Enterprise Risk Management

Our Board of Directors and its committees play an important role in overseeing the company's action-oriented enterprise risk management process, which includes risk oversight on ESG-related risks. The primary tool that facilitates the Board's oversight of risk and related mitigation actions is the Enterprise Risk Management (ERM) program led and sponsored by our Chief Operating Officer (COO) that enables the company to look holistically at risks which may cause a material impact to our value or reputation. As part of the ERM program, the COO directs the ERM Steering Committee to:

• Annually review and approve the ERM Risk Framework, which provides the criteria and structure for how top enterprise risks are tiered and categorized;
• Annually review and approve the ERM Risk Profile, which identifies the top enterprise risks and prioritizes them per the ERM Risk Framework;
• Discuss and evaluate the company's risk appetite with respect to different types of risk (including those related to strategy, reputation and brand, operational, financial, and compliance and legal); and
• Assign Risk Owners and Sponsors to top-tiered risks who work in partnership with the Enterprise Risk and Resilience (ER&R) team to develop action plans to enhance organizational preparedness and reduce risk exposure.

These efforts are supported by the ER&R team, and collectively, the ERM program works to ensure steps are taken to enhance Booz Allen's organizational preparedness and reduce the firm's risk exposure.