’s r
eport
on
opera
tions to t
he b
oard
and
regula
rly s
chedule
d m
eetings.
Yes.
The C
RO
overs
ees
and c
oord
inate
s r
isk
assessm
ent
and
mitig
ation o
n a
n
ente
rprise-w
ide b
asis
.
Yes.
The C
RO
le
ads the
Corp
ora
te R
isk
Function,
whic
h
identifies k
ey
busin
ess r
isks,
ensuring
appro
priate
m
anagem
ent
of
these r
isks w
ithin
sta
ted lim
its a
nd
enfo
rcem
ent
thro
ugh p
olic
ies
and p
rocedure
s.
R
eport
s to t
he
Corp
ora
te R
isk
Com
mitte
e,
a
managem
ent
com
mitte
e
com
posed o
f th
e
Chairm
an a
nd
CE
O a
nd o
ther
See “
Is t
here
a C
hie
f
Ris
k O
ffic
er ?
”
In a
dditio
n, th
e P
olic
y
Com
plia
nce R
evie
w
Board
, w
hic
h m
eets
betw
een 1
2 a
nd 1
4
tim
es a
year
is c
haired
by t
he G
C a
nd inclu
des
the C
FO
and o
ther
senio
r le
vel fu
nctional
leaders
.
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es
Managem
ent
Develo
pm
ent and
Com
pensation
Com
mitte
e.”
App
endi
x 1
cont
inue
d
18 director notes the role of the board in risk oversight www.conferenceboard.org
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
Nom
inating a
nd C
orp
ora
te
Govern
ance C
om
mitte
e o
vers
ees
risks r
ela
ting to g
overn
ance s
tructu
re
and p
rocesses a
nd r
isks a
risin
g f
rom
re
late
d-p
ers
on t
ransactions.
senio
r le
vel
busin
ess leaders
.
The C
orp
ora
te
Ris
k C
om
mitte
e
report
s t
o t
he
board
.
No.
Audit C
om
mitte
e r
egula
rly r
eceiv
es,
revie
ws a
nd d
iscusses w
ith
managem
ent
pre
senta
tions a
nd
analy
ses,
the c
om
pany’s
aggre
gate
risk e
xposure
s,
inclu
din
g m
ark
et,
cre
dit a
nd o
pera
tional risks a
nd k
ey
info
rmation involv
ing t
he c
om
pany’s
fu
ndin
g a
nd liq
uid
ity r
isk p
ositio
n.
Audit C
om
mitte
e inte
racts
fre
quently
with t
he C
RO
and o
ther
key r
isk
managem
ent
executives, fr
om
both
th
e c
ontr
ol and b
usin
ess s
ides o
f th
e
firm
.
The b
oard
’s o
vers
ight
of th
e
com
pany’s
ris
k m
anagem
ent
pro
cess is e
ffecte
d p
rim
arily
th
rough t
he A
udit C
om
mitte
e.
The b
oard
revie
ws t
he
com
pany’s
str
ate
gy,
whic
h
bols
ters
its
abili
ty t
o o
vers
ee
the c
om
pany’s
ris
k
managem
ent
pro
cess.
Not
dis
cussed.
Yes.
The C
RO
is
responsib
le for
leadin
g t
he
com
pany’s
overa
ll risk m
anagem
ent
eff
ort
. In
tera
cts
fr
equently w
ith
Audit C
om
mitte
e
and
Com
pensation
Com
mitte
e.
Report
s to A
udit
Com
mitte
e.
See “
Is there
a C
hie
f R
isk O
ffic
er?
” Y
es.
The
com
pany r
evie
ws
its f
irm
-wid
e
com
pensation
pro
gra
ms a
nd
polic
ies to e
nsure
th
at th
ere
are
no
risks a
risin
g f
rom
such p
rogra
ms
and p
olic
ies that
are
reasonably
lik
ely
to h
ave a
m
ate
rial advers
e
eff
ect
on t
he f
irm
. T
he C
RO
, th
e
com
pany’s
in
dependent
com
pensation
consultant
and
senio
r m
em
bers
of
both
the
revenue a
nd
contr
ol div
isio
ns
are
involv
ed in
this
revie
w
pro
cess. In
additio
n, th
e
com
pany’s
C
om
pensation
Com
mitte
e
revie
ws t
he
com
pany’s
com
pensation
pro
gra
ms f
or
consis
tency w
ith
the s
afe
ty a
nd
soundness o
f our
firm
. S
ince t
he
Com
pensation
App
endi
x 1
cont
inue
d
director notes the role of the board in risk oversight www.conferenceboard.org 19
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
Com
mitte
e
inclu
des a
ll of
the
mem
bers
of th
e
Audit C
om
mitte
e,
it is p
rovid
ed w
ith
a c
om
ple
te
pic
ture
of th
e r
isk
managem
ent
pro
cess.
P
roxy
filin
g pr
eced
es e
ffect
ive
date
of n
ew S
EC
di
sclo
sure
rule
s.
No.
Audit C
om
mitte
e a
ssis
ts w
ith r
isk
assessm
ent
and r
isk m
anagem
ent.
Fin
ance a
nd I
nvestm
ent
Com
mitte
e
revie
ws r
isk c
oncentr
ation.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
No.
Audit C
om
mitte
e h
as p
rim
ary
re
sponsib
ility
for
overs
eein
g r
isk
assessm
ent
and m
anagem
ent,
in
clu
din
g the c
om
pany’s
majo
r financia
l exposure
s a
nd t
he s
teps
managem
ent
has taken t
o m
onitor
and c
ontr
ol such e
xposure
s. S
tays
apprised o
f sig
nific
ant
actu
al and
pote
ntial risks f
aced b
y the c
om
pany
in p
art
thro
ugh r
evie
w o
f quart
erly
report
s f
rom
the E
nte
rprise R
isk
Council
(“E
RC
”) a
nd d
eta
iled
pre
senta
tions, at
least
annually
, fr
om
th
e c
hair o
f th
e E
RC
regard
ing t
he
com
pany’s
ris
k a
ssessm
ent
and
managem
ent
pro
cess. A
lso s
tays
apprised o
f F
CP
A a
nd a
nti-b
ribery
risk f
rom
FC
PA
Overs
ight C
om
mitte
e.
Leaders
hip
Develo
pm
ent
and
Com
pensation C
om
mitte
e r
evie
ws
risks that m
ay b
e im
plic
ate
d b
y
executive c
om
pensation p
rogra
ms
and m
onitors
the independence o
f th
e
com
mitte
e’s
com
pensation
consultant.
Nom
inating a
nd C
orp
ora
te
Govern
ance C
om
mitte
e o
vers
ees
Audit C
om
mitte
e r
eport
s t
o
board
at
each q
uart
erly b
oard
m
eeting.
Board
and A
udit C
om
mitte
e
receiv
e p
resenta
tions
thro
ughout
the y
ear
from
m
anagem
ent
regard
ing
specific
pote
ntial risks a
nd
trends a
s n
ecessary
.
At
each b
oard
meeting,
Chairm
an a
nd C
EO
addre
ss
in a
directo
r-only
sessio
n
matt
ers
of
part
icula
r im
port
ance o
r concern
, in
clu
din
g a
ny s
ignific
ant
are
as o
f risk r
equirin
g b
oard
att
ention.
Annually
, th
rough d
edic
ate
d
sessio
ns focusin
g e
ntire
ly o
n
corp
ora
te s
trate
gy,
the full
board
revie
ws in d
eta
il th
e
com
pany’s
short
- and long-
term
str
ate
gie
s,
inclu
din
g
consid
era
tion o
f sig
nific
ant
risks facin
g t
he c
om
pany a
nd
Yes.
The E
RC
, com
posed o
f le
aders
fr
om
functional are
as o
f th
e c
om
pany, m
eets
at
least quart
erly t
o
coord
inate
info
rmation
sharing a
nd m
itig
ation
eff
ort
s for
all
types o
f risks. E
RC
report
s to
Audit C
om
mitte
e.
FC
PA
Overs
ight
Com
mitte
e o
vers
ees
ente
rprise-w
ide
com
plia
nce w
ith the
FC
PA
and t
he a
nti-
bribery
law
s o
f th
e
jurisdic
tions in w
hic
h w
e
conduct busin
ess.
No.
Chair o
f E
RC
is
the V
P o
f In
tern
al A
udit a
nd
Corp
ora
te
Com
plia
nce.
Report
s the E
RC
’s
risk a
naly
ses to
senio
r m
anagem
ent
regula
rly a
nd
att
ends e
ach A
udit
Com
mitte
e
meeting.
Audit C
om
mitte
e r
elie
s
on E
RC
(w
hic
h is
com
posed o
f le
aders
fr
om
the f
unctional
are
as o
f th
e c
om
pany
and m
eets
at
least
quart
erly t
o c
oord
inate
in
form
ation s
haring a
nd
mitig
ation e
ffort
s for
all
types o
f risks)
and the
FC
PA
Overs
ight
Com
mitte
e.
No.
See “
Ris
ks
dele
gate
d t
o
com
mitte
es
Leaders
hip
D
evelo
pm
ent and
Com
pensation
Com
mitte
e.”
App
endi
x 1
cont
inue
d
20 director notes the role of the board in risk oversight www.conferenceboard.org
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
risks r
ela
ted to g
overn
ance p
olic
ies
and p
ractices, in
clu
din
g r
evie
w a
nd
appro
val of
any r
ela
ted p
art
y
transactions a
nd r
ela
tionship
s
involv
ing d
irecto
rs a
nd e
xecutive
off
icers
. In
frastr
uctu
re C
om
mitte
e r
evie
ws
risks r
ela
ted to c
orp
ora
te
infr
astr
uctu
re.
their p
ote
ntial im
pact.
No.
Each o
f th
ree b
oard
com
mitte
es
(Audit,
Directo
rs a
nd C
orp
ora
te
Govern
ance a
nd E
xecutive
Com
pensation a
nd M
anagem
ent
Resourc
es)
exam
ines v
arious
com
ponents
of
ente
rprise r
isk a
s p
art
of
its r
esponsib
ilities.
Board
is r
esponsib
le for
overs
eein
g m
anagem
ent
in
the e
xecution o
f its
responsib
ilities a
nd for
assessin
g t
he c
om
pany’s
appro
ach t
o r
isk
managem
ent.
O
vera
ll re
vie
w o
f risk is
inhere
nt
in the b
oard
’s
consid
era
tion o
f th
e
com
pany’s
long-t
erm
str
ate
gie
s a
nd in the
transactions a
nd o
ther
matt
ers
pre
sente
d to t
he
board
, such a
s c
apital
exp
enditure
s,
acquis
itio
ns,
div
estitu
res a
nd f
inancia
l m
att
ers
.
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es.”
None s
pecifie
d.
Senio
r m
anagem
ent
is
responsib
le for
assessin
g a
nd
managin
g t
he
com
pany’s
various
exp
osure
s t
o r
isk o
n a
day-t
o-d
ay b
asis
, in
clu
din
g the c
reation o
f appro
priate
ris
k
managem
ent
pro
gra
ms
and p
olic
ies.
No.
No.
Audit C
om
mitte
e o
vers
ees issues
rela
ted t
o inte
rnal contr
ol over
financia
l re
port
ing.
Fin
ance C
om
mitte
e o
vers
ees issues
rela
ted t
o the c
om
pany’s
ris
k
tole
rance in c
ash-m
anagem
ent
investm
ents
.
Com
pensation C
om
mitte
e o
vers
ees
risks r
ela
ted to c
om
pensation
pro
gra
ms.
Board
is p
eriodic
ally
briefe
d
by m
anagem
ent
on r
isks that
the c
om
pany f
aces. In
som
e
cases, as w
ith r
isks o
f new
te
chnolo
gy a
nd r
isks r
ela
ted
to p
roduct
accepta
nce,
risk
overs
ight
is a
ddre
ssed a
s
part
of th
e full
board
’s
engagem
ent
with t
he C
EO
and m
anagem
ent.
Board
mem
bers
assess a
nd
overs
ee t
he r
isks a
s a
part
of
their r
evie
w o
f th
e r
ela
ted
busin
ess,
financia
l or
oth
er
activity o
f th
e c
om
pany.
The
Yes. S
ee “
Ris
ks r
evie
wed
at
the b
oard
level w
ithout
com
mitte
e.”
None s
pecifie
d.
Managem
ent
responsib
le for
identify
ing r
isk a
nd r
isk
contr
ols
rela
ted t
o
sig
nific
ant
busin
ess
activitie
s; m
appin
g the
risks to c
om
pany
str
ate
gy;
and
develo
pin
g p
rogra
ms
and r
ecom
mendations
to d
ete
rmin
e t
he
suff
icie
ncy o
f risk
identification, th
e
bala
nce o
f pote
ntial risk
to p
ote
ntial re
ward
, th
e
appro
priate
manner
in
Yes.
The
com
pany
conclu
ded t
hat
its
com
pensation
polic
ies a
nd
pra
ctices d
o n
ot
cre
ate
ris
ks t
hat
are
reasonably
lik
ely
to h
ave a
m
ate
rial advers
e
eff
ect
on t
he
com
pany.
Deta
iled
dis
clo
sure
of
analy
sis
used t
o
reach t
his
App
endi
x 1
cont
inue
d
director notes the role of the board in risk oversight www.conferenceboard.org 21
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
full
board
als
o r
eceiv
es
specific
report
s o
n e
nte
rprise
risk m
anagem
ent,
in w
hic
h
the identification a
nd c
ontr
ol
of
risk a
re t
he p
rim
ary
topic
s
of
the d
iscussio
n.
whic
h t
o c
ontr
ol risk
and t
he s
upport
of
the
pro
gra
ms d
iscussed
belo
w a
nd t
heir r
isk to
com
pany s
trate
gy.
Managem
ent
als
o
pro
vid
es b
riefs
to t
he
board
on t
he s
ignific
ant
volu
nta
ry a
nd
involu
nta
ry r
isks t
hat
the c
om
pany f
aces a
nd
how
the c
om
pany is
seekin
g t
o c
ontr
ol risk if
and w
hen a
ppro
priate
.
conclu
sio
n
follo
wed.
No.
Audit C
om
mitte
e m
eets
in p
rivate
sessio
ns w
ith e
ach o
f th
e C
FO
, V
P
Hum
an R
esourc
es a
nd G
enera
l C
ounsel, C
hie
f C
om
plia
nce O
ffic
er,
V
P C
orp
ora
te I
nte
rnal A
udit, and
repre
senta
tives o
f th
e c
om
pany’s
in
dependent
auditors
at
the
conclu
sio
n o
f every
regula
rly
schedule
d m
eeting,
where
aspects
of
risk m
anagem
ent
are
dis
cussed.
Overs
ight
of
risk
managem
ent is
ultim
ate
ly t
he
responsib
ility
of
the f
ull
board
. B
oard
receiv
es r
egula
r re
port
s o
n a
spects
of
the
com
pany’s
ris
k m
anagem
ent
from
senio
r re
pre
senta
tives o
f th
e c
om
pany’s
independent
auditors
.
Board
meets
annually
with
mem
bers
of m
anagem
ent
with p
rim
ary
responsib
ility
for
managem
ent
of
risk in t
heir
respective a
reas o
f re
sponsib
ility
, in
clu
din
g t
he
Chairm
an/C
EO
; C
FO
; C
ontr
olle
r; T
reasure
r; V
P
Hum
an R
esourc
es a
nd
Genera
l C
ounsel; C
orp
ora
te
Secre
tary
; C
hie
f C
om
plia
nce
Off
icer;
VP
Corp
ora
te A
ffairs,
Govern
ment A
ffairs &
Polic
y,
Worldw
ide O
pera
tions,
Scie
nce &
Technolo
gy,
Corp
ora
te I
nte
rnal A
udit a
nd
the W
orldw
ide C
hairm
an a
nd
Chie
f C
om
plia
nce O
ffic
er
of
each o
f th
e c
om
pany’s
busin
ess s
egm
ents
.
Not
dis
cussed.
None s
pecifie
d.
See “
Ris
ks r
evie
wed a
t th
e b
oard
level w
ithout
com
mitte
e.”
No.
App
endi
x 1
cont
inue
d
22 director notes the role of the board in risk oversight www.conferenceboard.org
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
Yes.
Ris
k P
olic
y C
om
mitte
e o
vers
ees
senio
r m
anagem
ent
risk-r
ela
ted
responsib
ilities inclu
din
g r
evie
win
g
managem
ent
polic
ies a
nd
perf
orm
ance a
gain
st
the firm
’s
polic
ies a
nd b
enchm
ark
s.
A
udit C
om
mitte
e r
evie
ws w
ith
managem
ent th
e s
yste
m o
f in
tern
al
contr
ols
and fin
ancia
l re
port
ing r
elie
d
upon t
o p
rovid
e r
easonable
assura
nce o
f com
plia
nce w
ith t
he
firm
’s o
pera
tional risk m
anagem
ent
pro
cesses.
Com
pensation C
om
mitte
e r
evie
ws
the f
irm
’s c
om
pensation p
ractices a
nd
the r
ela
tionship
am
ong r
isk,
risk
managem
ent
and c
om
pensation in
light
of th
e f
irm
’s o
bje
ctives.
Each c
om
mitte
e o
vers
ees r
eputa
tion
risk issues w
ithin
their s
cope o
f re
sponsib
ility
.
Board
exerc
ises o
vers
ight
of
risk m
anagem
ent
princip
ally
th
rough t
he R
isk P
olic
y
Com
mitte
e a
nd th
e A
udit
Com
mitte
e.
How
ever,
the
board
revie
ws s
ele
cte
d r
isk
topic
s d
irectly a
s
circum
sta
nces w
arr
ant.
Not
dis
cussed.
Yes.
The C
RO
heads R
isk
Managem
ent
and
is a
mem
ber
of
the
firm
’s O
pera
ting
Com
mitte
e.
Report
s to t
he
CE
O a
nd the
board
, prim
arily
th
rough t
he R
isk
Polic
y C
om
mitte
e.
Each lin
e o
f busin
ess is
responsib
le for
managin
g its
ow
n r
isks,
with its
ow
n r
isk
com
mitte
e a
nd a
chie
f risk o
ffic
er.
R
isk M
anagem
ent
is
responsib
le for
pro
vid
ing a
n
independent
firm
wid
e
function o
f risk
managem
ent
and
contr
ols
and is h
eaded
by t
he firm
’s C
RO
. T
he C
hie
f In
vestm
ent
Off
ice a
nd C
orp
ora
te
Tre
asury
are
re
sponsib
le for
managin
g t
he firm
’s
liquid
ity, in
tere
st
rate
and f
ore
ign e
xchange
risk.
Legal and C
om
plia
nce
has o
vers
ight
for
legal
and f
iducia
ry r
isk.
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
e –
C
om
pensation
Com
mitte
e.”
No.
Audit C
om
mitte
e r
evie
ws a
nd
dis
cusses r
isk a
ssessm
ent
and r
isk
managem
ent
guid
elin
es,
polic
ies a
nd
pro
cesses b
y u
tiliz
ing t
he c
om
pany’s
E
RM
appro
ach. A
fter
managem
ent
revie
ws k
ey r
isks w
ith A
udit
Com
mitte
e,
the c
om
mitte
e a
llocate
s
responsib
ility
to b
oard
or
oth
er
com
mitte
es d
ependin
g o
n w
hic
h is in
the b
est
positio
n t
o r
evie
w a
nd
assess b
oth
the r
isk e
xposure
s a
nd
the s
teps m
anagem
ent
has taken t
o
monitor
and c
ontr
ol th
ose e
xposure
s.
Fin
ance C
om
mitte
e r
evie
ws a
nd
report
s t
o t
he b
oard
on f
inancia
l risk
managem
ent
activitie
s, such a
s
fore
ign e
xchange,
com
moditie
s,
Board
responsib
le for
overs
eein
g t
he o
vera
ll risk
assessm
ent
and
managem
ent
pro
cesses.
Board
revie
ws f
ood s
afe
ty
polic
ies, pro
cedure
s a
nd
pro
gra
ms, in
clu
din
g t
hose
rela
ted t
o s
upply
chain
.
Board
als
o r
evie
ws s
trate
gie
s
rela
ted t
o c
om
petition,
inclu
din
g fro
m p
rivate
label
and c
usto
mer
concentr
ation.
Yes. S
ee “
Ris
ks
dele
gate
d t
o c
om
mitte
es
– A
udit C
om
mitte
e.”
E
RM
appro
ach d
esig
ned
in p
art
to e
nsure
that th
e
board
and r
ele
vant
com
mitte
es r
eceiv
e
advic
e a
bout
and
unders
tand t
he
com
pany’s
ris
k
managem
ent
pro
cess,
the p
art
icip
ants
in t
he
pro
cess a
nd the
info
rmation g
ath
ere
d
thro
ugh t
he a
ppro
ach.
None s
pecifie
d.
Annually
, m
anagem
ent
identifies k
ey r
isks
inclu
din
g s
trate
gic
, financia
l, o
pera
tional,
legal and r
egula
tory
risks. M
anagem
ent
revie
ws t
hese r
isks w
ith
the A
udit C
om
mitte
e.
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es –
H
um
an
Resourc
es a
nd
Com
pensation
Com
mitte
e.”
al
ci
na
nif-n
on(
yn
ap
mo
C
)n
oitutit
sni
Fo
Chm
oC
R (Y
la
mo
r
?retr
ha
/te
et
mm
iksi
R
)N
Y /
om
c o
ff e
mn
au
de
ln
ci(
cot
de
at
gel
ed
ks
siR
of
on
ip
tri
cs
de
nd
ae
ettim
ms
eetti
mm
co
)s
ks
rid
eew
iv
erks
siR
t c
uo
thiw
le
ev
l
dar
ob
eh
tta
ttee
im
mco
?d
se
scu
sid
nt
em
ge
na
am
re
isrrp
etn
“e
Is
If?
wo
hs,
ye
?”t
kisr ?
fC
hie
are
he
tsI
he
rs
oh
es
do
em
ow
hot
s,
ye
ff Ir?
eicffff
Ok
isR
?tp
orrt
erA o
f
on
ita
oc
ll a
oh
tc
oa
pp
rn
te
mg
en
aa
mot
ks
riff
np
eC
om
su
sc
sd
iar
ne
ge
uln
ci
kisr
hs,
ye
ff I
o
nit
an
s
on
?i
sk
sri
la
nd
iu
de
?w
oh
Y
es
ses
oc
pr
mk
sironal
iat
oper
s’mrif
can
ipl
mo
coff
eanc
ur
sas
ona
eas
rde
iv
oo p
rupon t
eral
inanc
ifand
sol
rroont
cm
ets
yhe
st
ten
manage
mew
iev
ree
ttim
mo
Ct
udi
A
kar
mh
cben
and
sei
cipol
he
tt
sn
e a
gai
can
mor
fperrf
as
eici
pol
ten
manage
mng
udi
lc
nis
eitilbi
ipons
es
rk
sirt
en
manage
morr
eni
so
ee
ttim
mo
Cy
ciol
Pk
siR
.s
eY
aw
se
anc
ts
mu
cric
sa
yltc
erid
sc
opi
te
ss
wei
ev
dr
boar
eow
Hee.
ttim
om
Ct
ee
and
ttim
om
Ck
siR
he
ough t
hr
tt
en
manage
mkk
sires
sic
er
dex
oar
B
ten
manage
mhe
ht
tie
wc
eabl
ed
iel
ng r
itepor
al
ner
tni
fo
mh
ti w
sw
.s
ks’
mrife
nd
ng
iew
iev
rg
ed
at
el
r-k
ees
ser
ov
.ed
ss
uc
sdi
ot
N
.ant
rar
ksir
ed
tc
eel
he
t,er
ev
tudi
Ahe
ty
ciol
Pyl
pal
ic
nipr
tf
oght
is
er
ov
oc
amu
nfn
dipres
ri
R
srio
ci
wa
mes
ra
E
.e
etit
mm
oC
ylic
oP
ksi
Rhe
ough t
hr
tyli
ar
mi p
rd,
boar
he
and
tO
EC
he
to
tst
epor
R
ee.
ttim
om
Cng
iat
perra
Os’
mrifhe
tof
berr
me
ma
siand
ent
anagem
Mk
siR
heads
CR
Oe
hT
.s
eY
ettim
om
Cs
pen
om
Cee
ttim
mo
ced
egat
del
ee
S.s
eY
headed
sand
is
ol
rroont
and
ten
manage
ksir
on
off
itnc
de
iw
mri f
dependent
ng a
ndi
iov
or
ef
bl
ipons
ssi
ten
anagem
Mkk
s
r.e
ciffffo
kks
fe
hi
cee a
nd a
ttim
mo
ksi
nr
ow
sth
it
,s
ksir
now
sting
anagi
or
e f
bl
ipons
ssi
snes
is
bu
ffne
oil
hac
”e.on
iat–
eo
dt
sk
siR“
.ytil
bi
ipons
es
rs
rhei
tn
hi
tiw
sue
ssi
ksir
es
er
ee
ov
ttim
mo
ch
ac
E
itc
e o
bj
s’mri
he f
tf
oght
ilp
mo
cand
ten
manage
mong
mp a
hi
son
iat
el
he
rt
on
iat
spen
mo
cs’
mrifhe
ttti
mm
oC
on
iat
spen
om
C
.es
ses
oc
pr
of
ope
cs
on
ita
eput
rs
ee
.es
vini
on
iat
pens
ksir
,k
sirand
se
citc
apr
ns
ew
iev
ree
t
ha
Lesiranqila
mes
rr
TOfh
Tbyo
c
egal
lorr
fght
is
er
ov
as
ec
an
ipl
mo
and
Cegal
.k
shange
cex
gn
ei
or
nd
fet
art
es
er
nt
i,
ytdi
qui
s’mri
he f
tng
anagi
or
ef
bl
ipons
se
ar
yur
eas
re
at
por
or
Ce a
nd
ciffent
mtes
nv
Ief
hi
Che
.O
R C
s’mri
he f
ty
headed
sand i
sol
rroont
tt
htp
ex
ksir
he
th
bot
ss
es
as
eiev
ro
on t
itis
po
the b
es
tng
dependi
ees
ttim
mo
cd
oboar
otytil
bi
ipons
es
rtti
mm
oc
he
tee,
ttim
om
Ch
Ati
ws
ksir
ye
ks
wei
ver
merr
tfA
h.
oac
appr
MR
Eh
ng t
izili
ut
by
es
ses
oc
prro
nes
idel
gui
ten
manage
msm
se
ss
askk
is r
es
su
csi
dew
iev
ree
ttim
mo
Ct
udi
A.
No
td
tl
ew
iev
ro
sd
al
oar
B
yuppl
os
ted
at
el
rreud
lnc
i,
sam
ogr
pr
edu
oc
pr
,s
eici
pol
ofs
ew
iev
dr
oar
B
or pt
en
manage
mand
ent
ms
se
sas
he
ov
ng t
eei
ser
ov
bl
ipons
es
rd
oar
B
tk
th
dan
es
ur
posand
ew
nis
hi
chi
won her
to
orr
es
ta
oc
lee a
lt
tudi
At
en
manage
ms’
pany
mo
che
nd
as
eici
pol
,s
ksi
rd
na
tn
em
and
sw
tk
sirs’
yn
ap
mo
che
tand
ts
under
and
eabout
ciadv
vei
ec
rees
ttim
mo
can
ev
el
d a
nd r
boar
he
tur
so
en
tt
n p
ar
ih
de
oac
appr
MR
E
ee
ttim
mo
Ct
udi
A–
mom
co
ed
tegat
del
sk
siR“
ee
S.s
eY
itites
egi
tart
ss
w
n.
hai
ce
sho
tng
iand
es
ry
et
fa
sod
s.
es
se
co
ksir
lal
er
vor
e f
an he
tev
rsireg
lnifnc
ide
in
Aed.
ifipec
one s
N
ethe
thatgned
is”
e.
es
ettim
.k
si r
yar
iduc
ind f
egal
ght
ettim
om
Cs
pen
om
Ce
cour
es
Ran
um
Hee
ttim
mo
ced
egat
del
ee
S.s
eY
ee.
ttim
mo
Ct
udi
eA
htiw
sk
sire
hes
ts
wei
vent
manage
M.
sk
sy
or
at
egul
and
rgal
,onal
iat
oper
,al
inanc
,c
egi
tart
ng s
udi
lc
sk
sirey
ks
eifient
ent
manage
m,
ylnnual
”e.on
iat a
nd
s
–eso
dt
sk
siR“
mm
oc
hange,
cgn e
xei
or
f,
es
itivit
ac
nt
eem
ga
na
md o
n
boar
he
tot
stepor
rev
ree
ttim
mo
eC
nanc
iF
sho
tol
ront
c a
nd
orr
toni
mt
en
manage
meps
the
st
oc
err
mot
us
and
c p
rm
orfng
udi
lnc
ipe
mo
oc
ted
at
el
rre
,es
itodi
mas
huc
sk
siral
inanc
ifand
sew
i
.es
ur
pos
e e
xs
oten
ak
ts
ha
oa
appr
he
tough
hr
ther
gat
on
iat
mor
nf
ihe
and
ts
es
oc
prro
nis
pant
icit
par
he
tc
opr
ten
manage
m
.on
iat
rent
cn
abel
le
at
vion,
itit
.h
aced
r
he
t,
ses
App
endi
x 1
cont
inue
d
director notes the role of the board in risk oversight www.conferenceboard.org 23
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
inte
rest ra
te e
xposure
, in
sura
nce
pro
gra
ms a
nd term
s o
f custo
mer
financin
g.
Hum
an R
esourc
es a
nd
Com
pensation C
om
mitte
e r
evie
ws
com
pensation p
olic
ies a
nd p
ractices
for
em
plo
yees,
inclu
din
g n
on-
executive a
nd e
xecutive o
ffic
ers
, as
they r
ela
te to r
isk m
anagem
ent
pra
ctices a
nd r
isk-t
akin
g incentives.
No.
Audit C
om
mitte
e c
onsid
ers
audit,
accounting a
nd c
om
plia
nce r
isk a
nd
receiv
es r
eport
s fro
m the h
ead o
f in
tern
al audit, th
e h
ead o
f corp
ora
te
tax,
the G
enera
l C
ounsel, the C
hie
f C
om
plia
nce O
ffic
er
and t
he C
hie
f In
form
ation O
ffic
er.
Responsib
le for
revie
w o
f th
e c
om
pany’s
majo
r risk
exp
osure
s (
wheth
er
financia
l,
opera
tional or
oth
erw
ise)
and t
he
ste
ps m
anagem
ent
has taken t
o
monitor
and c
ontr
ol such e
xposure
s,
and f
or
evalu
ating m
anagem
ent’s
pro
cess to a
ssess a
nd m
anage t
he
com
pany’s
ente
rprise r
isk issues.
Com
pensation C
om
mitte
e c
onsid
ers
le
vel of
risk im
plie
d b
y c
om
pensation
pro
gra
ms, in
clu
din
g incentive
com
pensation p
rogra
ms in w
hic
h
CE
O a
nd o
ther
em
plo
yees
part
icip
ate
.
Govern
ance C
om
mitte
e m
onitors
pote
ntial risks t
o t
he e
ffectiveness o
f th
e b
oard
, nota
bly
directo
r successio
n a
nd b
oard
com
positio
n
and t
he p
rincip
al polic
ies that
guid
e
the c
om
pany’s
govern
ance.
C
orp
ora
te R
esponsib
ility
Com
mitte
e
revie
ws r
isks t
o t
he b
usin
ess t
hat
may b
e e
nta
iled b
y t
rends in
corp
ora
te s
ocia
l re
sponsib
ility
.
Fin
ance C
om
mitte
e r
evie
ws v
arious
Board
as a
whole
has
responsib
ility
for
risk
overs
ight,
but com
mitte
es
als
o o
vers
ee the c
om
pany’s
risk p
rofile
and e
xposure
s
rela
ting t
o m
att
ers
within
their
scope o
f auth
ority
and r
eport
to
the b
oard
about th
eir
delib
era
tions.
Board
actively
engaged in
overs
eein
g t
he c
om
pany’s
str
ate
gic
direction a
nd
obje
ctives, ta
kin
g into
account
the c
om
pany’s
ris
k
pro
file
and e
xposure
s.
Board
conducts
an a
nnual in
-depth
revie
w o
f th
e b
usin
ess,
whic
h inclu
des c
onsid
era
tion
of str
ate
gic
, opera
tional,
com
petitive, financia
l,
com
plia
nce a
nd o
ther
risk
exp
osure
s.
Board
als
o r
egula
rly r
evie
ws
leaders
hip
develo
pm
ent
initia
tives a
nd s
hort
- and
long-t
erm
successio
n p
lans
for
the C
EO
and o
ther
senio
r m
anagem
ent
positio
ns,
inclu
din
g in t
he e
vent
of
unanticip
ate
d v
acancie
s in
those o
ffic
es.
Yes. S
ee “
Ris
ks
dele
gate
d t
o c
om
mitte
es
– A
udit C
om
mitte
e.”
None s
pecifie
d.
Not
specifie
d.
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es
Com
mitte
e.”
App
endi
x 1
cont
inue
d
24 director notes the role of the board in risk oversight www.conferenceboard.org
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
financia
l polic
ies im
ple
mente
d t
o
manage f
inancia
l risk e
xposure
s,
such a
s t
hose p
ert
ain
ing t
o t
he
com
pany’s
use o
f derivative
instr
um
ents
.
No.
Each c
om
mitte
e o
f th
e b
oard
overs
ees s
pecific
are
as o
f risk
rele
vant
to the c
om
mitte
e t
hro
ugh
direct in
tera
ctions w
ith t
he C
EO
, m
em
bers
of th
e E
xecutive C
om
mitte
e
and t
he h
eads o
f busin
ess u
nits a
nd
corp
ora
te f
unctions.
Audit C
om
mitte
e o
vers
ees r
isk
rela
ting t
o F
inance, IT
, B
usin
ess
Inte
grity
and S
arb
anes-O
xle
y
report
ing t
hro
ugh its
inte
ractions w
ith
the C
FO
, C
ontr
olle
r, a
nd H
ead o
f In
tern
al A
udit. A
udit C
om
mitte
e a
lso
overs
ees a
nd r
evie
ws t
he E
RM
pro
cess to e
nsure
it is
robust
and
functionin
g e
ffectively
.
Thro
ugh t
he E
RM
pro
cess,
the f
ull
board
has o
vers
ight
of
the m
ost sig
nific
ant risks
facin
g t
he c
om
pany.
Board
com
mitte
es m
ay
ele
vate
cert
ain
ris
ks to the
board
for
consid
era
tion.
Mate
rial risks m
ay a
lso b
e
ele
vate
d t
hro
ugh t
he C
EO
, E
xecutive C
om
mitte
e a
nd
Chie
f S
trate
gy O
ffic
er
to the
full
board
.
Yes.
The E
RM
pro
cess
was e
sta
blis
hed t
o
ensure
a c
om
ple
te
com
pany-w
ide a
ppro
ach
to r
isk o
ver
five d
istinct
but
overlappin
g c
ore
are
as:
(1)
str
ate
gy
(macro
ris
ks w
hic
h m
ay
impact th
e c
om
pany’s
abili
ty t
o a
chie
ve long-
term
busin
ess
obje
ctives);
(2)
opera
tions (
risks in
opera
tions w
hic
h m
ay
impact th
e c
om
pany’s
abili
ty t
o a
chie
ve
busin
ess o
bje
ctives);
(3)
com
plia
nce (
risks r
ela
ted
to c
om
plia
nce w
ith law
s,
regula
tions a
nd c
om
pany
polic
ies);
(4)
report
ing
(ris
ks to m
ain
tain
ing
accura
te f
inancia
l sta
tem
ents
and t
imely
, com
ple
te f
inancia
l dis
clo
sure
s)
and (
5)
reputa
tion a
nd
responsib
ility
(risks w
hic
h
may im
pact th
e
com
pany’s
reputa
tion o
r th
e w
ell-
bein
g o
f th
e
com
pany o
r its
em
plo
yees).
G
oal of
the E
RM
pro
cess
is to p
rovid
e a
n o
ngoin
g
pro
cess, eff
ecte
d a
t all
levels
of th
e c
om
pany
acro
ss e
ach b
usin
ess
unit a
nd c
orp
ora
te
None s
pecifie
d.
The C
EO
, m
em
bers
of
the E
xecutive
Com
mitte
e a
nd the
heads o
f busin
ess u
nits
and c
orp
ora
te functions
inte
ract w
ith t
he b
oard
com
mitte
es t
hat
overs
ee s
pecific
are
as
of
risk.
No.
App
endi
x 1
cont
inue
d
director notes the role of the board in risk oversight www.conferenceboard.org 25
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
function t
o identify
and
assess r
isk, m
onitor
risk,
and a
gre
e o
n m
itig
ating
action.
P
roxy
filin
g pr
eced
es e
ffect
ive
date
of n
ew S
EC
di
sclo
sure
rule
s.
No.
Audit C
om
mitte
e r
esponsib
le for
inquirin
g a
bout sig
nific
ant
risks,
revie
win
g o
ur
polic
ies for
risk
assessm
ent
and r
isk m
anagem
ent
and a
ssessin
g the s
teps
managem
ent
has taken t
o c
ontr
ol
these r
isks.
Fin
ance C
om
mitte
e r
esponsib
le f
or
polic
ies for
managin
g fin
ancia
l risk.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
No.
Yes.
Ris
k C
om
mitte
e (
com
prisin
g s
ole
ly
nonm
anagem
ent
directo
rs)
assis
ts
the b
oard
in o
vers
ight
of
(1)
the
com
pany’s
ris
k g
overn
ance s
tructu
re,
(2)
the c
om
pany’s
ris
k m
anagem
ent
and r
isk a
ssessm
ent
guid
elin
es a
nd
polic
ies r
egard
ing m
ark
et, c
redit a
nd
liquid
ity a
nd fundin
g r
isk,
(3)
the
com
pany’s
ris
k t
ole
rance,
inclu
din
g
risk t
ole
rance levels
and c
apital
targ
ets
and lim
its a
nd (
4)
the
perf
orm
ance o
f th
e C
RO
. A
udit C
om
mitte
e r
eta
ins r
esponsib
ility
fo
r overs
ight
of cert
ain
aspects
of
risk
managem
ent,
inclu
din
g r
evie
w o
f th
e
majo
r opera
tional, f
ranchis
e,
reputa
tional, legal and c
om
plia
nce
risk e
xposure
s o
f th
e c
om
pany a
nd
the s
teps m
anagem
ent
has taken t
o
monitor
and c
ontr
ol such e
xposure
, as w
ell
as g
uid
elin
es a
nd p
olic
ies that
govern
the p
rocess for
risk
assessm
ent
and r
isk m
anagem
ent.
C
om
pensation,
Managem
ent
Develo
pm
ent
and S
uccessio
n
Com
mitte
e (
“CM
DS
”) w
ork
s w
ith the
CR
O t
o e
valu
ate
wheth
er
Board
has o
vers
ight fo
r th
e
com
pany’s
ER
M fra
mew
ork
and is r
esponsib
le for
help
ing
to e
nsure
that th
e c
om
pany’s
risks a
re m
anaged in a
sound
manner.
The R
isk C
om
mitte
e, A
udit
Com
mitte
e a
nd the C
RO
re
port
to the b
oard
on a
re
gula
r basis
.
Not
dis
cussed.
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es –
Ris
k
Com
mitte
e.”
The f
irm
Ris
k
Com
mitte
e,
a
managem
ent
com
mitte
e a
ppoin
ted
and c
haired b
y the
CE
O t
hat consis
ts o
f th
e m
ost senio
r off
icers
of
the c
om
pany,
inclu
din
g the C
RO
, C
hie
f Legal O
ffic
er
and
CF
O,o
vers
ee the
com
pany’s
glo
bal risk
managem
ent str
uctu
re.
Responsib
ilities inclu
de
overs
ight
of
the
com
pany’s
ris
k
managem
ent
princip
les,
pro
cedure
s
and lim
its a
nd the
monitoring o
f capital
levels
and m
ate
rial
mark
et, c
redit,
liquid
ity
and f
undin
g, le
gal,
opera
tional, fra
nchis
e
and r
egula
tory
ris
k
matt
ers
and o
ther
risks,
as a
ppro
priate
, and t
he
ste
ps m
anagem
ent
has
taken to m
onitor
and
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es –
C
MD
S
Com
mitte
e.”
App
endi
x 1
cont
inue
d
26 director notes the role of the board in risk oversight www.conferenceboard.org
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
com
pensation a
rrangem
ents
encoura
ge u
nnecessary
or
excessiv
e
risk-t
akin
g a
nd w
heth
er
risks a
risin
g
from
the c
om
pany’s
com
pensation
arr
angem
ents
are
reasonably
lik
ely
to
have a
mate
rial advers
e e
ffect
on t
he
com
pany.
manage s
uch r
isks.
No.
Audit C
om
mitte
e p
rim
arily
re
sponsib
le for
overs
eein
g E
RM
pro
gra
m. M
eeting a
gendas inclu
de
dis
cussio
ns o
f in
div
idual risk a
reas
thro
ughout
year
plu
s E
RM
pro
cess
annually
. A
lso h
as p
rim
ary
re
sponsib
ility
for
com
plia
nce
pro
gra
m.
Com
pensation C
om
mitte
e c
onsid
ers
th
e r
isks a
ssocia
ted w
ith t
he
com
pany’s
com
pensation p
olic
ies
and p
ractices,
with r
espect to
both
executive c
om
pensation a
nd
com
pensation g
enera
lly.
Each o
f th
e C
orp
ora
te G
overn
ance
and S
cie
nce &
Technolo
gy
Com
mitte
es o
vers
ees r
isks
associa
ted w
ith its
respective a
rea o
f re
sponsib
ility
.
Board
execute
s r
isk o
vers
ight
responsib
ility
directly a
nd
thro
ugh its
com
mitte
es.
Board
consid
ers
specific
ris
k
topic
s,
inclu
din
g r
isks
associa
ted w
ith t
he
com
pany’s
str
ate
gic
pla
n,
capital str
uctu
re a
nd
develo
pm
ent
activitie
s.
Board
kept
abre
ast
of
com
mitte
es’ risk o
vers
ight
via
re
port
s o
f th
e c
om
mitte
e
chairm
an to the f
ull
board
. B
oard
receiv
es d
eta
iled
regula
r re
port
s in c
onnection
with e
very
regula
r board
m
eeting,
from
heads o
f princip
al busin
ess a
nd
corp
ora
te f
unctions that
inclu
de d
iscussio
ns o
f risks
and e
xposure
s in t
heir
respective a
reas o
f re
sponsib
ility
. R
eport
s
dis
cussed,
as n
ecessary
, at
board
meetings.
Board
routinely
info
rmed o
f develo
pm
ents
that
could
aff
ect
risk p
rofile
.
Yes. A
udit C
om
mitte
e
has r
esponsib
ility
for
overs
eein
g t
he
com
pany’s
ER
M
pro
gra
m. A
udit
Com
mitte
e d
iscusses t
he
ER
M p
rocess a
nnually
.
No.
The
com
pany’s
Chie
f In
tern
al A
uditor
facili
tate
s
com
pany’s
ER
M
pro
gra
m a
s p
art
of
str
ate
gic
pla
nnin
g
pro
cess u
nder
executive
sponsors
hip
of
SV
P a
nd C
FO
and
SV
P a
nd G
C.
Report
s
independently t
o
Audit C
om
mitte
e.
Not
specifie
d.
Yes. S
ee “
Ris
ks
dele
gate
d t
o
com
mitte
es –
C
om
pensation
Com
mitte
e.”
App
endi
x 1
cont
inue
d
director notes the role of the board in risk oversight www.conferenceboard.org 27
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
P
roxy
filin
g pr
eced
es e
ffect
ive
date
of n
ew S
EC
di
sclo
sure
rule
s.
No.
Audit C
om
mitte
e r
esponsib
le for
the
com
pany’s
overa
ll risk m
anagem
ent
pro
cess.
Audit C
om
mitte
e c
hart
er
sta
tes that
the A
udit C
om
mitte
e’s
revie
w o
f risk
managem
ent in
clu
des d
iscussio
n o
f th
e f
ollo
win
g:
guid
elin
es a
nd p
olic
ies
to g
overn
ris
k a
ssessm
ent
and r
isk
managem
ent;
the c
om
pany’s
majo
r risk e
xposure
s a
nd t
he s
teps
com
pany m
anagem
ent
has taken to
monitor
and c
ontr
ol such e
xposure
s;
the s
tatu
s o
f th
e s
ecurity
for
the
com
pany’s
ele
ctr
onic
data
-pro
cessin
g
info
rmation s
yste
ms,
and the g
enera
l security
of th
e c
om
pany’s
people
, assets
and info
rmation s
yste
ms; th
e
sta
tus o
f th
e c
om
pany’s
fin
ancia
l in
str
um
ents
and the c
om
pany’s
pensio
n a
nd insura
nce p
rogra
ms.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
Yes.
Ris
k C
om
mitte
e o
vers
ees t
he
com
pany’s
ER
M a
ctivitie
s g
enera
lly.
Receiv
es r
eport
s fro
m the c
om
pany’s
m
anagem
ent
risk c
om
mitte
e a
nd the
CR
O r
egard
ing t
he inte
rrela
tionship
s
of
risks, w
hic
h e
nable
s a
hig
h d
egre
e
of coord
ination b
etw
een m
anagem
ent
and t
he b
oard
. R
esponsib
le f
or
overs
ight
of
risks r
ela
ted t
o b
usin
ess
opera
tions inclu
din
g insura
nce
underw
riting a
nd c
laim
s,
rein
sura
nce,
cata
str
ophe r
isk, cre
dit r
isk in
insura
nce o
pera
tions,
info
rmation
technolo
gy a
nd b
usin
ess c
ontinuity
pla
ns.
Audit C
om
mitte
e o
vers
ees r
isks
rela
ted t
o inte
grity
of financia
l sta
tem
ents
, in
clu
din
g p
repara
tion a
nd
pre
senta
tion a
nd o
vers
ight
of
the
pro
cess for
esta
blis
hin
g insura
nce
reserv
es.
In
vestm
ent
and C
apital M
ark
ets
C
om
mitte
e a
ssis
ts b
oard
in
Board
revie
ws a
t le
ast
annually
, sig
nific
ant
risks that
managem
ent,
thro
ugh E
RM
, has identified a
nd t
hen
evalu
ate
s the a
llocation
am
ong v
arious c
om
mitte
es
for
each identified r
isk.
Each c
om
mitte
e p
eriodic
ally
re
port
s t
o b
oard
on its
ris
k
overs
ight
activitie
s.
Yes.
The b
oard
’s R
isk
com
mitte
e is p
rim
arily
re
sponsib
le for
the
ente
rprise r
isk
managem
ent
pro
gra
m,
but
all
board
com
mitte
es
and a
separa
te r
isk
managem
ent com
mitte
e
are
all
involv
ed in E
RM
.
ER
M is a
com
pany-w
ide
initia
tive t
hat in
volv
es the
board
and m
anagem
ent
identify
ing, assessin
g
and m
anagin
g r
isk t
hat
could
aff
ect th
e
com
pany’s
abili
ty t
o f
ulfill
busin
ess o
bje
ctives o
r execute
corp
ora
te
str
ate
gy.
Yes.
The C
RO
re
port
s t
o R
isk
Com
mitte
e.
A s
epara
te
managem
ent
risk
com
mitte
e r
eport
s t
o
the b
oard
’s R
isk
Com
mitte
e.
See “
Is e
nte
rprise r
isk
managem
ent
dis
cussed?”
App
endi
x 1
cont
inue
d
28 director notes the role of the board in risk oversight www.conferenceboard.org
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
cont
inue
d
exe
rcis
ing o
vers
ight
of com
pany’s
m
anagem
ent
of
investm
ent
port
folio
(inclu
din
g c
redit r
isk m
onitoring)
capital str
uctu
re, financin
g
arr
angem
ents
and liq
uid
ity.
C
om
pensation C
om
mitte
e o
vers
ees
risks r
ela
ted to c
om
pensation
pro
gra
ms inclu
din
g form
ula
tion,
adm
inis
tration a
nd r
egula
tory
com
plia
nce.
Nom
inating &
Corp
ora
te G
overn
ance
Com
mitte
e o
vers
ees r
isks r
ela
ted to
corp
ora
te g
overn
ance m
att
ers
, successio
n p
lannin
g,
directo
r in
dependence a
nd r
ela
ted-p
ers
on
transactions.
Each c
om
mitte
e is r
esponsib
le for
monitoring r
eputa
tional risk t
o t
he
exte
nt
arisin
g o
ut
of
allo
cate
d s
ubje
ct
matt
er.
No.
Audit C
om
mitte
e a
ssis
ts b
oard
in
overs
ight
of
com
pany’s
polic
ies a
nd
pra
ctices t
o a
ssess a
nd m
anage
exp
osure
to r
isk. A
udit C
om
mitte
e
revie
ws c
om
pany’s
majo
r financia
l risk e
xposure
s a
nd a
num
ber
of
opera
tional, c
om
plia
nce,
reputa
tional
and s
trate
gic
ris
ks, in
clu
din
g s
teps t
o
monitor
and m
anage t
hose r
isks.
Als
o
dis
cusses c
om
pany’s
overa
ll risk
polic
ies a
nd p
ractices f
or
ER
M,
inclu
din
g the d
ele
gation o
f overs
ight
for
additio
nal are
as o
f risk to o
ther
board
com
mitte
es.
All
oth
er
com
mitte
es a
re r
esponsib
le
for
overs
ight
of
risk m
anagem
ent
pra
ctices f
or
cate
gories o
f risks
rele
vant
to their f
unctions.
Fin
ance c
om
mitte
e o
vers
ees
financia
l, c
apital and insura
nce r
isks.
Board
as a
gro
up r
evie
ws r
isk
managem
ent
pra
ctices a
nd a
num
ber
of sig
nific
ant
risks in
the c
ours
e o
f its r
evie
w o
f corp
ora
te s
trate
gy,
busin
ess
pla
ns, re
port
s o
f board
com
mitte
e m
eetings a
nd
oth
er
pre
senta
tions.
Yes.
The c
om
pany h
as
adopte
d e
nte
rprise r
isk
managem
ent
polic
ies
based o
n the I
nte
gra
ted
Fra
mew
ork
of
the
Com
mitte
e o
f S
ponsoring
Org
aniz
ations (
“CO
SO
”).
Under
the c
om
pany’s
polic
ies, th
e p
resid
ents
of
each m
ajo
r busin
ess u
nit
are
responsib
le f
or
identify
ing r
isks t
hat
could
aff
ect
achie
vem
ent
of
busin
ess g
oals
and
str
ate
gie
s, fo
r assessin
g
the lik
elih
ood a
nd
pote
ntial im
pact of
sig
nific
ant
risks, fo
r prioritizin
g r
isks a
nd
actions to b
e taken in
response a
nd for
No.
Per
the
com
pany’s
ER
M
polic
y, th
e
rele
vant
pre
sid
ents
of
majo
r busin
ess
units r
eport
to
rele
vant
com
mitte
es a
nd
board
. S
ee “
Is ‘ente
rprise
risk m
anagem
ent’
dis
cussed?”
See “
Is ‘ente
rprise r
isk
managem
ent’
dis
cussed?”
See “
Ris
ks
dele
gate
d t
o
com
mitte
es –
C
om
pensation
Com
mitte
e.”
App
endi
x 1
cont
inue
d
director notes the role of the board in risk oversight www.conferenceboard.org 29
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
Public
issues r
evie
w c
om
mitte
e
overs
ees r
isk m
anagem
ent
polic
ies
and p
ractices w
ith r
egard
to s
ocia
l re
sponsib
ility
, re
puta
tion, safe
ty a
nd
the e
nvironm
ent.
Com
pensation C
om
mitte
e o
vers
ees
com
pensation p
olic
ies a
nd p
ractices
as they r
ela
te to r
isk m
anagem
ent.
regula
rly r
eport
ing t
o t
he
CE
O o
n a
ctions t
o
monitor
and m
anage
sig
nific
ant
risks in o
rder
to r
em
ain
within
the
com
pany’s
range o
f risk
tole
rance.
T
he C
EO
, C
FO
and G
C
periodic
ally
report
on t
he
com
pany’s
ris
k
managem
ent
polic
ies
and p
ractices t
o r
ele
vant
board
com
mitte
es a
nd t
o
the f
ull
board
.
No.
Each c
om
mitte
e o
vers
ees
managem
ent
of
risks t
hat
fall
within
its a
rea o
f re
sponsib
ility
.
Audit C
om
mitte
e r
evie
ws r
isk
managem
ent
and c
ontr
ols
, in
clu
din
g
identify
ing a
nd m
onitoring h
igh-
priority
ris
ks a
nd d
evelo
pin
g e
ffective
mitig
ation s
trate
gie
s w
hic
h
managem
ent in
corp
ora
tes into
its
str
ate
gic
decis
ion m
akin
g. O
vers
ees
opera
tion o
f th
e c
om
pany’s
ER
M
pro
gra
m. M
eets
private
ly w
ith
repre
senta
tives f
rom
the c
om
pany’s
in
dependent
regis
tere
d p
ublic
accounting f
irm
, th
e S
VP
– Inte
rnal
Audit a
nd t
he G
C. P
rovid
es r
eport
s
to t
he b
oard
. H
um
an R
esourc
es C
om
mitte
e
consid
ers
the im
pact
of
the
com
pany’s
executive c
om
pensation
pro
gra
m a
nd the incentives c
reate
d
by t
he c
om
pensation a
ward
s t
hat
it
adm
inis
ters
, on the c
om
pany’s
ris
k
pro
file
.
Board
overs
ees m
anagem
ent
of
risks inhere
nt
in o
pera
tion
of com
pany’s
busin
ess a
nd
imple
menta
tion o
f its s
trate
gic
pla
n.
Board
perf
orm
s t
his
overs
ight
role
by u
sin
g
severa
l diffe
rent
levels
of
revie
w.
In c
onnection w
ith its
revie
ws
of
the o
pera
tions o
f th
e
com
pany’s
busin
ess u
nits
and c
orp
ora
te functions,
board
addre
sses t
he p
rim
ary
risks a
ssocia
ted w
ith those
units a
nd f
unctions.
Yes. V
erizon h
as a
ro
bust E
RM
pro
gra
m.
Audit C
om
mitte
e
overs
ees E
RM
pro
gra
m,
inclu
din
g the
identification o
f th
e
prim
ary
ris
ks t
o t
he
com
pany’s
busin
ess a
nd
inte
rim
update
s o
f th
ose
risks, and p
eriodic
ally
m
onitors
and e
valu
ate
s
the p
rim
ary
ris
ks
associa
ted w
ith p
art
icula
r busin
ess u
nits a
nd
functions.
No.
The S
VP
-In
tern
al A
uditin
g
assis
ts c
om
pany
in identify
ing,
evalu
ating a
nd
imple
menting r
isk
managem
ent
contr
ols
and
meth
odolo
gie
s t
o
addre
ss identified
risks.
Report
s d
irectly to
Audit C
om
mitte
e.
Not
specifie
d.
Yes.
The
com
pany r
evie
ws
its c
om
pensation
polic
ies a
nd
pro
cedure
s,
inclu
din
g the
incentives t
hat
they c
reate
and
facto
rs that m
ay
reduce t
he
likelih
ood o
f excessiv
e r
isk
takin
g, to
dete
rmin
e
wheth
er
they
pre
sent
a
sig
nific
ant
risk t
o
the c
om
pany.
Based o
n t
his
re
vie
w,
the
com
pany
conclu
ded t
hat
its
com
pensation
polic
ies a
nd
pro
cedure
s a
re
not
reasonably
lik
ely
to h
ave a
m
ate
rial advers
e
eff
ect
on t
he
com
pany.
App
endi
x 1
cont
inue
d
30 director notes the role of the board in risk oversight www.conferenceboard.org
Co
mp
an
y
(no
n-f
ina
ncia
l in
sti
tuti
on
)
Fo
rmal
Ris
k
Co
mm
itte
e/
Ch
art
er?
(Y
/ N
)
Ris
ks d
ele
gate
d t
o c
om
mit
tees
(in
clu
de n
am
e o
f co
mm
itte
e a
nd
d
es
cri
pti
on
of
risks)
Ris
ks r
evie
wed
at
the b
oard
le
vel
wit
ho
ut
co
mm
itte
e
Is “
en
terp
rise r
isk
man
ag
em
en
t”
dis
cu
ssed
?
If y
es,
ho
w?
Is t
here
a C
hie
f R
isk O
ffic
er?
If
yes, to
wh
om
d
oes h
e o
r sh
e
rep
ort
?
Ap
pro
ach
to
all
ocati
on
o
f ri
sk t
o m
an
ag
em
en
t
Co
mp
en
sati
on
ri
sk i
nclu
ded
in
g
en
era
l ri
sk
dis
cu
ssio
n?
If
yes,
ho
w?
co
ntin
ued
See “
Ris
ks
dele
gate
d t
o
com
mitte
es –
H
um
an
Resourc
es
Com
mitte
e.”
No.
Audit C
om
mitte
e r
evie
ws a
nd
dis
cusses w
ith m
anagem
ent
the
com
pany’s
pro
cesses a
nd p
olic
ies
with r
espect
to r
isk a
ssessm
ent
and
risk m
anagem
ent,
inclu
din
g
com
pany’s
ER
M p
rogra
m.
Oth
er
board
com
mitte
es r
eceiv
e r
isk
managem
ent
update
s o
n m
att
ers
in
whic
h t
hey a
re r
esponsib
le for
overs
ight.
Board
receiv
es info
rmation
from
managem
ent
on a
variety
of m
att
ers
, in
clu
din
g
opera
tions,
legal, r
egula
tory
, finance,
reputa
tion a
nd
str
ate
gy a
nd a
ny m
ate
rial
risks involv
ed in e
ach m
att
er.
If
a b
oard
com
mitte
e (
rath
er
than t
he f
ull
board
) re
ceiv
es
an u
pdate
fro
m m
anagem
ent
on a
part
icula
r m
att
er,
the
chairpers
on o
f th
e r
ele
vant
com
mitte
e r
eport
s o
n the
dis
cussio
n to the f
ull
board
during t
he b
oard
com
mitte
e
report
s p
ort
ion o
f th
e n
ext
board
meeting.
This
enable
s
the b
oard
and b
oard
com
mitte
es t
o c
oord
inate
the
risk o
vers
ight ro
le.
Yes. S
ee “
Ris
ks
dele
gate
d t
o c
om
mitte
es
– A
udit C
om
mitte
e.”
None s
pecifie
d.
Mem
bers
of
managem
ent
revie
w
and d
iscuss r
isk
managem
ent
with
board
and p
rovid
e
board
(or
rele
vant
board
com
mitte
e)
with
update
s o
n c
om
pany’s
risk m
anagem
ent
pra
ctices.
No.
P
roxy
filin
g pr
eced
es e
ffect
ive
date
of n
ew S
EC
di
sclo
sure
rule
s.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
Not
dis
cussed.
App
endi
x 1
cont
inue
d
director notes the role of the board in risk oversight www.conferenceboard.org 31
Copyright © 2010 by The Conference Board, Inc. All rights reserved. The Conference Board®, and the torch logo are registered trademarks of The Conference Board, Inc.
The Conference Board www.conferenceboard.orgThe Americas 845 Third Avenue, New York, NY 10022-6600, United States / Tel + 1 212 759 0900 / Fax + 1 212 980 7014Asia-Pacific SINGAPORE 8 Eu Tong Sen Street #22-81, The Central, Singapore 059818
HONG KONG Suite No. 2-3, 18/F, Queen's Place, 74 Queen's Road Central, Hong Kong SAR / Tel + 852 2804 1000 / Fax + 852 2869 1403China Beijing Representative Office, 7-2-72 Qijiayuan, 9 Jianwai Street, Beijing 100600 P.R. China / Tel + 86 10 8532 4688 / Fax + 86 10 8532 5332 / www.conferenceboard.cnEurope Chaussée de La Hulpe 130, box 11, B-1000 Brussels, Belgium / Tel + 32 2 675 54 05 / Fax + 32 2 675 03 95South Asia A-701 Mahalaxmi Heights, Keshavrao Khadye Marg, Mahalaxmi (East), Mumbai 400 011 INDIA / Tel + 91 99 87548045
About the AuthorsLouis L. Goldberg is a member of Davis Polk’s corporatedepartment, practicing in the mergers and acquisitionsgroup. His practice focuses on public and private mergersand acquisitions, private equity transactions, board andcorporate governance advice, joint ventures, spinoffs anddefensive assignments. Mr. Goldberg is recognized as aleading lawyer in several legal industry publications,including Chambers Global: The World’s Leading Lawyersfor Business. He is a magna cum laude graduate of theUniversity of Cape Town Faculty of Law and earned aLL.M. degree from the University of Cambridge.
Mutya Fonte Harsch is an associate in Davis Polk’s merg-ers and acquisitions group and a practice resources editorfor the firm. She has published a number of articles onmergers and acquisitions matters and corporate gover-nance issues. Before rejoining the firm, she was AssistantGeneral Counsel to Warner Chilcott. Ms. Harsch is admit-ted to the bars of California and New York. She earned aB.A., with honors, from the University of California atBerkeley and a J.D. from the University of California atBerkeley (Boalt Hall) Law School.
About the Series DirectorMatteo Tonello is director, corporate governance research,at The Conference Board in New York. For The ConferenceBoard, Tonello has conducted governance and risk man-agement analyses and research in collaboration with leading corporations, institutional investors, and profes-sional firms. Also, he has participated as a speaker andmoderator in educational programs on governance bestpractices. Recently, Tonello served as the co-chair of The Conference Board’s Expert Committee on ShareholderActivism and as a member of the Technical Advisory Group to The Conference Board Task Force on ExecutiveCompensation. Before joining The Conference Board, he practiced corporate law at Davis Polk. Tonello is a grad-uate of Harvard Law School and the University of Bologna.
About Director NotesDirector Notes is a series of online publications in whichThe Conference Board engages experts from several disciplines of business leadership, including corporategovernance, risk oversight, and sustainability, in an opendialogue about topical issues of concern to member com-panies. The opinions expressed in this report are those ofthe author(s) only and do not necessarily reflect the viewsof The Conference Board. The Conference Board makes norepresentation as to the accuracy and completeness ofthe content. This report is not intended to provide legaladvice with respect to any particular situation, and nolegal or business decision should be based solely on its content.
About The Conference BoardThe Conference Board is the world’s preeminent businessmembership and research organization. Best known forthe Consumer Confidence Index and the LeadingEconomic Indicators, The Conference Board has, for over90 years, equipped the world’s leading corporations withpractical knowledge through issues-oriented research andsenior executive peer-to-peer meetings.