2021 Owens Corning Sustainability Report | Our Approach | Risk Management | 58 OUR APPROACH Oversight and Management Enterprise Risk Management (ERM) is owned by the executive committee, who delegates its management to the risk committee. The executive committee then monitors the risk committee’s management of ERM, culminating in a final review by the audit committee of the board. The risk committee is responsible for overseeing and monitoring our risk assessment and mitigation actions. The risk committee is not a board committee; instead, it is a cross- functional committee that includes members across many areas of expertise. It is also structurally independent of our business lines. This internal group identifies risks and mitigation strategies, and it provides key updates to executive officers and the audit committee. In 2020, the risk committee’s membership was amended to ensure greater diversity of thought related to risk, including more functions and expanded geographic representation. Members from corporate functions include internal audit, legal, treasury, corporate strategy and financial planning, sourcing and supply chain, and IT. They were joined by individuals representing operations, human resources, commercial strategy, and science and technology within the businesses. In addition, safety and environmental concerns were expanded in the core risk register, which increases the extent to which sustainability issues are embedded into the enterprise-wide risk process. The risk committee reports to the executive committee, and it is specifically sponsored by both the chief financial officer and general counsel, who are themselves members of the executive committee. In support of these efforts, the independent corporate audit function systematically addresses risk throughout the organization. Audit results are reviewed with the audit committee of the board of directors, which has primary responsibility for assisting the board’s oversight of risk. The audit committee’s responsibilities include: ■ Discussion of guidelines and policies that govern the process by which senior management and relevant departments access and manage the company’s exposure to risk. ■ Annual review of, and quarterly updates on, identification of Owens Corning’s key risks, major financial exposures, and related mitigation plans. ■ Oversight of our management of the key risks and major financial exposures that fall within the audit committee’s specific purview. Photo submitted by: Jan-Christian Stenroos | Parainen, Finland A Paroc employee inspects plant machinery. ■ Assurance that the board and its committees oversee our management’s key risks and major financial exposures within their respective purviews. ■ Quarterly evaluation of the effectiveness of the above- referenced process of oversight. In addition to the ERM process, three board committees — compensation, finance, and governance and nominating — review and evaluate risks associated with their respective areas. Each board committee reports on its respective risk management activities to the board, and the board then considers such reports. Between annual reviews, the registers are reviewed by the business stakeholders, and the risk committee meets quarterly to discuss any applicable updates. The risk registers are also reviewed quarterly by both the audit committee and the executive committee, regardless of any planned updates, to ensure that no risks are missed by the risk committee. Should any material updates be made, these are then reviewed with the executive committee and audit committee of the board as well. Owens Corning identifies and manages risk across economic, environmental, and social domains. Our forward-thinking, holistic approach to managing risk enables us to make effective business decisions that help us build long- term financial goals and shape our future success.