As a leading health insurer in the U.S, we maintain strong risk management practices in order to identify and manage potential risks. Since risks to our business may impact our members, other stakeholders, and our ability to deliver on our financial and strategic objectives, fostering risk awareness across the enterprise is essential.

The Enterprise Risk Management (ERM) team is responsible for facilitating the risk identification process, conducting quarterly and annual risk assessments and providing clear and timely reporting to executive leadership and the Board of Directors. ’s approach to risk management incorporates the Three Lines of Accountability model:

Three Lines of Accountability Model

First Line – Management

Corporate and business unit level leaders and operational management are responsible for identifying risks within their business areas and implementing appropriate mitigation strategies to address them.

Second Line – Enterprise risk and compliance functions

's enterprise risk and compliance functional areas, including ERM, Compliance, Data Privacy and Enterprise Security Risk Management, enable the ongoing identification of business risks and collaborate with first-line management to create and protect value.

Third line – Internal Audit

Internal Audit provides independent oversight of the first- and second-line functions, conducts independent assessments and makes recommendations for continuous improvement.

The primary goals of the enterprise risk management program are to enhance management's ability to identify and assess the Company's current risk status, gain insights on emerging risks, improve management's strategic and operational decision-making ability and provide clear and timely communication of cross-functional risks to management and the Board. The ERM group is responsible for facilitating the risk identification process, conducting quarterly and annual risk assessments and providing clear and timely direct reporting to executive leadership and the Board of Directors. Additionally, the ERM group annually performs quantitative and/or qualitative assessments of risk exposure in both normal and stressed environments for material risk categories, which include both financial and non-financial risks.

Practicing proactive risk management enables us to achieve our mission of transforming the health of the communities we serve, one person at a time. We offer risk management training focused on areas such as finance, third party, reputation and information security to all employees through 's online learning platform, University.