Risk Management

To strengthen our risk-management capability and assess all categories of business risk – strategic, operational, compliance and financial reporting – Xerox has implemented an Enterprise Risk Management (ERM) process aligned with the framework of the COSO II (Committee of Sponsoring Organizations of the Treadway Commission). Enabling elements include:

  • Consistent senior management “Tone at the Top,” which emphasizes integrity and ethical values, open and honest communication and the development and competency of our people.
  • A clearly defined business strategy, aligned with annual direction and organizational goals, that is communicated to all our people.

To ensure that ERM is integrated with our business management, the Management and Strategy Committees, Business Ethics and Compliance Board and Internal Control Committees monitor risk exposure and the effectiveness of how we manage significant risks. Our major operating units are responsible for monitoring and managing the risks within their business. The units report on the risk mitigation plans and changing risk profiles through normal management processes.

The Board of Directors regularly monitors the effectiveness of management policies and decisions, including risk management activities. The Audit Committee of the Board of Directors has active oversight of risk management and is responsible for discussion with management:

  • Major financial risk exposures and steps taken to monitor and control these exposures.
  • Policies with respect to risk management, risk assessment and affiliate transactions.

Business Continuity

In the event of natural disasters or any major event that could disrupt customers, employees, suppliers or shareholders, Xerox responds with comprehensive business-continuity action plans designed to minimize adverse impact to our people, customer relationships, assets, cash flow and reputation. The plans are well documented, communicated across all business units and tested annually to ensure rapid and effective response.

The Xerox Business Continuity Program Office has responsibility for governance of the Business Continuity Assurance Process, which requires all Xerox organizations to assess their continuity plans against a standard set of criteria and to report the status of plans during operational reviews.