We diligently enhance our risk management strategies, adhering to stringent practices to prioritize the long-term interests of our stakeholders.
Moody’s Board of Directors oversees the implementation of risk management policies and processes. The Audit Committee supports this oversight by overseeing risk assessment and management processes. Our Enterprise Risk Management (ERM) function manages risk exposures and establishes a standard, organization-wide understanding of risk management based on the 2017 COSO framework.
ESG-related risks are overseen by area-specific risk committees, then reported to the Executive Leadership Team and Board by the MD of Risk Management, who leads an independent group that reports to the Chief Administrative Officer. Risk mitigation is tracked through a governance, risk, and compliance tool. For more information about our risk factors, see our 2023 Annual Report.
We continuously refine and evolve our processes to improve resilience against disruptive events. Our business impact analysis gives us insight into the criticality of our operations to drive resiliency prioritization, and our business continuity plans, subject to reviews by Internal Audit, support these efforts. These plans encompass local crisis management teams and risk assessments for each office location, and we regularly update them to consider external risks, internal business changes, and learnings from events like geopolitical threats. Additionally, we conduct annual third-party risk assessments of key vendors and run a risk-based testing program that includes tabletop scenario exercises related to cybersecurity.
We cultivate an environment where employees can freely ask questions, seek advice, and voice important issues. We offer a "Fundamentals of Risk" training, a company-wide course that enhances risk recognition and management capabilities. A more modular based risk program is under development for 2024.
For more information on compliance training and reporting mechanisms, see our Code of Business Conduct.
We incorporate climate risk into our company-wide risk management processes, providing a holistic view of relevant risks through the use of a multipronged approach. Managed by the MD of Risk Management, the ERM function continually monitors a risk register. Climate-related risks are aligned to the Moody’s risk taxonomy, assisting in identifying significant risks and opportunities.