Page 582 - COSO Guidance
P. 582
2. Strategy and objective-setting for ESG-related risks
Risk appetite in action
The Gold Coast Waterways Authority (GCWA) developed a risk appetite statement that covers the critical
72
risk categories (e.g., strategic, operations, environmental, community and resilience) within its risk register.
Some examples of the GCWA’s risk appetite statements relating to ESG-related risk include:
Environmental
• A very low risk appetite for activities or events with significant environmental impacts
• A very high risk appetite for activities that have net environmental benefits
Community
• A low risk appetite for activities that present safety risk to people using waterways
• A very low risk appetite for activities that amplify the risks associated with peak visitor times
• A very low risk appetite for unauthorized activities
• A very low risk appetite for behaviors that compromise the safety of other waterways users,
the environment, infrastructure and property
Evaluating alternative strategies and formulating business objectives
As part of strategy and objective-setting, organizations typically evaluate different strategic alternatives. In
doing so, they assess the risks and opportunities of each option, which may include:
• Evaluating the possibility that the strategy does not align with the mission,
vision and core values of the entity. For example, consider a pharmaceutical Guidance
company that is evaluating the strategy of significantly increasing the price of
drugs for which competitors have left the market. This may be at odds with its Consider the
mission of providing affordable health care to patients. ESG-related risks
• Evaluating the implications from the chosen strategy. For example, in 1999, that will impact the
Skanska (a Swedish construction and materials company) acquired an entity’s strategy
Argentinian company and began operating in South America. The company or objectives
soon learned the implications of applying what would be considered a routine
business ethics policy in Europe or North America to such a diverse range of operations, in a region often
73
characterized by unlawful employment practices.
• Evaluating whether a potential business objective can be achieved given the risk appetite or resources available
to the entity. For example, before setting a target to procure 100% certified or organic raw materials, a company
needs to assess the availability of organic product and potential risks to that availability.
Making changes to strategy
Typically, organizations hold periodic strategy-setting sessions to outline both short-term and long-term
strategies. According to the COSO ERM Framework, a change in strategy may be warranted if:
• The organization determines that the current strategy fails to create, preserve or realize value
• A change in business context causes the entity to get too near the boundary of risk it is willing to accept
• Resources and capabilities are required that are not available to the organization
• Developments in business context results in the organization no longer having a reasonable expectation
that it can achieve the strategy 74
Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks • October 2018 35
