Cisco’s leadership is responsible for day-to-day risk management activities. The Board of Directors, acting directly and through its committees, is responsible for the oversight of Cisco’s risk management. With the oversight of the Board of Directors, Cisco’s management has implemented practices, processes and programs designed to help manage the risks to which we are exposed in our business and to align risk-taking appropriately with our efforts to increase stockholder value.
Cisco’s management has implemented an enterprise risk management (ERM) program, managed by Cisco’s internal audit function, that is designed to work across the business to identify, assess, govern and manage risks and Cisco’s response to those risks. Cisco’s internal audit function performs an annual risk assessment which is utilized by the ERM program. The structure of the ERM program includes both an ERM operating committee that focuses on risk management-related topics, as well as, an ERM executive committee consisting of members of management. The ERM operating committee conducts global risk reviews and provides regular updates to the ERM executive committee.
The Audit Committee, which oversees our financial and risk management policies, including data protection (comprising both privacy and security), receives regular reports on ERM from the chair of the ERM operating committee, as well as regular reports on cybersecurity from Cisco’s Chief Security and Trust Officer multiple times a year. Other Board committees oversee certain categories of risk associated with their respective areas of responsibility.
The Nomination and Governance Committee of the Board oversees Cisco’s policies and programs concerning CSR, including ESG matters. The Compensation Committee of the Board oversees the development and implementation of the Cisco’s practices, strategies, and policies used for recruiting, managing, and developing employees (i.e., human capital management). These practices, strategies, and policies focus on diversity and inclusion, workplace environment and safety, and corporate culture. In addition, the full Board receives updates on Cisco’s overall CSR strategy, including ESG matters, from management.