Responsible Enterprise Risk Management Guided by Our Risk Policy
Enterprise Risk Management
CenterPoint Energy’s Corporate Governance Guidelines specify that the Board has ultimate oversight responsibility for the company’s Enterprise Risk Management, while management is responsible for developing and implementing the company’s Enterprise Risk Management program.
A Risk Oversight Committee, which is composed of senior executives from across the company, monitors and oversees key risks facing CenterPoint Energy. Our Senior Vice President and General Counsel facilitates Risk Oversight Committee meetings. The Risk Oversight Committee provides oversight of risk assessment and control for certain business activities. Members of executive management, in conjunction with the operational or functional management teams, also participate in ongoing risk assessments and risk-mitigation planning.
Quarterly or more often, if needed, the Board participates in reviews with management of the company’s risk management process, the major risks facing the company and steps taken to mitigate those risks.
Board risk reviews include the following areas, among others:
| Safety, including COVID-19 | 
| Human capital management and diversity and inclusion |
| Regulatory and legislative developments | 
| Operations and system integrity |
| Environmental, Social and Governance matters | 
| Annual budget, including capital investment plan |
| Cybersecurity and data privacy | 
| Litigation and other legal matters |
| Business strategy and policy, including industry and economic developments | 
| Integration |
Board Committees
The Board’s standing committees help the Board carry out its responsibility for risk oversight by focusing on the following specific key areas of risk:
| Board Committee | Risk Oversight Responsibilities |
|---|---|
| Audit | Accounting and financial matters, including compliance with legal and regulatory requirements, ethics and compliance and data privacy matters, financial reporting and internal controls systems |
| Compensation | Compensation policies and practices, and diversity and inclusion initiatives |
| Governance, Environmental and Sustainability | Corporate governance, including board structure, cybersecurity, environmental matters and sustainability |
Protecting the safety, security and privacy
of all employees and residential and commercial customers.
- CenterPoint Energy’s companywide cybersecurity program includes analysis of threat information from external sources, monitoring network activity and employee awareness activities.
- Our Data Privacy governance addresses the collection, storage, usage and destruction of data for a specific business purpose, combined with the public expectation and legal requirements that the data will remain private and protected against unauthorized access or modification.
- Our Physical Security Policy addresses several important topics to help maintain a safe and secure place to work and ensure safe and reliable service to our customers.
Major risks are disclosed in our annual Form 10-K (in particular, see Item 1A regarding Risk Factors) and additional information about Enterprise Risk Management oversight is available in our 2021 Proxy Statement.