Page 564 - COSO Guidance
P. 564
1. Governance and culture for ESG-related risks
Some considerations for enhancing ESG culture and integration include:
23
• Do the organization’s mission, vision and core values address ESG-related risks?
• Does the tone from the organization’s leaders convey expectations on ESG?
• Does management carry out the entity’s mission, vision, core values and strategy?
• Is the entity hiring the right talent and is the selection process compatible with building an inclusive and
talented workforce that reflects its business needs?
• Does the entity tie compensation and promotion decisions to the metrics that advance performance on
critical ESG issues?
• Is the entity empowering people and giving authority to teams that can make decisions by considering ESG
information reflecting local knowledge?
• Is the entity’s culture promoting employee behaviors that are consistent with priorities?
For more information on embedding sustainability into corporate culture, refer to Embedding Sustainability in
Organizational Culture: A How to Guide for Executives. 24
ESG at the board level
In accordance with the COSO ERM Framework, the board “provides oversight of the company’s strategy
and carries out governance responsibilities to support management in achieving its strategy and business
objectives.” These responsibilities apply to any governing body that provides
25
organizational oversight. e
Questions for risk management and sustainability practitioners to consider:
• Is the board aware of the ESG-related risks that may impact achievement of the entity’s strategy
and objectives?
• Is there an escalation path within the organization that ensures that material ESG-related risks are
brought to the attention of the board?
• Does the board have access to the information needed to evaluate risks emerging from ESG trends?
• Does the board have the relevant capabilities and capacities to appreciate the implications of
ESG issues?
• Is there a subcommittee focused on ESG-related risks?
• Are significant ESG-related risks and resources for the entity’s control and management confirmed
regularly by the board?
• Does the board charter capture governance of ESG-related risks?
• Is the board receiving regular reports about ESG-related risks?
• What are board members’ expectations relative to ERM and ESG?
Overseeing the full spectrum of risks requires boards to have an adequate
understanding, appropriate information and experience/expertise to guide the Guidance
organization through the ESG-related risks that may threaten the business
strategy or objectives. Be informed of the
To achieve this, the board may require regular briefings on relevant ESG ways to increase
matters and the entity’s approach to managing them. Organizations with more board awareness of
26
mature ESG programs may have established specific responsibilities at the ESG-related risks
board or committee level to monitor and report back on significant ESG issues
or risks.These approaches for enhancing ESG-related risk awareness at the
board level are described in Table 1.2.
. . . . . . . . . . . . . . . .
e The COSO ERM Framework uses the term “board of directors” or “board” to encompass the governing body, including board, supervisory board, board of trustees,
general partners or owner.
Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks • October 2018 17
