To strengthen our risk-management capability and assess all categories of business risk – strategic, operational, compliance and financial reporting – Xerox has implemented an Enterprise Risk Management (ERM) process aligned with the framework of the COSO II (Committee of Sponsoring Organizations of the Treadway Commission). Enabling elements include:

• Consistent senior management “Tone at the Top,” which emphasizes integrity and ethical values, open and honest communication and the development and competency of our people.
• A clearly defined business strategy, aligned with annual direction and organizational goals, that is communicated to all our people.

To ensure that ERM is integrated with our business management, the Management Committee, Business Ethics and Compliance Board and Internal Control Committees monitor risk exposure and the effectiveness of how we manage significant risks. Our major operating units are responsible for monitoring and managing the risks within their business. The units report on the risk mitigation plans and changing risk profiles through normal management processes.

In addition, the Board of Directors regularly monitors the effectiveness of management policies and decisions, including risk management activities.