EMC’s Board of Directors is ultimately responsible for overseeing risk management. The Board regularly considers our risk profile when reviewing our overall business plan and strategy and when making decisions impacting the Company. The Corporate Governance and Nominating Committee (the “Governance Committee”) is responsible for overseeing the Board’s execution of its risk management oversight responsibility. The management risk committee, comprised of the Chief Financial Officer, the General Counsel and the Chief Risk Officer, monitors and manages EMC’s risk management processes and reports directly to the Governance Committee and the Board of Directors.
In addition, each of the other standing committees of the Board regularly assesses risk as part of its core responsibilities. The Leadership and Compensation Committee oversees the design and implementation of and the incentives and risks associated with our compensation policies and practices. The Audit Committee discusses with management the major financial risks facing EMC as well as the steps management has taken to monitor and control such risks. The Mergers and Acquisitions Committee considers risks in connection with acquisitions, divestitures and investments. The Finance Committee considers risks in connection with matters related to the Company’s capital structure, stock repurchase program, investment management policy and swap transactions. All of the committees report regularly to the Board of Directors on their activities.
EMC's Chief Risk Officer is responsible for developing and managing processes to identify, assess, monitor and reduce risks that could interfere with the achievement of the Company's goals and objectives.
Many sustainability factors serve as drivers or multipliers of enterprise risk. EMC’s Chief Sustainability Officer collaborates with the Chief Risk Officer to ensure sustainability-related risks are incorporated into the risk assessment and monitoring framework.
We have taken a cross-functional and collaborative approach to risk management. We have established Governance, Risk and Compliance (GRC) committees within various levels of the business to assist with risk communication, strategy alignment and reporting. Committee members include representatives from functional, business and/or geographic areas depending on the reporting level. This structure enables consistent risk reporting from business units up to the EMC Board of Directors. Our Sustainability organization participates as a core member of the Enterprise GRC Council.
To ensure risk management consistency, EMC created a common risk taxonomy and risk analysis tools to assist the business with risk prioritization. This standardized toolset allows the business to define, analyze, organize and prioritize risks according to both enterprise and individual business risk tolerances. Risks are linked in a hierarchy that represents the relationships between the largest risk categories (Enterprise Risks) and the more granular risks. This hierarchy is used to normalize risks across the enterprise, and obtain a consolidated view of the most critical risks in the company.
By engaging our risk practitioners on a common risk framework, we are able to leverage resources more efficiently, avoid duplicating processes and tools, encourage more open discussion, highlight interdependencies, prioritize mitigation investment, balance mitigation against crisis management, and provide increased visibility into risk mitigation. Currently, the EMC enterprise risk framework includes more than 20 Risk Registers, representing a majority of EMC business units, geographies and functional areas.
In 2015, we reported on our enterprise risk framework to the EMC Audit Committee and the Board of Directors. The enterprise risk framework is fully integrated into EMC’s central GRC platform that directly supports 20 internal risk programs across six different EMC functional organizations including Global Security, Product Security, Global Production Operations, Legal and Internal Audit. The platform integration facilitated the expansion of a cohesive ecosystem of EMC Risk Managers. Overall, 37 separate business use cases are managed within a single GRC platform, resulting in comprehensive risk visibility and alignment across the EMC business. By automating what were previously manual workflows, risk reporting up to the enterprise level has become easier and more consistent.
To learn more about risk factors related to EMC’s business, see 2015 Annual Report on Form 10-K.