Our Company

Governance and Risk Oversight

  • Home
  • Our Company
  • Governance and Risk Oversight

Most of what goes right with an enterprise — and most of what goes wrong with it — can be traced back to decisions made at the top. Good corporate governance and risk oversight ensure that Dominion Energy remains a reliable steward of the resources in our care and a trusted partner to our customers and communities.

On this page
What you should know

Ultimate responsibility for the oversight of company performance and strategic direction rests with the Board of Directors, including on sustainability and ESG matters.

The Board has a separate committee dedicated to sustainability and corporate responsibility.

Dominion Energy has a firm commitment to human rights that is consistent with our company’s core values and cuts across all of our operations.

We expect our suppliers to meet the same standards we impose on ourselves.

Governance Structure

Good corporate governance ensures that Dominion Energy remains a proficient and trustworthy steward of the resources entrusted to our care. This accountability goes hand-in-hand with our core values of safety, excellence, ethics, embrace change and One Dominion Energy and is essential to preserving the long-term sustainability of Dominion Energy for our shareholders, employees, customers, the communities in which we work and the natural environment in which we operate.

At the top of the leadership pyramid sits the Board of Directors. It has a fiduciary duty to oversee the management of the company’s business and uphold shareholder interests. Accordingly, our Board of Directors has oversight of the company’s environmental performance and sustainability initiatives, along with our long-term growth strategy — which addresses the interests of shareholders and other stakeholders, including customers, employees, suppliers, our neighbors in the communities we serve and the environment.

We have a well-rounded and diverse board in the broadest sense — one that reflects a diversity of gender, race, age, board tenure, professional experience, community involvement, skills, geography and other attributes. In accordance with our Corporate Governance Guidelines, the Compensation, Governance and Nominating (CGN) Committee recommends director candidates who represent a mix of backgrounds and experiences that will enhance the quality of the Board’s deliberations and decisions. For biographical information, including key experience, attributes, skills and qualifications, for each of our directors, see our proxy statement.

The Board operates through four committees: Audit, CGN, Sustainability and Corporate Responsibility, and Finance and Risk Oversight. All four committees are composed entirely of independent directors, and we have an independent lead director who chairs the executive session of our independent, non-management directors at each regularly scheduled board meeting.

The Board’s structure and responsibilities are outlined in its Corporate Governance Guidelines, which also include the duties and responsibilities of our lead director and our director independence standards.

We review our governance documents and policies regularly and propose changes whenever new rules or regulations are introduced; or whenever changes are consistent with good governance practice and in the best interests of our company and our shareholders.

The Corporate Governance Guidelines, each committee’s charter, and other governance policies can be found on our Governance webpage.

Stakeholders may contact our non-management directors by clicking here for more information.

OR at

Board of Directors
c/o Corporate Secretary
Dominion Energy, Inc.
P.O. Box 26532
Richmond, VA 23261

Sustainability and Corporate Responsibility Committee

In 2018, the Board formed the Sustainability and Corporate Responsibility Committee, which assists the Board by:

  • Overseeing strategies, activities and policies regarding environmental sustainability, human talent management, corporate social responsibility and public issues of significance that may affect the company’s stakeholders;
  • Reviewing and discussing the company’s annual sustainability and corporate responsibility report and similar communications and reporting to stakeholders on environmental and social responsibility initiatives and activities; and
  • Monitoring company sustainability targets and receiving progress reports on achieving those commitments.

Human Rights

Dominion Energy believes every person has a right to be treated with dignity and respect; to exercise autonomy and self-determination; to receive fair and equal treatment; and to work in a safe and supportive workplace regardless of individual attributes or membership in a demographic class. This commitment to human rights is consistent with our company’s core values and cuts across all of our operations.

Workplace Expectations

Dominion Energy demands a humane workplace free from discrimination, harassment, physical coercion, hazing and any form of violence. Our values of Ethics and One Dominion Energy motivate us to promote an inclusive, productive and welcoming work environment. We expect our employees — especially our leaders — to act in a professional manner and treat one another with respect, honesty and decency. Respect in the workplace includes fostering a culture of diversity and inclusion. An inclusive environment encourages the coming together of different talents, thoughts and energies.

Under no circumstance should any employee, contractor or other agent, or job applicant be treated less favorably because of race, color, ancestry, sex, gender, religion (including religious dress and grooming practices), national origin, age, actual or perceived physical or mental disability, medical condition, genetic information, sexual orientation, gender identity or expression, military or veteran status, marital status, status as a victim of domestic violence or any other classification protected by state, federal or local law.

As part of our commitment to safety, we will not tolerate any form of workplace violence. Violence includes any verbal or physical conduct that causes someone to fear for his or her personal safety, the safety of coworkers or the safety of company property.

Supervisors have an additional responsibility to set an example through their own conduct. Leaders are expected to keep lines of communication open so employees feel comfortable asking questions and reporting concerns. Leaders must ensure that employees are fully trained about the company’s policies regarding individual rights, non-discrimination, diversity and inclusion.

Employees who have concerns can contact the Dominion Energy Compliance Line (1-800-628-1798) twenty-four hours a day, seven days a week or go online to visit our Dominion Energy Compliance Line Online. Employees who know of workplace violence or suspect it might be imminent should contact corporate security.

Dominion Energy values openness and respects the contributions of employees who help enforce its code of business conduct. The company does not tolerate retaliation against any employee who in good faith reports suspected unethical conduct or violation of laws, rules, regulations or company policies, or anyone who cooperates with the investigation of a concern.

Supplier Expectations

Dominion Energy contracts with hundreds of vendors, and — where we can — we use diverse suppliers. For more details, see the “Supplier Diversity” section of our chapter on Community Development.

We hold all our suppliers to the same expectations, beginning with full adherence to all applicable legal and regulatory obligations, including those governing consumer and environmental protection, labor relations and employee welfare. In addition, we have our own Supplier Code of Ethics and Business Conduct. It outlines our standards and expectations with regard to safety, workplace conduct, supplier diversity, conflicts of interest, environmental stewardship, human rights, antitrust and privacy.

Suppliers must comply with Dominion Energy’s commitment to a humane workplace free from discrimination, harassment, physical coercion and any form of workplace violence. Suppliers have a responsibility to uphold Dominion Energy’s commitment and report any acts of harassment, intimidation or coercion related to race, color, ancestry, sex, gender, religion (including religious dress and grooming practices), national origin, age, actual or perceived physical or mental disability, medical condition, genetic information, sexual orientation, gender identity or expression, military or veteran status, marital status, status as a victim of domestic violence or any other classification protected by law.

Dominion Energy’s suppliers shall support and respect internationally recognized human rights. Suppliers shall not use, or participate in, the exploitation of workers, or forced or involuntary labor. Child labor is not acceptable. Suppliers shall not employ any person under the minimum legal age for employment as prescribed by local authority, and no workforce members under age 18 shall perform work that may expose them to inappropriate hazards. Suppliers are expected to ensure that wages, benefits and hours of work comply with all applicable laws and regulations.

Dominion Energy has a responsibility to safeguard the personal information of its stakeholders, and it expects its suppliers to do the same. Suppliers who are provided with confidential information regarding Dominion Energy’s customers, shareholders or employees have an ethical and legal responsibility to preserve the privacy, confidentiality and security of this information, and use it only for appropriate business reasons and in compliance with applicable privacy laws and contractual requirements. At Dominion Energy, privacy is an important part of how we do business, and we expect our suppliers with access to personal information to protect it and collect, maintain and transmit such information securely.

If a supplier becomes aware of any violation of legal requirements, Dominion Energy policies or the Supplier Code of Ethics and Business Conduct, the supplier should notify Dominion Energy’s Supply Chain Management by calling the Dominion Energy Compliance Line at 1-800-628-1798 or by using the Dominion Energy Compliance Line Online.

Risk Oversight

Dominion Energy’s Board of Directors oversees our long-term strategy and the various risks the company faces, including climate-related risk. The Board believes that the company’s interests are advanced by responsibly addressing these risks, no matter who raises them — employees, customers, the communities in which Dominion Energy operates or external observers such as non-governmental organizations (NGOs) and advocacy groups.

While the Board and its committees oversee risk policies, company management carries them out. The company has robust enterprise risk management (ERM) processes embedded throughout the organization that help identify and manage risk. The Board and its committees regularly receive and discuss reports from members of management, including the chief risk officer and chief information officer, who are involved in risk assessment and risk management on a daily basis. These reports cover a wide range of topics including safety; environmental, employee and customer concerns; social responsibility; and financial performance, economic issues and long-term strategy.

We identify and assess, at least annually, major risks associated with each of our key business units. Risk assessments also are conducted at a corporate level for Dominion Energy, Inc. These assessments include a wide range of educated assumptions about what the future will look like, especially in regard to external factors outside the company’s control. The company’s approach has always been to employ the Precautionary Principle — which is to minimize known risks and mitigate risks that are not yet fully understood, but for which “road signs” provide some indication of a possible future event or outcome.

We are committed to discussing our approach to risk management in our external reporting, including in our regular Securities and Exchange Commission (SEC) filings. We detail our approach to climate-related risks specifically in our Climate Report published in late 2018. Here are links to those reports.

SEC Filings Climate Report


Our analysis of risk is closely linked to opportunities — especially those related to the ongoing clean energy transition.

Our focus on these opportunities starts at the top. Our Innovation, Technology, and Sustainability (ITS) Council — chaired by our CEO — drives the execution of strategic programs across the company. The ITS Council seeks input from a variety of sources, including our internal Innovation team and third-party technical advisors. It then ensures that teams throughout the company are deployed to carry out development and execution of the initiatives.

As the chart below indicates, we are pursuing a wide range of programs — including some we are not yet ready to disclose. The lettered blocks do not represent placeholders, but real programs in various stages of development.

Chart showing a wide range of innovative programs at Dominion Energy.

Many of our programs are focused on the electrification of different sectors of the economy, where we see considerable opportunity. For example:

  • Electrification of the transportation sector: Electric cars and trucks not only will sharply increase the demand for power generation, they also will need extensive refueling infrastructure; and
  • Shore power, which would connect vessels in port to the mainland electric grid, eliminating the need to burn dirty bunker fuel to power shipboard operations.

Another opportunity involves the increasing need for utility-scale energy storage to support intermittent renewable generation sources such as solar and wind. Dominion Energy already operates the world’s largest rechargeable battery: a 3,003-megawatt pumped-storage power station in Bath County, Virginia. (For more information, see the section on Clean Energy Diversity & Security). We are exploring the potential for other pumped-storage facilities as well.

We also are looking at opportunities involving distributed energy sources; have launched programs to provide smart thermostats to customers; are piloting a program to partner with home builders to design and build net-zero homes; and are using our infrastructure to serve as a middle-mile provider of broadband internet service, partnering with builders to develop sustainable communities; and more.


Protecting Critical Infrastructure

Generating and transferring energy is necessary for health and safety, national security, maintaining the economy and sustaining our way of life. If the energy grid is disrupted, people can lose their livelihoods. That’s why we employ an extensive system of rigorous security protocols, overseen by experts who work directly in protecting against cyberattacks. We continuously improve our security controls, going beyond compliance with regulations and continuously identifying opportunities to improve our security posture.

Our Strategy

We deploy cybersecurity systems using a defense-in-depth approach, continuously strengthening our posture to identify and prevent external attacks as well as insider threats. We revise the cybersecurity strategic plan at least annually, and provide status updates and performance metrics to the board of directors and senior leadership. We educate employees about cybersecurity threats through security-awareness training and test them regularly. We conduct vulnerability scans and penetration tests to find weak points in our defenses. We take part in cybersecurity drills and simulations to make us better at responding to cybersecurity threats and events. We validate recovery procedures and system resiliency to ensure we can return critical systems to normal operating levels in a timely manner.

Combatting Threats

We prioritize cybersecurity investments and activities based on three primary components:

  • Situational Awareness: We cooperate with information-sharing organizations in the energy sector — as well as local, state and federal agencies — to gain insight into, and actionable intelligence about, cyber threats.
  • Security Controls: Our controls include both digital defenses such as malware detection and human ones such as phishing simulations that teach employees how to be on guard against malicious emails.
  • Assessments: We use internal and external vulnerability assessments, penetration tests, drills and simulations to search continuously for security gaps and improvement opportunities. We leverage both internal resources and third parties that specialize in security services to perform the assessments. We conduct drills with other utilities, regulatory agencies and law enforcement.

In 2018, we trained employees on two major cyber-security topics: phishing and data protection. To improve cybersecurity proficiency even further, we published multiple security-awareness articles per month on the company intranet.

We conducted drills to sharpen the communication between internal cyber security operations, physical security and incident command, to improve our response to a simultaneous attack on company assets across many areas of the company, and to advance communication response with industry groups. After each drill we identified the lessons learned, and made appropriate changes to our response plan.

Our four vulnerability scans were concluded on schedule, followed by the remediation of critical findings to protect our infrastructure. We executed eight penetration tests of a wide range of company assets, from industrial control systems to our new standard workstation, allowing us to identify and address issues to protect critical systems. Cyber-vulnerability assessments conducted in accordance with the North American Reliability Corporation were completed at the end of the year.

Safeguarding Sensitive Information

Our customers, shareholders and employees trust us to keep their information secure, and doing so forms an essential component of our cybersecurity strategy. Because our people provide the first and last line of defense, employees receive annual training on how to protect information. The more sensitive the data, the higher the level of security controls we apply. We have beefed up both the monitoring of threats and protections against them to help make sure that sensitive data, such as customer personal information, remains secure.

Managing Change

The threat landscape is constantly changing. As we deploy more intelligent devices to modernize the grid and improve reliability and efficiency, our risk profile changes. Because of that, we continuously seek to strengthen cyber defenses, secure critical system-to-system communications against unauthorized access and increase the resiliency of business operations. We continue to improve awareness training to help workers better identify malicious communications and report suspicious activities. And we routinely use information gathered during drills and penetration tests to shore up any weaknesses we find and improve those defenses that are already robust.

Facebook Instagram LinkedIn Twitter Youtube