Enterprise Risk Management
CenterPoint Energy’s Board of Directors has responsibility for and is actively involved in the oversight of risks that could impact the company.
CenterPoint Energy’s approach to enterprise risk management is guided by our risk policy. Our Corporate Governance Guidelines specify that the Board has ultimate oversight responsibility for the company’s system of enterprise risk management.
Management is responsible for developing and implementing the company’s enterprise risk management program. A Risk Oversight Committee, which is composed of senior executives from across the company, monitors and oversees risks facing CenterPoint Energy, as well as provides risk assessment and control oversight for certain business activities, among other things. Our Executive Vice President and General Counsel chairs Risk Oversight Committee meetings.
The company’s enterprise risk management function supports executive management’s, operational management’s and functional management’s execution of the company’s strategic business objectives by conducting periodic ongoing assessments and assisting with risk mitigation planning.
Throughout the year, the Board participates in reviews with management of the company’s risk management processes, the major risks facing the company and steps taken to mitigate those risks.
Board risk reviews include the following areas, among others:
 | Safety |  | Environmental, Social and Governance matters |
 | Business strategy & policy, including industry and economic developments |  | Litigation and other legal matters |
 | Operations and system integrity |  | Supply Chain |
 | Regulatory and legislative developments |  | Cybersecurity and Data Privacy |
 | Human capital management and Diversity, Equity and Inclusion |  | Annual budget, including capital investment plan |
 | Net Zero and carbon reduction targets and generation transition |
Board Committees
The Board of Directors’ standing committees help the Board carry out its responsibility for risk oversight by focusing on the following specific key areas of risk:
| Board Committee | Risk Oversight Responsibilities |
|---|---|
| Audit | Accounting and financial matters, including compliance with legal and regulatory requirements, and financial reporting and internal controls systems, and review of company’s enterprise risk management process |
| Compensation | Compensation policies and practices; diversity, equity and inclusion initiatives; and succession planning |
| Governance, Environmental and Sustainability | Corporate governance, including Board structure, cybersecurity, environmental matters, along with those related to climate change and sustainability, including our Net Zero and carbon emissions reduction goals |
Protecting the Safety, Security and Privacy
of All Employees and Residential and Commercial Customers
- CenterPoint Energy’s company-wide cybersecurity program includes analysis of threat information from external sources, monitoring network activity and employee awareness activities.
- Our Data Privacy governance addresses the collection, storage, usage and destruction of data for a specific business purpose, combined with the public expectation and legal requirements that the data will remain private and protected against unauthorized access or modification.
- Our Physical Security Policy addresses several important topics to help maintain a safe and secure place to work and ensure safe and reliable service to our customers.
Certain risks are disclosed in our annual report on 2022 Form 10-K (in particular, see Item 1A regarding Risk Factors), our quarter reports on Form 10-Q and other reports CenterPoint Energy or its subsidiaries may file from time to time with the Securities and Exchange Commission. Additional information about Enterprise Risk Management oversight is available in our 2023 Proxy Statement.