Page 568 - COSO Guidance
P. 568

1. Governance and culture for ESG-related risks




               risk ownership and develop more innovative solutions to address ESG-related risks. In a fully integrated
               approach, risk management and sustainability practitioners, along with other subject-matter experts, may
               work in formal and symbiotic partnerships, such as a cross-functional risk committee. Under this approach,
               all risks, whether financial, environmental, governance related, technological, social or other, are considered
               as part of a single process.
               An emerging trend among some large corporations is to combine the risk and compliance function with
               the function that manages ESG issues (particularly human rights). The change comes as part of a growing
               recognition that protecting the organization’s reputation and mitigating its risks requires a more coordinated
               and integrated response. Combining these functions can give a better view of the risks faced as an organization
               and how those risks could impact the ability to deliver on strategic priorities. Part of this emerging shift is
               driven by the increased focus of activists using social media to shame entities that displease them and among
               governments to hold companies to account for the impact their decisions have. 37

               Leveraging skills, capabilities and knowledge
               Applying ERM to ESG requires a multi-disciplinary approach from       Guidance
               experts and practitioners across the entity. In some cases, it may
               also require external expertise. Sustainability practitioners possess
               knowledge about stakeholder expectations, potential environmental     Embed ESG-related skills
               and social-related risks and opportunities and how these may be       in hiring and talent
               best avoided or leveraged. Risk management practitioners possess      management to
               knowledge and skills in risk identification, assessment and prioritization      promote integration
               and in implementing responses and tracking effectiveness.
               Table 1.4 highlights some of the skills, capabilities and knowledge that risk management and sustainability
               practitioners may possess. Transferring or sharing these skills can support ESG integration. Organizations
               should consider embedding these ESG risk-related skills, capabilities and knowledge in hiring and
               talent management.


               Table 1.4: Example of skills, capabilities and knowledge that can be transferred or shared

                  Risk management practitioner                  Sustainability practitioner
                •  Knowledge of the end-to-end ERM process and the timing    •  Understanding of ESG-related megatrends and how these might
                  of ERM and strategic activities               compound other risks or impacts
                •  Escalation path to senior management and the board    •  Knowledge of the widely accepted frameworks that can support
                  (or committees) for critical risks            an understanding of ESG issues to business and society
                •  Proficient in ERM frameworks, such as COSO, and in    •  Technical understanding of ESG-related risks, such as detailed
                  understanding the financial, operational and strategic    knowledge of the company’s carbon inventory and the levers to
                  impacts of risks                              reduce or mitigate the related risk
                •  Understanding of the broader risk landscape   •  Leadership capability to present ESG issues and related
                                                                business risks to management and the board
                •  Capability to deploy tools or approaches used to assess
                  financial risks (e.g., scenario planning, Monte Carlo    •  Knowledge of broader stakeholder landscape and their
                  simulation) that may be leveraged for ESG-related risks   priorities on ESG issues (shareholders, customers,
                                                                employees, unions, NGOs)
                •  Skills in assessing the impact in terms of profit, loss and
                  capital allocations                         •  Understanding of current ESG initiatives in place to
                                                                mitigate risk or capture value and opportunity
                                            Transfer or share skills, capabilities and knowledge

               Risk management, sustainability and other functions working to identify and manage risks should build a
               common purpose and understand how their composite skills, capabilities and knowledge can contribute to
               that purpose. Entities may develop education programs to share risk or ESG-related best practices across the
               company, such as:
               • Identified risks and responses across business units
               • Effective mitigation strategies
               • Lessons learned
               • Certification or training in ERM
               • Tools and resources used for assessing risks







               Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks  •  October 2018  21
   563   564   565   566   567   568   569   570   571   572   573