Page 561 - COSO Guidance
P. 561

1. Governance and culture for ESG-related risks




                Consider opportunities for embedding ESG in the entity’s culture and core values
                Be informed of the ways to increase board awareness of ESG-related risks
                Map the operating structures, risk owners for ESG-related risks, reporting lines and end-to end ERM and
              strategic planning process to identify areas for improved oversight and collaboration
                Create opportunities for collaboration throughout the organization
                Embed ESG-related skills, capabilities and knowledge in hiring and talent management to promote integration

            Oversight and governance for ESG
            Each organization has its own approach to oversight and governance. The King IV Report on Corporate
                                    3
            Governance for South Africa  (King IV report), published in 2016, provides one perspective on what defines
            good governance in the context of ESG-related business and societal changes, such as inequality, climate
                                                                                                 a
            change, radical transparency and rapid technological and scientific advancements. The King IV report  offers
            a principles-based approach to ethical and effective leadership by the governing body in pursuit of defined
            outcomes, that include an ethical culture, good performance, effective control and legitimacy. Some of the King
            IV report recommendations that can help support ESG-related risk governance include: 4
            •  Establishing a social and ethics committee as a prescribed board committee.
            •  Emphasizing the critical role of stakeholders in the governance process. The board should consider the
              legitimate and reasonable needs, interests and expectations of stakeholders, while recognizing the role of
              stakeholders to hold the board and the company accountable for their actions and disclosures.
            •  Having a strong focus on opportunity management as well as risk management – so task the risk committee
              with identifying opportunities linked to certain risks.
            •  Requiring the board to pay specific attention to opportunities in the strategic planning process.

            Responsibilities to manage ESG-related risk
            ESG-related risks are often characterized as evolving, interconnected, longer-term or less familiar to an
            organization and, therefore, difficult to manage effectively. However, the potential impact of these risks on
            an organization’s performance can be significant, and so the responsibility for the organization to manage
            these risks is no different than for any other business risk. Even when ESG issues are managed by a separate
            function, such as a corporate social responsibility or sustainability department, integrating ESG-related risks
            into the core ERM structures and processes of the organization is critical for supporting an entity and its
            directors to meet their responsibilities.
            This section outlines some of the regulatory and voluntary ESG-related obligations that may drive an entity’s
            responsibilities in relation to ESG-related risks.


              Questions for risk management and sustainability practitioners to consider:
              •  Has the entity had financial, operational or reputational issues in the past because of an ESG-related event?
              •  What are the ESG-related regulations, requirements or obligations in the entity’s markets? Are there risks
                that coincide with a failure to adhere to these regulations, requirements or obligations?
              •  How are relevant regulations, requirements or obligations communicated to leadership and integrated
                into operations?
              •  Does the entity have a clear message on how its mission, vision, core values or long-term strategy considers
                ESG-related risks?
              •  Which policies, statements or voluntary commitments have the entity made in relation to ESG issues?


            Regulatory responsibilities
            In many countries, financial, health and safety and environmental regulators may bring civil or criminal penalties
            to a company executive or employee found mismanaging ESG issues. For example, in 2015, two former Quality
            Egg LLC (a US-based consumer products company) executives were found to be criminally liable for their roles
            in a 2010 salmonella outbreak – due to their knowledge that the egg facilities were at risk of contamination. Fines
            were issued to both the company (USD$6.8 million) and the executives (USD$100,000 each).
                                                                                           5

            . . . . . . . . . . . . . . . .
            a   The King IV Report has been designed to apply to listed and unlisted companies, for-profit and non-profit as well as private and public entities.
        14                             Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks  •  October 2018
   556   557   558   559   560   561   562   563   564   565   566