BY USE CASE
Secure Distributed Work
We’re redefining responsible corporate governance by acting with integrity and ethics in everything we do.
With an expanded focus on sustainability by our Executive Leadership Team and Board of Directors (Board), our business strategy is increasingly influenced by ESG factors. Sustainability considerations impact both how we develop new technology solutions and how we manage our day-to-day operations.
In the process, we’re redefining what it means to be a sustainable business, by enabling social, environmental, and financial benefits through the products that our more than 100 million users across 100+ countries rely on.
The pandemic erased any doubt that sustainability must be integral to our business approach. With the extreme human and economic impacts that the crisis laid bare, companies had to adapt quickly to ensure business continuity and survival.
We’re honored that Citrix products helped many of these companies remain viable during this uncertain time, and, as an unexpected consequence, also see sustainability benefits as they transitioned to a hybrid work model.
Citrix’s commitment to sustainable business practices could not be achieved without strong governance to push our agenda forward. Being grounded in integrity and ethics, we are better prepared to effectively and responsibly manage ESG issues.
To that end, we augmented our ESG initiatives in 2020—evaluating our own global operations and sustainability strategy to identify opportunities for improvement. We also added an ESG component to our executive officer’s variable cash compensation plan for 2021, to ensure that our leadership is incentivized to put ESG front and center.
Our Board maintains oversight of Citrix’s ESG practices and their impact on our business and key stakeholders. We recognize that effective oversight of these matters is critical to our long-term success.
The Board’s Nominating and Corporate Governance Committee provides formal oversight of Citrix’s policies and practices involving corporate responsibility and ESG issues. Our management team regularly updates this committee regarding its expanded ESG program and progress on implementation of ESG goals and targets.
Central to our responsible governance approach is our commitment to increase transparency through ESG-related disclosures and the adoption of metrics-based ESG reporting.
Some key ESG issues the Board was challenged with in 2020 include cybersecurity risks, climate change impacts on operations and the business continuity implications of the pandemic. From engaging our key stakeholders, we know there is also increased interest in Board oversight of social topics such as diversity, inclusion and belonging, and human capital management. In response to stakeholder and community calls for social justice and racial equity in 2020, we’ve bolstered our focus on social initiatives and Board-level oversight of these programs, including our Diversity, Inclusion, and Belonging strategy.
To learn more about management’s approach to, and oversight of, specific sustainability issues, please review the Data Index.
Each time we evaluate our leadership structure, add a new director or change the composition of our Board committees, we do so in a way that ensures the right skills, experiences, and perspectives are brought to our meetings and discussions. Over the past five years, we have added five new independent directors. We are pleased that JD Sherman and Bob Knowling joined our Board in 2020, offering extensive combined experience in leadership, management, technology, and operations. Please see page 13 of our 2021 Proxy Statement for more information on considerations for nominations of directors.
The pandemic exacerbated existing risks and presented new ones for our stakeholders and our business. In 2020, a major component of the Board’s focus was on the risk assessment and oversight of these emerging and urgent risks.
Our Board plays an active role in reviewing Citrix’s corporate strategy and priorities, holds management accountable for creating a culture that actively manages risk and has direct decision-making authority on significant risk matters.
Each committee is responsible for overseeing certain aspects of risk management, particularly those related to our corporate strategy, including product strategy, corporate development, mergers and acquisitions, executive officer succession, business continuity, crisis preparedness, and competitive and reputational risks.
The Board’s Audit Committee oversees risks identified and addressed by our Enterprise Risk Management (ERM) program and Citrix’s global risk management framework. The ERM program process is a company-wide initiative that represents an integrated effort to:
Identify, assess, prioritize, and monitor a broad range of risks; and
Formulate and execute plans to monitor and, to the extent possible, mitigate the effect of those risks.
As part of its oversight function, the Audit Committee regularly reviews with management the compliance policies and processes by which our exposure to certain significant areas of risk—including climate-related risk—is assessed and managed. This Committee discusses major financial risk exposures and the steps that management has taken to monitor and control these exposures.
Fighting climate change is vital for maintaining a strong economy and a livable planet. A risk mitigation plan is only as sound as the data behind it. In 2020, Citrix took steps to identify, measure and monitor our climate-related risks, calculating our Scope 1, Scope 2, and Scope 3 GHG emissions, formulating a baseline and setting ambitious 2030 carbon reduction targets.
Being aware of our impact, and being accountable for disclosing it, helps us to manage our carbon footprint and climate-related risks. In August 2020, we submitted corporate climate data and strategy information to CDP. We received a B score in the Climate Change category and plan to continue responding to CDP moving forward.
We also used this year’s report to assess our climate-related financial risks, as demonstrated by the inclusion of our inaugural Task Force on Climate-related Financial Disclosures Index. Learn more about our climate risk mitigation efforts in our 2020 CDP Climate Change disclosure and the Environment section of this report.
We are committed to protecting information belonging to the company, our customers, partners and employees. We continue to advance our technology, data, and information security (TDIS) oversight, risk management and governance programs, through organization, technical, and operational investments and internal and third-party validations.
In 2020, cyber-related risks intensified as a result of COVID-19. The pandemic accelerated digital transformation across all sectors, making IT and security teams more distracted and vulnerable to attack. As Citrix customers and employees shifted to a hybrid work model, there was concern for how this transition might impact their technology, data and information security.
As cybersecurity risks became more acute for our own business as well as our customers’, the task of maintaining the security of Citrix’s products, services, and networks—including securing data and preventing cyber-attacks—became urgent.
Based on this, we identified TDIS as an enhanced risk, and decided to work with an external firm to conduct an independent cybersecurity risk assessment in 2020. With the results in hand, we set to work to advancing our security management program and practices.
In 2019, we formed a new Board committee, called the TDIS Committee that is responsible for overseeing information technology policies, plans, and programs relating to enterprise cybersecurity and data protection risks, as more fully described in the Committee charter.
In 2020, the committee met six times, with a focus on overseeing security risk and program developments.
Customer protection is our priority. Our TDIS strategy benefits Citrix customers by incorporating advanced technologies with a focus on cybersecurity and data privacy. Because we design our products around our TDIS philosophy—with centralized delivery, visibility, and control of apps and data—security is built into the core of our solutions and practices. The Citrix Trust Center provides the latest information on our approach to security, privacy, and compliance.
University of Cambridge chose Citrix Workspace to deliver an efficient, sustainable, secure desktop, and gained work-from-home continuity when COVID-19 struck. With Citrix Workspace, the university can secure confidential medical and research data without compromising user experience or the ability to work on the data within its secure haven.
Listening to, and engaging with, our stakeholders supports our ability to create long-term shared value for our business, customers, investors, and society at large. In 2020, we engaged our key stakeholders as part of our materiality assessment process, to help us identify and prioritize key ESG topics.
On an annual basis, senior management and our Board conduct outreach to a broad group of shareholders to better understand their perspectives on our strategy, governance, executive compensation, and sustainability practices. This feedback is highly valued, as it influences our policies and approaches to material ESG issues. We share these insights with the Board on an ongoing basis. In 2020, members of the Board and senior management engaged with investors representing nearly 21 percent of shares outstanding.
In early 2020, we conducted our first full materiality assessment to help us identify, assess and refine the relevant ESG risks and opportunities that impact our business and are most important to our key stakeholders. The process helps us to prioritize a list of issues that inform our reporting, strategy, key performance indicators, and targets.
The materiality assessment resulted in identifying these focus areas:
We plan to conduct a materiality assessment on a biennial basis moving forward.
We are committed to upholding the highest standards of business ethics and corporate governance in alignment with our core values. We honor our responsibilities to customers, employees, partners, shareholders, the environment, and communities where we live and work.
Our Board and its committees administer all aspects of our corporate governance and must follow our Corporate Governance Guidelines. In the process, they promote responsible and ethical decision-making and provide an independent and objective source of advice and oversight as we pursue our goals.
Our Code of Business Conduct provides guidelines to our Executive Leadership Team and employees worldwide on their ethical and legal responsibilities, and clearly describes our values, policies, and practices. We expect the Citrix community to commit to reading, understanding and complying with this Code, Citrix policies and all applicable laws and regulations. Similarly, we expect our suppliers, vendors, partners, distributors, resellers, subcontractors, agents and their employees, personnel, and contractors to agree to our Supplier/Partner Business Code of Conduct.