Enterprise Risk Management
CenterPoint Energy’s Board of Directors has responsibility for and is actively involved in the oversight of risks that could impact the company.
Our Corporate Governance Guidelines specify that the Board has ultimate oversight responsibility for the company’s system of enterprise risk management.
Management is responsible for developing and implementing the company’s enterprise risk management program. A Risk Oversight Committee, which is composed of senior executives from across the company, monitors and oversees risks facing CenterPoint Energy. Our Executive Vice President and General Counsel facilitates Risk Oversight Committee meetings. The Risk Oversight Committee provides risk assessment and control for certain business activities.
The company’s enterprise risk management function further supports executive management’s, operational management’s and functional management’s execution of the company’s strategic business objectives by conducting ongoing risk assessments and assisting with risk mitigation planning.
Throughout the year, the Board participates in reviews with management of the company’s risk management process, the major risks facing the company and steps taken to mitigate those risks.
Responsible
Enterprise Risk Management
Guided by Our Risk Policy
Board risk reviews include the following areas, among others:
| Safety | 
| ESG Matters |
| Business strategy & policy, including industry and economic developments | 
| Operations and system integrity |
| Litigation and other legal matters | 
| Supply Chain |
| Regulatory and legislative developments | 
| Cybersecurity and Data Privacy |
| Human capital management and diversity, equity and inclusion | 
| Annual budget, including capital investment plan |
| Integration | 
| Net Zero and carbon reduction targets and generation transition |
Board Committees
The Board of Directors’ standing committees help the Board carry out its responsibility for risk oversight by focusing on the following specific key areas of risk:
| Board Committee | Risk Oversight Responsibilities |
|---|---|
| Audit | Accounting and financial matters, including compliance with legal and regulatory requirements, and financial reporting and internal controls systems, and review of company’s enterprise risk management process |
| Compensation | Compensation policies and practices; diversity, equity and inclusion initiatives; and succession planning |
| Governance, Environmental and Sustainability | Corporate governance, including Board structure, cybersecurity, environmental matters, along with those related to climate change and sustainability |
Protecting the safety, Security and Privacy
of All Employees and Residential and Commercial Customers
- CenterPoint Energy’s companywide cybersecurity program includes analysis of threat information from external sources, monitoring network activity and employee awareness activities.
- Our Data Privacy governance addresses the collection, storage, usage and destruction of data for a specific business purpose, combined with the public expectation and legal requirements that the data will remain private and protected against unauthorized access or modification.
- Our Physical Security Policy addresses several important topics to help maintain a safe and secure place to work and ensure safe and reliable service to our customers.
Major risks are disclosed in our annual report on Form 10-K (in particular, see Item 1A regarding Risk Factors), our quarterly report on Form 10-Q for the quarter ended March 31, 2022, and other reports CenterPoint Energy or its subsidiaries may file from time to time with the Securities and Exchange Commission. Additional information about Enterprise Risk Management oversight is available in our 2022 Proxy Statement.