To help achieve our purpose, we act boldly and deliberately to help drive fairness, inclusion for our people, and equitable access to opportunity for our global communities. Inherent to an inclusive future is a sustainable and regenerative planet. At Cisco, we believe in setting bold goals with measurable interim goals to demonstrate our progress.
Cisco's People, Policy, and Purpose organization leads our social investment programs and champions our commitment to ESG performance and transparency.
Within this organization is a core reporting team, responsible for:
Business functions also own ESG priorities. Teams integrate priorities into their business strategy by setting goals, implementing plans, and measuring performance. Many priorities and commitments involve multiple functions. To ensure accountability and alignment, we create cross-functional teams to execute against these commitments.
1 ESG materiality, as referred to in this website and in our ESG reporting, and our ESG materiality assessment process are different from "materiality" in the context of Securities and Exchange Commission ("SEC") disclosure obligations. Issues deemed material for purposes of our ESG reporting and for purposes of determining our ESG strategy may not be considered material for SEC reporting purposes, nor does inclusion of information in our ESG reporting indicate that the topic or information is material to Cisco's business or operating results.
Cisco's leadership is responsible for day-to-day risk management activities. The Board of Directors, acting directly and through its committees, is responsible for the oversight of Cisco's risk management. With the oversight of the Board of Directors, Cisco's management has implemented practices, processes, and programs designed to help manage the risks to which we are exposed in our business and to align risk-taking appropriately with our efforts to increase stockholder value.
Cisco's management has implemented an enterprise risk management (ERM) program, managed by Cisco's internal audit function, that is designed to work across the business to identify, assess, govern, and manage risks and Cisco's response to those risks. Cisco's internal audit function performs an annual risk assessment, which is utilized by the ERM program. The structure of the ERM program includes both an ERM operating committee that focuses on risk management-related topics, as well as an ERM executive committee consisting of members of management. The ERM operating committee conducts global risk reviews and provides regular updates to the ERM executive committee.
The Audit Committee, which oversees our financial and risk management policies, including data protection (comprising both privacy and security), receives regular reports on ERM from the chair of the ERM operating committee, as well as regular reports on cybersecurity from Cisco's Chief Security and Trust Officer multiple times a year. Other Board committees oversee certain categories of risk associated with their respective areas of responsibility.
The Environmental, Social, and Public Policy Committee of the Board oversees Cisco's initiatives, policies, programs, and strategies concerning environmental sustainability and other key corporate social responsibility and public policy matters. The Compensation Committee of the Board oversees the development and implementation of Cisco's practices, strategies, and policies used for recruiting, managing, and developing employees (i.e., human capital management). These practices, strategies, and policies focus on diversity and inclusion, workplace environment and safety, and corporate culture. In addition, the full Board receives updates on Cisco's overall CSR strategy, including ESG matters, from management.
The Governance, Risk and Controls (GRC) organization manages the company’s internal audit function. GRC operates under the International Standards for the Professional Practice of Internal Auditing (the Standards) as published by the Institute of Internal Auditors (the IIA, www.theiia.org). The Standards require an external assessment to be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization. GRC’s last external assessment was completed in June 2022 and achieved the rating of ‘Generally Conforms with the International Standards for the Professional Practice of Internal Auditing and the IIA Code of Ethics’ which is the highest rating in evaluating compliance to the Core Principles for the Professional Practice of Internal Auditing and the Definition of Internal Auditing.
Oversees Cisco's initiatives, policies, programs, and strategies concerning environmental sustainability and other key corporate social responsibility and public policy matters
Champion Cisco's companywide commitment to ESG performance and transparency
Conduct due diligence and implement policies and programs for specific ESG focus
Champion ERM efforts across the business to identify, assess, and manage risks
Steward ESG strategy
Stakeholder engagement ESG materiality assessment and risk assessment
Stakeholder feedback to the business
Prioritization, goal setting, and initiatives
Implementation and performance management
Outcomes and impact measurement
