Transcription
Enterprise RiskCommittee Charter
PurposeThe purpose of the Enterprise Risk Committee (ERC) is toassist the CEO and CFO in fulfilling their responsibilities tooversee the Company’s enterprise-wide risk management.The Enterprise Risk Committee (the “committee”) isestablished by RigNet to oversee management activitiesrelated to risk oversight and risk management.AuthorityThe Enterprise Risk Committee will report to CEO andCFO. In carrying out its duties and responsibilities, thecommittee shall have the authority to meet with andseek any information it requires from employees, officers,directors, or external parties.The committee may request any advice/assistance fromother departments for any matters and projects within itsscope of responsibility and obtain advice and assistancefrom outside legal, accounting, or other advisors, asnecessary, to perform its duties and responsibilities.The committee will have the following authority;- Review and approve the Enterprise Risk CommitteeCharter.- Overseeing that the executive team has identified andassessed the major risks that the organization facesand has established a risk management infrastructurecapable of addressing those risks categorized in thefollowing six- Overseeing the division of risk-related responsibilitiesto applicable committee members, or other designees,as clearly as possible and performing a gap analysis todetermine that the oversight of any significant risks doesnot occur.Composition and MeetingsThe committee will be comprised of six or more membersof the management team as determined by, and reportingto,the CEO and CFO. The membership will includea combination of management team members fromvarious business functions to ensure good knowledgeof risks across the business. Each member will havean understanding of risk management expertisecommensurate with the company’s size, complexity, andcapital structure.The committee will provide its members with continuingeducation opportunities and customized training focusingon topics such as leading practices about risk governance,oversight, and risk management.The CEO and CFO will appoint the initial committeemembers. The members of the committee maydesignate a chairperson and a facilitator by majority vote.Additionally, the committee, in conjunction with CEOand CFO, may consider and plan for succession of riskcommittee members.3. Operational RiskThe committee will meet at least eight times per year, ormore frequently as circumstances dictate. The committeewill review the agenda for the committee’s meetings, andany member may suggest items for consideration. Briefingmaterials will be provided to the committee as far inadvance of meetings as practicable.4. Legal & Compliance RiskThe Enterprise Risk Committee has the responsibilities to:categories;1. Strategic Risk2. Financial Risk5. Corporate IT/Systems Risk6. Service Provider IT/Systems Risk- Review the company’s enterprise-wide risk managementframework.- Review Enterprise Risk Management Plan1. Review the risk management framework.2. Set the tone and develop a culture of the enterprisevis-à-vis risk, promote open discussion regarding risk,integrate risk management into the organization’s goals,policies, and procedures to create a corporate culturesuch that people at all levels manage risks rather than
reflexively avoid or heedlessly take them.3. Monitor the organization’s risk profile - its on-going andpotential exposure to risks of various types (operationala. risk, compliance, financial crimes, informationsecurity (including cyber), and technologyprograms (including the Company’s businesscontinuity program, compliance riskmanagement program, data managementstrategy andb. program, financial crimes program, and thirdparty risk management)4. Monitor various enterprise risks; in doing so, thecommittee recognizes the responsibilities delegated toother management team members and understandsthat the other committees or departments mayemphasize specific risk monitoring through theirrespective activities.5. Conduct an annual risk assessment survey with theexecutive management. Integrate survey findings intorisk assessment and the Risk Management Plan.6. Develop, review, maintain the Risk Management Planand provide an update to the CEO and CFO.7. The Risk Management Plan should consider thematurity of the risk management of the company andshould be tailored to the specific circumstances of thecompany. The risk management plan should include:i. Company’s definition of risk and riskmanagement. Refer to Appendix A: Definitions &B: Risk Ratingii. Company’s risk, risk appetite, risk tolerance, riskmitigation plan, and risk acceptance.iii. Indicate how risk management will supportthe company’s strategy and ownership for riskmanagement within the company.iv. Define the company’s risk managementstructure such as defining risk roles andresponsibilities across the Company’s threelines of defense for establishing protocols andprocesses for issue escalation and reporting.- 1st Line of Defense: Operations Managers andDepartment Heads, Executive Leadership Team,Policy Committee, Internal Controls Committee, GlobalExpansion Team, 401K & Compensation Committee.- 2nd Line of Defense: Enterprise Risk Committee,Disclosure Committee, Legal and ComplianceCommittee, ELT Meetings, RigNet Connect.- 3rd Line of Defense: Blackline SOX Controls Review andInternal Auditv. Define the standards and methodology adopted– this refers to the measurable milestones suchas tolerances, intervals, frequencies, frequencyrates, etc.;vi. Risk management guidelines; Continually,as well as at specific intervals, monitor risks,and risk management capabilities within theorganization, including communication aboutescalating risk and crisis preparedness andrecovery plansvii. Continually obtain reasonable assurance frommanagement that all known and emergingrisks have been identified and mitigated ormanaged. Update the risk management planaccordingly.viii. Provide training and awareness programs8. The committee should review the risk management planat least once a year.9. Review and approve minutes of the previous EnterpriseRisk Committee Meeting.10. Define the agenda for the next Enterprise RiskCommittee Meeting based on the current environmentwithin the company, risk assessment, risk mitigationplan and action item due dates.11. Understand how the company’s internal audit workplan is aligned with the risks that have been identifiedand with risk governance (and risk management)information needs12. The Committee shall review and assess the adequacyof this Charter annually. The Committee may
recommend amendments to this Charter at any timeand submit amendments for approval.13. T he Committee shall annually review its ownperformance.ReportingThe committee will be responsible for the followingreporting duties.- Communicate formally (on a quarterly basis) andinformally (as needed) provide an update to the executiveteam, CEO, CFO, and the Corporate GovernanceNomination Committee of the Company’s Board ofDirectors about company’s risk management planregarding risk governance and oversight.- Understand and review management’s definition of therisk-related reports that the committee could receiveregarding the full range of risks the organization faces, aswell as their form and frequency.- Respond to reports from management so thatmanagement understands the importance placed onsuch reports by the committee and how the committeeviews their content.- Discuss with the CEO and management the company’smajor risk exposures and review the steps managementhas taken to monitor and control such exposures,including the company’s risk assessment and riskmanagement plan.Finalized in the Enterprise Risk Committee Meeting on7/24/2018.APPENDIX A: Definitions- Risk: “A probability or threat of damage, injury, liability,loss, or any other negative occurrence that is causedby external or internal vulnerabilities, and that may beavoided through preemptive action.”- Risk appetite: “Risk appetite can be defined as ‘theamount and type of risk that an organization is willingto take in order to meet their strategic objectives.” Arange of appetites exist for different risks, and these maychange over time.- Risk tolerance: “A realistic understanding of thecompany’s ability and willingness to accept or avoid risk.”In any group of people, there are gamblers or risk takers,and there are nongamblers or risk avoiders.- Inherent Risk: “Inherent risk is the threat a certain riskposes to the organization before mitigation activities aretaken into account.”- Residual Risk: “Residual risk is the threat a certain riskposes to the organization after the appropriate mitigationactivities are taken into account.”
APPENDIX B: Risk Rating 2020 RigNet. RigNet is a registered trademark of RigNet, Inc.
Expansion Team, 401K & Compensation Committee. - 2nd Line of Defense: Enterprise Risk Committee, Disclosure Committee, Legal and Compliance Committee, ELT Meetings, RigNet Connect. - 3rd Line of Defense: Blackline SOX Controls Review and Internal Audit v. Define the standards and methodology adopted - this refers to the measurable milestones such
