Risk Management

With global leadership comes global responsibility...not only to our people and shareholders, but also to the suppliers, distributors and citizens of the countries where we operate. That’s why we devote considerable resources toward Enterprise Risk Management (ERM), anticipating and mitigating risks to the financial and operational health of our business.

ERM follows a clearly defined business strategy that is shared across the company and aligned with our strategic and organizational goals. Our ERM process is based on the COSO II (Committee of Sponsoring Organizations of the Treadway Commission) framework. We assess business risk based on the risk of failing to attain our strategic objectives. Steering committee members meet monthly to assess emerging risks, risk appetite and occurrence probability. The committee also monitors action plans put in place to mitigate risk at the enterprise level. ERM assessments are coordinated with our Internal Audit Risk Assessment to ensure consistency between the ERM plans and upcoming internal audits.

Several executive committees integrate ERM with business management by monitoring both risk exposure and how effectively those risks are managed.

These committees include:

  • Management Committee
  • Enterprise Risk Management Steering Committee
  • Business Ethics and Compliance Governance Board
  • IT Risk Governance Board
  • Credit Committee
  • Currency Strategy Committee
  • Reputation Management Committee
  • Management Audit Committees

In addition, the Audit Committee of the Board of Directors plays a key role in ERM oversight, while the roles of other committees (including Compensation, Governance, and Finance) are restricted in scope. As needed, the Board will establish special committees to focus on specific business risks.

Institutional investors hold approximately 85 percent of Xerox’s common shares