with the Board, which includes the Company’s Risk Management Committee. Our Risk Management Committee, which consists of members of our senior management, is responsible for oversight of our risk management process. Senior management regularly provide reports on our risks and emerging risks to the Board, the Audit Committee and the other Board committees that oversee the applicable risks. Additionally, the Audit Committee discusses with management and the independent registered public accounting firm the effect of regulatory and accounting initiatives on our financial statements and is responsible for review and evaluation of our major risk exposures, including cybersecurity and supplier risks, and the steps management has taken to monitor and control such exposures.
The C&HC Committee, the Safety, Operations, Regulatory and Policy (“SORP”) Committee, the Finance Committee and the ESN&G Committee are each charged with overseeing the risks associated with their respective areas of responsibility. The C&HC Committee oversees risks related to executive compensation and human capital management matters, including incentive compensation, succession planning, diversity, employee engagement, culture and talent management. The SORP Committee oversees risks related to safety and operations. The Finance Committee oversees risks related to capital management and allocation and investor relations. The ESN&G Committee oversees risks related to environmental, social, sustainability and climate change matters, public company governance, CEO succession planning, political spending and stockholder engagement. For more information regarding the oversight responsibilities of the Board Committees, see the descriptions of the committees below.
Generally, at each Board meeting, the chairs of each committee provide a report to the Board on any key items and risks discussed at the respective committee meetings. In addition, the Board regularly discusses the Company’s short-, medium-, and long-term strategy and risks. Shorter term risks and related matters are generally discussed at meetings of the Board and applicable committee on a regular and recurring basis, whereas longer term risks are discussed at least annually and as appropriate throughout the course of the year. Our Board or applicable committee receives information from external advisors and others, including the Company’s independent auditors, legal counsel, compensation consultant, and financial advisors, to advise on key risks and other issues relevant to the Company.
Oversight of Cybersecurity
As noted above, the Board is responsible for overseeing our risks and this oversight is administered through the utilization of its committees. Specifically, the Audit Committee is primarily responsible for oversight of the cybersecurity program and risks from cybersecurity threats, with input from the Company’s Risk Management Committee through our cybersecurity program. The cybersecurity program includes a variety of security controls and measures designed to identify, assess, and manage material cybersecurity risks. The key components of the cybersecurity program are risk assessment, third-party risk management, security controls and incident response.
The Audit Committee meets quarterly, and as needed, reviews the Company’s cybersecurity posture and make recommendations for improvement. The Chief Information Security Officer (CISO) regularly briefs the Audit Committee on cybersecurity risks and the efforts to address them. In addition, the Board of Directors is briefed regularly, through written reports and updates by the Audit Committee, about key and emerging cybersecurity risks.
At the management level, the CISO leads the cybersecurity program and is responsible for assessing and managing cybersecurity risks. The CISO is supported by the NiSource Enterprise Security team which performs the cybersecurity function and engages directly on the prevention, detection, mitigation, and remediation of cybersecurity incidents.
NiSource monitors the increasing sophistication of cybersecurity threats and continues to contribute resources to improve its cybersecurity program to protect its information systems and assets. No cybersecurity program is effective to identify and mitigate all threats, and NiSource cannot guarantee that it will be able to prevent all cybersecurity incidents.
Our management team performs succession planning quarterly for officer-level and critical roles to ensure that we develop and sustain a strong bench of talent capable of performing at the highest levels. Not only is talent identified, but potential paths of development are discussed to ensure that employees have an opportunity to build their skills and are well prepared for future roles. We maintain formal succession plans for our CEO and key executive officers. The succession plan for our CEO is reviewed by the ESN&G Committee and the succession plans for executive officers (other than the CEO) are reviewed by the C&HC Committee annually or more frequently as needed.