President and CEO to focus on his management responsibilities in leading the business, setting our strategic direction and optimizing our performance and operations. At the same time, the Non-Executive Chairperson can focus on Board leadership, provide guidance to the CEO, and focus on corporate governance and our overall business strategy. The Board believes that the separation of functions between the CEO and the Non-Executive Chairperson of the Board provides independent leadership of the Board in the exercise of its oversight responsibilities, increases the accountability of the CEO and creates transparency into the relationship among executive management, the Board and our stockholders.
Role of the Board in Risk Oversight
The Board of Directors has extensive involvement in the oversight of risk management related to TransUnion and our business, which is implemented through regular reporting to the Board by the Audit Committee and Risk and Compliance Committee. The Risk and Compliance Committee was established in July 2022 and its responsibilities include providing oversight and advice to the Board regarding: (1) the identification, evaluation, oversight and mitigation of material risks to TransUnion; and (2) our risk assessment and enterprise risk management framework.
The Audit Committee reviews our accounting, reporting and financial practices, including the quality and integrity of our financial statements and our financial reporting and disclosure practices, the soundness of our internal controls for finance and accounting, and, together with the Risk and Compliance Committee, our compliance with applicable legal and regulatory requirements. The Audit Committee reviews and discusses with management, our independent auditor and the Risk and Compliance Committee, our guidelines and policies governing the process by which risk assessment and enterprise risk management is undertaken, including our major financial and other risk exposures, and the steps management has taken to monitor and mitigate the risk of such exposures. The Audit Committee also periodically reviews with management (including the Chief Legal Officer and Chief Risk and Compliance Officer) and our independent auditor, any correspondence with, or other action by, regulators or governmental agencies, and any employee complaints, submissions or published reports that raise concerns regarding our financial statements, accounting or auditing matters, or compliance with law or our Code of Business Conduct.
Responsibilities of the Risk and Compliance Committee include oversight of the Company’s management of risks, as outlined in the Risk Taxonomy approved by our Enterprise Risk Management Committee (“ERMC”), assessment of the quality and effectiveness of our capabilities, policies and controls (including the methods of identifying, assessing, monitoring and mitigating such risks), and review of our enterprise risk management framework, enterprise risk appetite, compliance infrastructure and material risk exposures. The ERMC is chaired by our Chief Risk and Compliance Officer and consists of our Chief Executive Officer and his direct reports. Upon the recommendation of the Risk and Compliance Committee, the Board approved our Global Risk Appetite Statement, which summarizes our approach to taking, managing and responding to risks, and provides parameters to guide management on risk decisions. The Risk and Compliance Committee also oversees the quality and effectiveness of our information security framework, including capabilities, policies and controls, and methods for identifying, assessing and mitigating information and cybersecurity risks, and assesses the effectiveness of our management of information security-related risks. The committee also meets periodically with our Chief Legal Officer, Chief Risk and Compliance Officer and other appropriate legal, risk or compliance staff to review any legal matters that may have a material impact on our business or operating strategy.
As described above, through regular meetings with management, including the finance, legal, risk and compliance and internal audit functions, the Audit Committee and Risk and Compliance Committee review and discuss the significant areas of risk to our business and summarize for the Board areas of compliance risk and appropriate mitigating factors. In addition, our Board receives periodic detailed operating performance reviews from management.
14