GUIDEWIRE SOFTWARE, INC.
RISK COMMITTEE CHARTER
Adopted September 17, 2019
The purpose of the Risk Committee (the "Committee") of the Board of Directors (the "Board") of Guidewire Software, Inc., a Delaware corporation (the "Company"), is to assist the Board in its oversight of the Company’s management of Key Risks (defined below), as well as the guidelines, policies, and processes for monitoring and mitigating such risks.
“Key Risks” within the purview of this Committee include risks related to:<
- operations, including business continuity;
- information security; and
- data management/privacy.
The full Board will continue to oversee risks related to the Company’s strategy, business execution, and competition. The Audit Committee will continue to assist the Board in its oversight of financial risks (including credit and counterparty risks, market risk, asset and liability risk, liquidity risk, foreign currency risk, and investment policy and risks), enterprise risk management, internal controls, taxation risk, legal and regulatory compliance, contingencies and liabilities, and business ethics. The Compensation Committee will continue to assist the Board in its oversight function of risks related to the Company’s compensation policies and practices. Any risks not outlined herein will been overseen by the Board or the Audit Committee, as decided by the Board.
In furtherance of these purposes, the Committee will undertake those specific duties and responsibilities listed below and such other duties as the Board may from time to time prescribe.
The Committee members shall be appointed by, and shall serve at the discretion of, the Board. The Committee shall consist of no fewer than two members of the Board. The Board may designate one member of the Committee as its chair. The Committee may form and delegate authority to subcommittees when appropriate. Members of the Committee shall not have a relationship with the Company or its affiliates that may interfere with the exercise of their independence, and shall otherwise be deemed “Independent Directors” as defined by the listing standards of the New York Stock Exchange (the “NYSE Rules”).
RESPONSIBILITIES AND DUTIES
Risk assessment and risk management are the responsibility of the Company’s management. The Committee has an oversight role and, in fulfilling that role, it relies on the reviews and reports described below. The following are the duties and responsibilities of the Committee:
- To review and discuss with management Key Risk exposures; the steps the Company has taken to detect, monitor and actively manage such exposures; and the Company’s risk assessment and risk management policies relating to such exposures. To regularly report to the Board the substance of such reviews and discussions.
- To review and discuss with management the tone and culture within the Company regarding Key Risks, including open risk discussions, and integration of risk management into the Company’s behaviors, decision making, and processes.
- To receive, as and when appropriate, reports from the Company’s corporate audit and compliance staff on the results of risk management reviews and assessments, as related to Key Risks.
- To review periodic reports from the Company’s Chief Information Security Officer, and other members of management as appropriate, regarding ongoing enhancements to, and overall effectiveness of, the Company’s risk management program relating to Key Risks.
- To review management actions on significant compliance matters related to Key Risks and the Company’s compliance with applicable Key Risks laws and regulations.
- To review reports on selected Key Risks topics as the Committee deems appropriate from time to time.
- To undertake any other responsibilities expressly delegated to the Committee by the Board from time to time.
In performing its duties, the Committee shall have the authority, at the Company’s expense, to retain, hire and obtain advice, reports or opinions from internal or external legal counsel and expert advisors.
The Committee will meet as often as may be deemed necessary or appropriate, in its judgment, in order to fulfill its responsibilities. The Committee may meet either in person, telephonically or via video conference, and at such times and places as the Committee determines. The Committee may establish its own meeting schedule, which it will provide to the Board when requested. The Committee may invite to its meetings other Board members, Company management and such other persons as the Committee deems appropriate in order to carry out its responsibilities.
The Committee will maintain written minutes of its meetings, which will be filed in the Company minute book.
The Chair of the Committee shall make regular reports to the full Board on the actions and recommendations of the Committee.
Members of the Committee shall receive such fees, if any, for their service as Committee members as may be determined by the Board in its sole discretion.
- Financial Expert
- Independent Director